Technical analysis and exploitation strategy for CVE-2026-40369: a 12-byte kernel increment exploitable both as LPE and SBX. Originally prepared for Pwn2Own Berlin, the bug became public shortly before the contest after CVE assignment. voidsec.com/cve-2026-40369-b…

Some takeaways from our Director of Research on the usage of AI for Vulnerability Research

The following vulnerabilities have been added to our feed: - CVE-2026-21509: Microsoft Office Word RCE - CVE-2025-38352: Linux Kernel LPE - 0DAY-2026-0004: SmarterMail LPE crowdfense.com/n-day-feed/

🔥 Thank you for sponsoring #Zer0Con2026 Not all n-days are created equal. Crowdfense's(@crowdfense ) N-Day Vulnerability Feed gives you real-world weaponised vetted exploits and technical analysis for the high-risk CVEs actively abused in the wild. Research-grade intelligence, not just another scanner output. crowdfense.com/n-day-feed/

The following vulnerabilities have been added to our feed: - 0DAY-2026-2: Microsoft Buffer Over-read DoS - 0DAY-2026-3: Microsoft Unvalidated Pointer Deref. LPE - CVE-2026-21385: Qualcomm GPU Signed Integer Extension LPE To discover more about it, visit crowdfense.com/n-day-feed/

We appreciate @crowdfense's continued support to Offensivecon as a Silver Sponsor!

@crowdfense x @NDAYSecurity Our N-Day Vulnerability Feed now powers NDAY's continuous exploitability platform & AttackBench AI agent - giving defenders the same weaponised intel APTs use in the wild. crowdfense.com/crowdfense-n-…

The following weaponized vulnerabilities have been added to our n-day feed: - CVE-2025-61882: Oracle EBS - RCE - CVE-2026-24423: SmarterMail - RCE - CVE-2026-20941: Host Process - LPE - 0DAY-2026-0001: Visual Studio - Info Disclosure crowdfense.com/n-day-feed/

The following vulnerabilities have been added to our feed: - CVE-2025-49113: Roundcube PHP Object Deserialization RCE - CVE-2025-52691: SmarterMail Arbitrary File Upload RCE - CVE-2026-23760: SmarterMail Authentication Bypass RCE crowdfense.com/n-day-feed/

The following vulnerabilities have been added to our feed: - CVE-2025-64446: Fortinet Fortiweb Command Injection RCE - CVE-2025-62221: Microsoft Cloud Files Mini Filter Driver UAF LPE - CVE-2025-26666: Windows Media Heap-based Buffer Overflow DoS crowdfense.com/n-day-feed/

VULNCON 2026 is guided by an enhanced Review Panel, providing strategic oversight and maintaining technical rigor to ensure continued relevance within the evolving cybersecurity landscape. Monnappa KA - Principal Security Researcher David Campbell - Head of AI Security @Scale AI Adhokshaj Mishra - Staff Detection Engineer @SentinelOne Amol Naik - Head of Information Security @HugoHub Shubham Mittal - CEO & Co-Founder @RedHunt Labs Muslim Koser - Advisor @KAS Cybersecurity Vandana Verma - Security Relations Leader @Synk Paolo Stagno - Director of Research @Crowdfense Tomer Bar - Security Researcher 📅 12th & 13th June, 2026 📍 NIMHANS Convention Centre, Bengaluru #VULNCON2026 #Vulncon #Cybersecurity #CybersecurityLeadership #InfoSecCommunity #SecurityResearch #CyberConference

The following vulnerabilities have been added to our feed: CVE-2025-53136: NT OS KASLR Bypass CVE-2025-30397: Internet Explorer/Edge Chakra Engine RCE CVE-2025-59287: Windows Server Update RCE CVE-2025-24893: XWiki Groovy Injection RCE crowdfense.com/n-day-feed/

[#Zer0Con2026] 🗓️ CFP closes in "30 days" 🌕 CFP: ~ Feb 22, 2026 No hesitation. Only execution ;)

The following vulnerabilities have been added to our feed: CVE-2024-51324: Baidu Antivirus PPL CVE-2025-25257: FortiWeb SQL Injection and Command Injection CVE-2025-8088: WinRAR Directory Traversal ZDI-CAN-26372: Windows Theme File Parsing NTLM Leak crowdfense.com/n-day-feed/

Plot twist: today’s blog is NOT about vulns. We took a short break from breaking things and decided to build something instead. If you're curious about running powerful LLMs locally without selling your kidney for a GPU, here you go: crowdfense.com/home-made-llm…

pagedout.institute/ ← Call for articles & art for issue #8 of this technical IT zine is open! As usual, we accept 1-page articles about everything interesting in IT and related fields (be it programming, cybersec, AI, demoscene, retro, electronics, etc).

The following vulnerabilities have been added to our feed: - CVE-2025-33053: Microsoft Windows Internet Shortcut Files RCE - CVE-2025-25257: Fortinet FortiWeb RCE - CVE-2025-50154: Microsoft Windows File Explorer NTLM Leak crowdfense.com/n-day-feed/

We just released a new batch of mobile and other high-value vulnerability bounties on our VRH platform. Targets include iOS, Android, and more. Now's the time to jump in! Register or log in to VRH and explore the opportunities: vrh.crowdfense.com/

We’ve seen a bunch of new faces lately. Welcome! 👋 If you want real-time updates and stay in the loop, make sure you're following our Telegram channel and you are registered to our VRH platform: t.me/crowdfense vrh.crowdfense.com

Bidding farewell to one of the last Windows kernel address leaks, CVE-2025-53136 (KASLR bypass). Sometimes, even patches can open new doors for exploitation. crowdfense.com/nt-os-kernel-…