Sebastiaan Groot & Frank Cozijnsen (KPN) fuzzed a Steering of Roaming component and turned a crash into remote code execution, even across operator boundaries. Watch here: youtu.be/JxkcG7bbxGw?si=V-FQ… #Orangecon #TelecomSec #ExploitResearch

InversePrompt: Turning Claude Against Itself, One Prompt at a Time - cymulate.com/blog/cve-2025-5… - By @EladBeber @ @Cymulateltd As Anthropic’s Claude Code gains traction as a powerful AI coding assistant, it promises developers a safe and streamlined way to build with Claude’s capabilities. But what happens when the same assistant meant to enforce restrictions unknowingly reveals how to bypass them? During Anthropic’s Research Preview phase, I discovered two high-severity vulnerabilities in Claude Code, which were quickly addressed by the team. These issues allowed me to escape its intended restrictions and execute unauthorized actions, all with Claude’s own help. By turning the tool inward and exploring how it interprets and validates inputs, I uncovered flaws that led to: - Path restriction bypass. - Code execution via command injection. Both are exploitable through simple prompt crafting. These findings highlight the risks of blindly trusting LLM-powered developer tools, especially when the same system meant to enforce the rules can also be used to break them. #ClaudeCode #InversePrompting #PromptInjection #LLMSecurity #AIHacking #CVE2025 #CommandInjection #PathTraversal #AIExploit #AIReverseEngineering #Anthropic #Cymulate #SecurityResearch #SandboxBypass #PrivilegeEscalation #LLMAbuse #DeveloperSecurity #SecureAI #AIHardening #ExploitResearch

When someone like @_jsoo_ says your book supercharges your vulnerability research skills, you know you’re on the right path. Jacob is the founder of @starlabs_sg, a legendary team that has won multiple Pwn2Own contests and finds 0-days in spades. He lives and breathes vulnerability research, so his endorsement means A LOT! 🙏 Grab your copy today: 🚀 No Starch Press: nostarch.com/zero-day 🚀 Amazon: amazon.com/Day-Zero/dp/17185… #FromTheDayZeroToZeroDay #Cybersecurity #RedTeam #InfoSec #ExploitResearch #BookLaunch

Smart TV 0days Wanted 🔥 ZeroZenX is actively seeking 0day vulnerabilities affecting Smart TVs, including but not limited to: 📺 Samsung 📺 LG 📺 Sony 📺 TCL 📺 Xiaomi 📺 Hisense 📺 Philips 📺 And other major brands 💰 Competitive payouts based on impact, brand, and complexity. 🔒 All submissions are handled with full confidentiality. If you’re a researcher with a working 0day or proof-of-concept, submit via our platform: 👉 vrp.zerozenx.com Or reach us directly at: 📩 submit@zerozenx.com Let’s collaborate to push the boundaries of embedded security. #0day #SmartTV #BugBounty #ExploitResearch #CyberSecurity #news #samsung #tv #lg #dev #bounty #zeroday #zerozenx

💥 Got a Pre-Auth RCE in Axigen Mail Server? We’re Buying – $50K–$80K ZeroZenX is actively seeking 0-day vulnerabilities affecting Axigen Mail Server, specifically: 🛡️ Target: Axigen Mail Server 🎯 Vulnerability Type: Pre-auth Remote Code Execution (RCE) only 💰 Bounty Range: $50,000 – $80,000 (depending on limitations, requirements, and exploit reliability) Researchers can submit their findings through our secure platform: 🔗 vrp.zerozenx.com/ Or share minimal technical details via email: 📧 submit@zerozenx.com All submissions are handled confidentially and reviewed promptly by our internal security team. Join us in pushing the boundaries of responsible vulnerability research. #CyberSecurity #Infosec #BugBounty #ExploitDev #ZeroDay #0day #ExploitResearch #OffensiveSecurity #RCE #PrivilegeEscalation #RedTeam #VulnerabilityResearch #SecurityResearch #PreAuthRCE #EthicalHacking #PenetrationTesting #HackThePlanet #CyberThreats #SecurityExperts #BugBountyHunters #Hackers #VulnResearch #SecurityCommunity #ThreatResearch #SecurityResearchers #CyberSecNews #ZeroDayExploit #ExploitMarket #ZeroDayBounty #AxigenMailServer

🔥 $30,000 Reward for ISPConfig Pre-Auth RCE 0day We're actively seeking a pre-auth RCE 0day affecting ISPConfig, exploitable on a default installation. Reward: $30,000 for a valid working exploit. Submit via: vrp.zerozenx.com Or share minimal technical details to: submit@zerozenx.com Let’s advance offensive research—and reward real impact. #ZeroDay #RCE #ExploitResearch #CyberSecurity #InfoSec #ISPConfig #ExploitDev #Security

🔥 Antivirus 0-Days Wanted – Up to $50K in Rewards! ZeroZenX is actively looking for high-impact 0-day vulnerabilities in antivirus products. If you have cutting-edge research, submit it now via our platform and get rewarded! 💰 Bounties from $10,000 – $50,000 🔒 Confidential & Secure Submission Process 📩 Submit your exploits here: vrp.zerozenx.com/ Got something? Send it now and claim your reward! #CyberSecurity #BugBounty #0day #ExploitResearch #Hacker

🚨 iOS 0days Wanted – Bounties Up to $500,000 ! We are actively seeking high-impact iOS 0day vulnerabilities and offering bounties up to $500,000 for top-tier exploits! 💰 🔍 What We're Looking For: ✅ Remote Code Execution (RCE), Sandbox Escapes, Privilege Escalation ✅ Exploit chains bypassing Apple security (PAC, AMFI, PPL, etc.) ✅ Persistence methods, baseband vulnerabilities, and novel attack vectors 🚀 Submit your findings securely at: vrp.zerozenx.com/ #BugBounty #iOS #ExploitResearch #Security #0day #cybersecurity #news #attack #zerozenx

SecTools Podcast – Episode #47 Conversations with Tim Misiak (@timmisiak) about WinDbg, Time Travel Debugging and more. infoseccampus.com/podcast/se… #sectools #podcast #windbg #timetraveldebugging #exploitresearch