Won a 𝗳𝗿𝗲𝗲 𝗢𝗦𝗖𝗣 PEN-200 bundle from @offsectraining by winning 𝟭𝘀𝘁 place in their 𝗥𝗲𝗽𝗼𝗿𝘁 𝗪𝗿𝗶𝘁𝗶𝗻𝗴 𝗖𝗼𝗻𝘁𝗲𝘀𝘁 — Alhamdulillah, passed #OSCP with 𝟭𝟬𝟬/𝟭𝟬𝟬 on my first attempt! Check out: medium.com/@pakcyberbot/how-…

“The vulnerability with the highest CVSS score in this month’s update is a critical remote code execution flaw in the Microsoft Devices Pricing Program. CVE-2026-21536 (CVSS score: 9.8), per Microsoft, has been fully mitigated [...] Artificial intelligence (AI)-powered autonomous vulnerability discovery platform XBOW has been credited with discovering and reporting the issue.” bit.ly/4s2u8vq

🚨 Someone just open sourced a fully autonomous AI hacker and it's terrifying. It's called Shannon. Point it at your web app, and it doesn't just scan for vulnerabilities. It actually exploits them. Real injections. Real auth bypasses. Real database exfiltrations. Not alerts. Not warnings. Actual working exploits with copy-paste proof-of-concepts. Here's what this thing does autonomously: → Reads your entire source code to plan its attack → Maps every endpoint, API route, and auth mechanism → Runs Nmap, Subfinder, and WhatWeb for deep recon → Hunts for Injection, XSS, SSRF, and broken auth in parallel → Launches real browser-based exploits to prove each vulnerability → Generates a pentester-grade report with reproducible PoCs Here's the wildest part: It follows a strict "No Exploit, No Report" policy. If it can't actually break it, it doesn't report it. Zero false positives. It pointed at OWASP Juice Shop and found 20 critical vulnerabilities in a single run including complete auth bypass and full database exfiltration. On the XBOW Benchmark (hint-free, source-aware), it scored 96.15%. Your team ships code daily with Claude Code and Cursor. Your pentest happens once a year. That's 364 days of shipping blind. Shannon closes that gap. One command. Fully autonomous. The Red Team to your vibe-coding Blue team. Every Claude coder deserves their Shannon. 10.6K GitHub stars. 1.3K forks. Already trending. 100% Open Source. AGPL-3.0 License.

Nothing humbles you like telling your OpenClaw “confirm before acting” and watching it speedrun deleting your inbox. I couldn’t stop it from my phone. I had to RUN to my Mac mini like I was defusing a bomb.

Nothing to see here... 🫣 Here are the pieces of content coming to the #HackTheBox platforms this week! 🔵 JustSomePages, a Sherlock created by iamr007 🔴 Interpreter, an HTB Season 10 Machine, created by ReziT 🔴 PyDome, a Challenge created by pakcyberbot Find them on #HTB Labs and Enterprise Platform: okt.to/Of6urF #Cybersecurity #InformationSecurity #NewRelease #Hacking #CyberSkills

My new challenge, "PyDome", has been released on Hack The Box ( @hackthebox_eu ). Give it a try and let me know your thoughts! app.hackthebox.com/challenge… Feedback or constructive criticism is greatly appreciated. #hackthebox #challenge #pydome #pakcyberbot

Humanoid robot with open-source hardware and software github.com/Roboparty/roboto_…

Want to see what elite security research looks like? 🌟 @omer_asfu, one of Google Cloud VRP's best, dropped a cross-tenant finding: CVE-2025-13292 (nvd.nist.gov/vuln/detail/CVE…)

That's called dedication

🚨 We turned Google Gemini into a double agent. By sending a single, "silent" calendar invite, we hijacked Gemini’s calendar capabilities to exfiltrate private data—with zero lines of code in the exploitation. The AI didn't just leak info; it actively worked for us. 🧵👇

🚀 𝗙𝗶𝗿𝘀𝘁 𝗖𝗩𝗘 𝗨𝗻𝗱𝗲𝗿 𝗠𝘆 𝗡𝗮𝗺𝗲 — 𝗖𝗩𝗘-𝟮𝟬𝟮𝟲-𝟮𝟭𝟲𝟰𝟬 @ReviveAdserver 🔗 nvd.nist.gov/vuln/detail/CVE… 🔗 revive-adserver.com/ #CVE #vulnerability #nist #nvd #hacking #cybersecurity

Want to see what top-notch security research looks like? Look no further than @j_domeracki's latest research, a standout contributor to the Google Cloud VRP! 🪲💪 jdsec.cloud/posts/2026-01-17…

🔓 Just beat the "Dojo #48 - RubitMQ" challenge on @YesWeHack! Think you can match my skills? 🌟 dojo-yeswehack.com/challenge… #YesWeHack #ChallengeAccepted

Day TWO of FIVE days of celebrating our 2 year ARCANUM-VERSARY! @arcanuminfosec 3rd Giveaway = FOUR seats to our new course by @the_IDORminator "Zero to [BAC] Hero" ! 👍 1 Like = 1 Entry! ♻️ 1 Share = 2 Entries! Winners announced 1/21! Syllabus link below 👇

Revive Adserver disclosed a bug submitted by @pakcyberbot: hackerone.com/reports/344533… #hackerone #bugbounty

Become an absolute Web3 Security beast in 2026!! Resources: 1. Owen Thurm - Web3 Security 101 playlist (Youtube) 2. Past audit reports - solodit.xyz 3. DeFi bible - github.com/OffcierCia/ultima… 4. Books & Blog - rareskills.io/blog 5. Use AI to your advantage

Everything you need annas-archive.se