Offensive security research hub Discover original 0-days, detailed advisories, and stories behind the offensive security research team at Pentest-Tools.com. Explore latest findings.

Chain it with PTT-2025-026 and you're looking at a 9.8 Critical unauthenticated RCE. One array to rule them all! 💍

Full PoC here: pentest-tools.com/research

#offensivesecurity #vulnerabilityresearch #infosec #accounttakeover

Offensive security research hub Discover original 0-days, detailed advisories, and stories behind the offensive security research team at Pentest-Tools.com. Explore latest findings.

Our colleagues Matei "Mal" Bădănoiu and Raul Bledea did the digging. Full PoC and exploit is added here: pentest-tools.com/research

#offensivesecurity #vulnerabilityresearch #infosec

Google Paid $17.1M For Bugs In 2025
Read More: buff.ly/sGUNuDf

#BugBounty #GoogleVRP #VulnerabilityResearch #SecurityResearchers #ResponsibleDisclosure #CyberInnovation #AppSec #Infosec

Interested in the dark witchcraft of Windows Kernel Exploitation? Check out our training courses:
www.exploitpack.com/collections/...

#cybersecurity #exploitdevelopment #vulnerabilityresearch #windowskernel #exploitdev #reverseengineering #offensivesecurity #infosec #cyberattack #training

The new Offensive Security Research Hub on Pentest-Tools.com (led by Matei Badanoiu) shares the full discovery path: from anomalous behavior to validated vulnerability.

Original research for the hacker community: pentest-tools.com/research

#vulnerabilityresearch #infosec

Many thanks to Matei Badanoiu, Raul Bledea and Eusebiu Boghici for their contributions.

#offensivesecurity #vulnerabilityresearch #pentesting #infosec

Out of curiosity: how often do you still run into 10+ year-old libraries during engagements?

Bookmark this link, we're going to update it frequently with new learnings: pentest-tools.com/research

#vulnerabilityresearch #ethicalhacking #infosec

🐛 Claude Code Security Detecta Fallos Que el Análisis Estático No Puede

Escanea código como un investigador humano, no como un mot

devops.com/claude-code-security-fin...

#CodeSecurity #VulnerabilityResearch #Anthropic #RoxsRoss

Original post on infosec.exchange

Just shipped updates for rhabdomancer, haruspex, and augur. Now compatible with @HexRaysSA IDA 9.3 and @xorpse's idalib-rs 8.0.

These headless #IDA plugins are built for #VulnerabilityResearch workflows where you want IDA's power without the GUI. This release brings a bunch of small […]

🔍 ¿Es Claude Opus 4.6 el Mejor Investigador de Seguridad?

Descubrió 600+ vulnerabilidades desconocidas en software de código abierto.

devops.com/is-claude-opus-4-6-the-b...

#Cybersecurity #VulnerabilityResearch #AI #RoxsRoss

Skepticism persists regarding LLMs' ability to discover truly novel exploits without significant human guidance. While automating known patterns, true innovation may still lie with human researchers. #VulnerabilityResearch 6/6

Microsoft Bounty Covers All Service Flaws
Read More: buff.ly/i1GlZVU

#Cybersecurity #BugBounty #Microsoft #VulnerabilityResearch #Infosec #SecurityResearch #BlackHat #ResponsibleDisclosure

Twitch Twitch is the world

"Darling and me are working with Jackal tonight! >:3" Dr. Jack is in. "Dr. JACK and Darling and me are gonna be doing some Cyber punk cyber security research! >;3" Reports, PoCs, vulns, other nonsense. "DEMONS!<3"

#cybersecurity #infosec #STEMEd #VulnerabilityResearch
www.twitch.tv/chaosfoundry

Join the Operation: Maximum Impact Challenge! 💻 Earn 2X bounty rewards for vulnerabilities in software with 5,000 to 5 million active installs. Bounties up to $31,200 per find. Submit now! #BugBounty #VulnerabilityResearch www.wordfence.com/blog/2025/10/wordfence-i...

ChatGPT Atlas browser raises security concerns OpenAI's new Chromium-based browser draws criticism for replicating Perplexity Comet design while vulnerability research exposes risks.

ChatGPT Atlas browser raises security concerns #ChatGPT #AtlasBrowser #OpenAI #CyberSecurity #VulnerabilityResearch

ChatGPT Atlas browser raises security concerns OpenAI's new Chromium-based browser draws criticism for replicating Perplexity Comet design while vulnerability research exposes risks.

ChatGPT Atlas browser raises security concerns #ChatGPT #AtlasBrowser #OpenAI #CyberSecurity #VulnerabilityResearch

Book cover of From Day Zero to Zero Day by Eugene Lim

I've enjoyed reading the new @nostarch #book "From Day Zero to Zero Day" by @spaceraccoon!

It provides a solid #VulnerabilityResearch methodology, exploring source #CodeReview, #ReverseEngineering, and #Fuzzing with a practical, hands-on introduction to the […]

[Original post on infosec.exchange]

Join the Operation: Maximum Impact Challenge! Earn 2X bounty rewards for vulnerabilities in popular software. Bounties up to $31,200. Submit now and earn big! #BugBounty #VulnerabilityResearch www.wordfence.com/blog/2025/09/wordfence-i...

