So, here is another gift for you about Imagemagick RCE 0-day that afftceted to GhostScript-9.50 😀 github.com/duc-nt/RCE-0-day-… #RCE #imagemagick #ghostscript

gnosis pay exploit root cause: a taint of revert data gnosisscan.io/tx/0x5ea42911c…

We reported a critical loss of funds bug to @Thorchain (32M TVL, 150M FDV) They silently patched it and told us their bug bounty program is permanently retired. We have more Thorchain chain halt DoS vulns. We intend to release them (open disclosure) in the coming few days

Así es como se ve un lanzamiento de cohete desde 400 km sobre la Tierra a bordo de la ISS. @StarSnap_1 #MateriaOscura

Engineering is magic

security research now has this weird incentive where finding the bug is only half the game. the other half is packaging the story as "claude/codex found it" because that’s where all the attention is right now. model providers, with their big accounts and distribution, will push the story for you. it looks win-win. weirdly, the human taste, target selection, hand holding, all get compressed into "the model found it". frontier model companies happily push that narrative, while the researcher slowly gets devalued.

Never stop selling

That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉

NGINX rift: We autonomously discovered this 18 yr old heap overflow (CVE-2026-42945) in @nginx impacting version 0.6.27 to 1.30.0. If you use rewrite and set directive, you maybe impacted! Please update your NGINX or change the config to mitigate it. Read more at depthfirst.com/nginx-rift

Proud of the team. They went after a corner of the Linux kernel that nobody had bothered to look at, found a bug that had been sitting there for 14 years, and quietly got on with it. No fuss. Just good work. If any vendors looking for extra pair of eyes, let me know.

PoCs for Apache Tomcat Unauth RCE (CVE-2026-34486) and Apache httpd Pre-auth RCE (CVE-2026-23918) are now public on our Github. Tomcat exploit is fully reliable. httpd chain works in a controlled lab setup with a known info leak. github.com/striga-ai/CVE-202… github.com/striga-ai/CVE-202…

Microsoft $MSFT developers watching Claude integrate better than Copilot in their own software

Patch your Linux boxes! Copy.Fail is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms. Found by the teams at @theori_io and @xint_official More details below xint.io/blog/copy-fail-linux…

🚨: A civilization 2,000 light-years away pointing a powerful enough telescope at Earth right now would see the Roman Empire. They'd see Jesus alive.

🚨 BREAKING: Wiz Research discovered Remote Code Execution on GitHub.com with a single git push The flaw in @github allowed unauthorized access to millions of repositories belonging to other users and organizations 🤯

Centralization exposed inside Tron USDT 🚨 Here’s what is happening: Tether just executed the largest freeze in its history. More than $344,000,000 in USDT (TRC-20) blocked on Tron. By Tether itself. - Coordinated with OFAC and US law enforcement - Executed directly through the USDT smart contract - Funds are now visible but completely unusable This is how it works: - Tether has admin control over USDT contracts - Can blacklist any address - Can freeze balances instantly - Can permanently destroy funds Functions used: - addBlackList(address) - removeBlackList(address) - destroyBlackFunds(address) Now here’s where it gets interesting Timeline April 20 - Arbitrum freezes ~$71M linked to hackers April 21 - Justin Sun tweets: “the most decentralized blockchain in the world is Tron” April 23 - Tether freezes $344M on Tron No response from Justin Sun so far The irony writes itself Stay safe.

Introducing Project Glasswing: an urgent initiative to help secure the world’s most critical software. It’s powered by our newest frontier model, Claude Mythos Preview, which can find software vulnerabilities better than all but the most skilled humans. anthropic.com/glasswing

NASA Artemis passing close to the Moon

CTF in 2026