Stay ahead with updates on high-profile vulnerabilities, expert tutorials, essential safety tips, and the latest Netlas developments.
Joined November 2020
- Tweets 667
- Following 12
- Followers 7,516
- Likes 148
402 Photos and videos
Jun 12
CVE-2026-47367 and other: Improper Input Validation vulnerabilities in Ubiquiti UniFi OS, 9.9 rating 🔥
Several improper input validation and other weaknesses allow low-privileged attacker to execute command injection and possible to compromise network.
👉nt.ls/TczjZ
3
4
574
Jun 10
CVE-2026-47759 - CVE-2026-47762: Four XSS vulnerabilities in TinyMCE, 8.7 rating 🔥
Four recently disclosed Cross-Site Scripting (XSS) vulnerabilities allow remote attacker to inject malicious scripts into web pages.
👉 nt.ls/DRDw1
1
235
Jun 6
CVE-2026-44494: Full Man-in-the-Middle via Prototype Pollution Gadget in Axios, 8.7 rating 🔥
The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows an attacker intercept, read, and modify all outgoing HTTP requests including authentication credentials.
👉 nt.ls/emv2w
3
451
Jun 5
📘 Attackers no longer need custom malware.
Legitimate Remote Monitoring & Management (RMM) tools like AnyDesk, ScreenConnect, TeamViewer, Atera, and others are increasingly being weaponized for initial access, persistence, and ransomware operations.
netlas.io/blog/weaponized_rm…
1
376
May 26
CVE-2026-47783 & CVE-2026-47784: Two SASL vulnerabilities in Memcached, 8.1 rating 🔥
Two new vulnerabilities Memcached allow an attacker to enumerate valid usernames on the system and guess their passwords because password and username data for SASL password database authentication has a timing side channel.
👉 nt.ls/zZBd0
1
5
9
1,057
May 23
CVE-2026-34908, CVE-2026-34909 & CVE-2026-34910: Vulnerabilities in Ubiquiti UniFi OS, 10.0 rating 🔥🔥🔥
Three new vulnerabilities in Ubiquiti UniFi OS allow an network attacker to make unauthorized changes, access files and execute arbitrary command. It may cause to full device compromise.
👉 nt.ls/oMQHo
1
12
45
2,596
May 22
CVE-2026-46354: Token theft in Coder, 9.1 rating 🔥
New vulnerability in Coder allows an attacker on any Azure VM to steal an agent session token, and with the stolen token get access to Git SSH private key, OAuth access tokens or workspace secrets.
👉 nt.ls/JwI80
3
15
1,190
May 21
Totally new 0-day RCE vulnerability in NGINX. Again 😱
New zero-day RCE vulnerability named nginx-poolslip targets the latest mainline release 1.31.0.
👉 nt.ls/k1sOO
May 20
Introducing nginx-poolslip, a fresh RCE for the the latest nginx release 1.31.0.
nginx-rift has been patched, but our security agent Vega has found a new 0 day.
We will release the full technical writeup with ASLR bypass 30 days after the patch on nebusec.ai.
6
32
5,986
May 21
Discovering Data Exposure with Netlas
A practical walkthrough of how security researchers can use Netlas to identify exposed / leaked sensitive data.
✔ Methods for finding leaked data
✔ Common exposure patterns
✔ Real-world search techniques
netlas.io/blog/discovering_d…
236
May 20
🌍 Netlas v1.8 is live
Private Scanner now supports Scanner Locations!
Run scans from different countries to see infrastructure from multiple geographic perspectives.
👉 Details: docs.netlas.io/changelog/
2
262
May 20
CVE-2026-44789, CVE-2026-44790 & CVE-2026-44791: 3 new vulnerabilities in n8n, 9.4 rating 🔥
Recently disclosed vulnerabilities in n8n allow an attacker to read arbitrary files from the server, achieve global prototype pollution and bypass the patch for previous vulnerability (CVE-2026-42232).
👉 nt.ls/dRB5p
2
17
56
5,635
May 19
CVE-2026-42945: 18-Year-Old vulnerability in NGINX, 9.2 rating 🔥
Heap buffer overflow vulnerability in NGINX Plus and NGINX Open Source allows an unauthenticated attacker to lead NGINX worker process to restart by sending crafted HTTP requests. Additionally, in some cases code execution is possible. This vulnerability is already being actively exploited in the wild!
👉 nt.ls/9xSvG
7
20
1,474
May 16
CVE-2026-42897: Microsoft Exchange Server spoofing vulnerability, 8.1 rating 🔥
New spoofing vulnerability in on-premise Microsoft Exchange Server hits OWA and allows an unauthorized attacker to execute malicious code by sending a specially crafted email to a user. This vulnerability is already being actively exploited in the wild!
👉 nt.ls/64QAo
2
5
728
May 15
CVE-2026-44194 & CVE-2026-45158: Two RCE vulnerabilities in OPNsense, 9.1 rating 🔥
Two vulnerabilities in OPNsense allows an authenticated attacker to execute arbitrary code as root on the firewall host via User management system (CVE-2026-44194) and DHCP Config (CVE-2026-45158). PoC already available!
👉 nt.ls/S0qIg
2
11
39
3,036
May 14
CVE-2026-45185: RCE in Exim, 9.8 rating 🔥
Vulnerability in Exim allows an unauthenticated network attacker to execute arbitrary code.
👉 nt.ls/0Wqux
7
24
2,044
May 12
CVE-2026-43640: Missing authentication in JetBrains TeamCity, 8.2 rating 🔥
Vulnerability in JetBrains TeamCity allows an authenticated user to expose server API to unauthorized access.
👉 nt.ls/7tWNf
5
6
795
May 11
CVE-2026-29202 & CVE-2026-29203: Two vulnerabilities in cPanel, 8.8 rating 🔥
The first vulnerability in cPanel allows an attacker to execute arbitrary commands directly on the server via Perl injection (CVE-2026-29202). The second one (CVE-2026-29203) leads to denial of service and possible privilege escalation.
👉 nt.ls/2en2n
1
4
721
May 9
CVE-2026-23870: DoS in React Server Components, 7.5 rating 🔥
DoS vulnerability in React Server Components allows an attacker to disable the web application by exhausting server resources. This vulnerability requires a specific architectural setup to be exploited.
👉 nt.ls/akCFc
3
18
1,339