Original post on infosec.exchange

I've updated my #VulnerabilityResearch and #ReverseEngineering tools to use the latest version of @binarly_io award-winning #idalib #Rust bindings, which support @HexRaysSA IDA Pro 9.2 and their freshly open-sourced SDK.

#Rhabdomancer - Vulnerability research assistant that locates calls to […]

Join us in the hunt for vulnerabilities! Double bounty rewards on 'High Threat' software with less than 5M installs until Sep 4, 2025. Earn up to $31,200 per submission. Get rewarded for your skills! #BugBounty #VulnerabilityResearch www.wordfence.com/blog/2025/08/wordfence-i...

Big win at #DefCon33! Qualys Threat Research Unit (TRU) takes home Epic Achievement + Best RCE at the #PwnieAwards for:
🔹 CVE-2024-6387 (regreSSHion) — 1st pre-auth RCE in OpenSSH in 20 yrs
🔹 CVE-2025-26465 — MITM attack on OpenSSH client

#vulnerabilityresearch #Qualys #TRU

Join the Wordfence Spring into Summer event! Get 2X rewards for 'High Threat' vulnerabilities on software with under 5 million installs. Bounties up to $31,200! #BugBounty #VulnerabilityResearch www.wordfence.com/blog/2025/07/wordfence-i...

NCSC Expands Vulnerability Research to Tackle Evolving Potato Threats thepotatoexpress.com/ncsc-vulnerability-resea... #VulnerabilityResearch #ThePotatoExpressNews #ThePotatoExpress #FirewallDaily #PotatoGuidance #UKGovernment #PotatoNews #NCSC #VRI

Set Sail: Remote Code Execution in SailPoint IQService via Default Encryption Key NetSPI discovered a remote code execution vulnerability in SailPoint IQService using default encryption keys. Exploit details, discovery methods, and remediation guidance included.

NetSPI Principal Security Consultant Jason Juntunen recently published findings on a Remote Code Execution vulnerability in SailPoint's IQService component.

👉 Read the full technical breakdown: ow.ly/GbT150WmgRg

#proactivesecurity #VulnerabilityResearch

CyberGym: Evaluating AI Agents' Cybersecurity Capabilities with Real-World Vulnerabilities at Scale Large language model (LLM) agents are becoming increasingly skilled at handling cybersecurity tasks autonomously. Thoroughly assessing their cybersecurity capabilities is critical and urgent, given…

CyberGym benchmarks AI models on vulnerability reproduction and exploit generation across 1,500+ real-world CVEs, with models like Claude 3.7 and GPT-4 occasionally identifying novel vulnerabilities.

Read more: arxiv.org/abs/2506.02548

#CyberSecurity #vulnerabilityresearch

Google Vulnerability Exposes Phone Numbers - Security Alert 2025 Critical Google vulnerability exposed millions of phone numbers through brute-force attacks. Learn how the security flaw worked and ...

🔍 Full technical analysis: technijian.com/cyber-securi...
🎧 Expert podcast breakdown: technijian.com/podcast/goog...
#CyberSecurityEducation #VulnerabilityResearch

𝑴𝒊𝒔𝒂𝒅𝒗𝒆𝒏𝒕𝒖𝒓𝒆𝒔 𝒘𝒊𝒕𝒉 𝑪𝒐𝒑𝒊𝒍𝒐𝒕+: 𝑨𝒕𝒕𝒂𝒄𝒌𝒊𝒏𝒈 𝒂𝒏𝒅 𝑬𝒙𝒑𝒍𝒐𝒊𝒕𝒊𝒏𝒈 𝑾𝒊𝒏𝒅𝒐𝒘𝒔 𝑵𝑷𝑼 𝑫𝒓𝒊𝒗𝒆𝒓𝒔
📑 Slides (PDF) – i.blackhat.com/Asia-25/Asia...
𝐹𝑒𝑒𝑙 𝑓𝑟𝑒𝑒 𝑡𝑜 𝑠ℎ𝑎𝑟𝑒 𝑡ℎ𝑖𝑠 𝑤𝑖𝑡ℎ 𝑦𝑜𝑢𝑟 𝑐𝑜𝑙𝑙𝑒𝑎𝑔𝑢𝑒𝑠! 𝐴𝑛𝑑 𝑟𝑒𝑚𝑒𝑚𝑏𝑒𝑟... 𝑆𝑡𝑎𝑦 𝑆𝑎𝑓𝑒 𝑎𝑛𝑑 𝐻𝑎𝑐𝑘 𝑅𝑒𝑠𝑝𝑜𝑛𝑠𝑖𝑏𝑙𝑦! 😎🏴‍☠️
#AIHardware #VulnerabilityResearch #PrivilegeEscalation

1/5 Mobile location spoofing is one of the most overlooked attack vectors in mobile security.

Most teams are not testing for it, and it is surprisingly easy to exploit.

#MobileSecurity #Corellium #VulnerabilityResearch #CyberSecurity #AppSec