An 18-year-old nginx bug just became unauthenticated RCE. CVE-2026-42945 - CVSS 9.2 - public PoC live now. If you use rewrite set directives, you're exposed. PoC: github.com/DepthFirstDisclos… Update to 1.31.0. #nginx #infosec #bugbounty #exploit #webdev

Nginx-Rift/poc.py at main · DepthFirstDisclosures/Nginx-Rift

exploit for CVE-2026-42945. Contribute to DepthFirstDisclosures/Nginx-Rift development by creating an account on GitHub.

github.com

1,255

Afi0

Afi0 @afi0pchik

May 13

New Linux LPE: github.com/v12-security/pocs… #Linux #CyberSecurity #Infosec #Exploit

3,730

Afi0

Afi0 @afi0pchik

May 10

Android NFC hides layered system and hardware paths with real security risks most developers miss. Architecture and attack surface breakdown. Link in comments 👇 #Android #BugBounty #CyberSecurity #MobileSecurity #InfoSec

320

Nick G

Afi0 retweeted

Nick G @kallsyms

May 3

🚨 0-day alert! GPT 5.5 has found and exploited a network accessible RCE in Mac OS 9.2.1 🚨

0:14

128

1,754

471,531

Smukx.E

Afi0 retweeted

Smukx.E

@5mukx

Apr 30

> I Got bored and scrolling x. > sees this post. > Decided to write something within my knowledge. > tries to write PoC in Rust in an weird way. > Made it work = ) Rust PoC:- github.com/Whitecat18/Rust-f… #poc #rust

Panos Gkatziroulis 🦄

@ipurple

Apr 30

DoomSyscalls - Clean Indirect Syscalls with Hook Evasion & Return Address Spoofing github.com/SilentisVox/DoomS…

117

6,220

Afi0

Afi0 retweeted

Afi0 @afi0pchik

29 Dec 2025

Hi, everyone 👋 Created an article on finding bugs in multi-tenant systems 🔥Check it: medium.com/@afi0pchik/findin… #bugbountytips #Medium #Learning #BugBounty #InfoSec #CyberSecurity #BugHunting

Finding Broken Access Control in Multi-Tenant Systems

How Broken Access Control Leads to Cross-Tenant Data Exposure

medium.com

127

reverseame

Afi0 retweeted

reverseame @reverseame

Apr 29

Zen and the Art of Microcode Hacking bughunters.google.com/blog/z…

Blog: Zen and the Art of Microcode Hacking

This blog post covers the full details of EntrySign, the AMD Zen microcode signature validation vulnerability recently discovered by the Google Security team.

bughunters.google.com

1,935

Graham Helton (too much for zblock)

Afi0 retweeted

Graham Helton (too much for zblock)@GrahamHelton3

Apr 28

🚨3 years ago I posted "Human Memory Management" where I spent 7000 words explaining how I utilize @obsdmd for security research. Today I'm releasing the long awaited followup showing how that methodology has evolved over 3 years and how agents fit in. grahamhelton.com/blog/obsidi…

Human Memory Management And Obsidian V2

How I structure five Obsidian vaults, enforce atomic notes through templated creation flows, and use frontmatter properties to turn notes into queryable databases.

grahamhelton.com

5,324

Origin

Afi0 retweeted

Origin

@originhq

Apr 29

Agent features don't need vulnerabilities to become tradecraft. They just need to be useful, installed, and exposed. Codex ships with a documented IPC surface for remote TUI sessions, and one bind flag turns a compromised endpoint into a remotely controlled agent. originhq.com/blog/codex-on-t…

Codex on the Wire: One Flag Away From a Network Service | Origin

By David Kaplan on 2026-04-28

originhq.com

3,816

Smukx.E

Afi0 retweeted

Smukx.E

@5mukx

Apr 30

Hypervisors for Memory Introspection and Reverse Engineering by memN0ps Blog:- memn0ps.github.io/hypervisor… #hypervisor #reverse

174

7,693

Afi0

Afi0 @afi0pchik

May 2

Your AI can be hijacked - without the attacker touching your code It's called prompt injection. I broke it down Link in comments 👇 #LLMSecurity #AI #CyberSecurity #InfoSec

1,957