I can’t believe Anthropic comparing their product to nuclear weapons 800 times backfired on them. I am shocked

MSSQL has always been a favorite target. Now it ships its own egress channel. @gershsec's latest research breaks down how SQL Server 2025's native AI features enable exfil, NTLM coercion, and C2 transport, all functioning as intended. Read more 👇 ghst.ly/4e2L3JX

🎙 Retrouvez ce vendredi à Bordeaux nos speakers à l'événement @Sthack 🔸 @0x3lk : "Runtime blindspot : Abusing .NET Runtime Internals to Evade EDRs " 🔸 @M4yFly : Red Team : "20 missions plus tard : Autopsie de quatre années de mutation offensive" 👉 ow.ly/Zp1Y50Z4XkJ

Impacket 0.13.1 is live! This release includes new relay surfaces, stronger support for modern Windows and SQL Server environments, and a set of practical improvements across the examples scripts. Check out the blog post to get more details> coresecurity.com/blog/whats-…

‼️🚨 Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots. Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's usual secrecy. ▪️ AI surfaces a massive wave of 0-day RCEs. ▪️ Submissions overwhelm ZDI past max capacity. ▪️ Slots run out. Researchers with working chains get rejected. ▪️ "Revenge disclosures" begin. ← we are here. Confirmed casualties so far: ▪️ @xchglabs : 86 vulnerabilities prepared (PyTorch, NVIDIA, Linux KVM, Oracle, Docker, Ollama, Chroma, LiteLLM, llama.cpp). All rejected. Now reporting directly to vendors with writeups dropping as patches land. ▪️ @ggwhyp : full-chain Firefox RCE on Windows. Rejected. Publicly demoed (HTML page → cmd.exe → calc.exe). Responsibly disclosed to Mozilla. ▪️ @yunsu_dev : working RCE chain, rejected. Submitting elsewhere. ▪️ @ryotkak : tried to register for 3 weeks. ZDI confirmed "at maximum capacity, can't add extra contest days." Considered canceling flight and hotel. ▪️ @anzuukino2802 : Claude Code RCE PoC. Rejected. ▪️ @desckimh : 0-day RCEs in Ollama and LM Studio. Rejected. Reported impact: a community-estimated 150 researchers tried to register. Accepted contestants are now being warned about collisions. Rejected vulnerabilities going to bug bounty programs may trigger pre-event patches that invalidate the work of those who got in. ZDI has not publicly addressed the capacity issue. The event still runs May 14-16 in Berlin.

Virtual private networks #VPN are increasingly used to bypass online age verification. Protecting children online is a priority, with new rules being implemented requiring a minimum age for access to some services Read👉 link.europa.eu/FGfr6C #DSA @EP_Justice @FZarzalejos

Virtual private networks #VPN are increasingly used to bypass online age verification. Protecting children online is a priority, with new rules being implemented requiring a minimum age for access to some services Read👉 link.europa.eu/FGfr6C #DSA @EP_Justice @FZarzalejos

Google Chrome silently installs a 4 GB Gemini Nano model file on user devices with no consent prompt and re-downloads it if you delete it. awesomeagents.ai/news/chrome…

Microsoft Edge loads all your saved passwords into memory in cleartext — even when you’re not using them.