The Legend of Zelda: Ocarina of Time will be reborn on Nintendo Switch 2 in 2026. #NintendoDirect

Introducing HTTP/2 Bomb: a remote DoS in nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora. A single client pins 32GB of server memory in 10s. Found by Codex. Blog post: blog.calif.io/p/codex-discov… PoCs: github.com/califio/publicati…

4 byte heap overflow to a a full RCE in Minecraft via the STB Image Parsing library. osec.io/blog/2026-06-02-mine…

Wrote a blogpost about how you can use the Windows server 2003 source code as a red teamer to make your tools look less like tools. I also go over and map out the main/important files and practical examples of using it to augment MS-*/RFC specs: abdulmhsblog.com/posts/usein…

I wish I could carry all of nature with me to keep it safe

Dusk (Zelda: Twilight Princess decomp port) out for PC/Steam Deck/Android/iOS youtube.com/watch?v=t9fQ4ZB-… twilitrealm.dev/ -Enhanced res -Uncap framerate -Gyro Aim -QoL -Achievements & More

‘I feel everything’ Embroidery on cotton & velvet.

Another zero day exploit released by some nerd (can't remember name right now) because they're annoyed with Microsoft. It's been confirmed by other nerds. It is yet another legit zero day. Whew. github.com/Nightmare-Eclipse…

Neat hxr1.ghost.io/abusing-winml-…

iOS and macOS decompiler for IPA files github.com/LaurieWired/Malim…

I was bored last weekend and built an Active Directory vulnerability scanner that will remain 100% free, forever. I've tested it as much as I can locally and would love to see some other folks get hands on. I call it ADPulse. github.com/dievus/ADPulse

Today is my last day at @OrangeCyberUK after nearly 9 years, having been a part of the @sensepost team was a privilege, some of the very best people and really encompassed the hacker ethos and sense of community. Off to road trip New Zealand for 3 weeks then back to hacking!

You require more passwords 👾 . Finally, released breach.txt, a wordlist built from real-world passwords found in breaches, forum dumps, leaked logs, and other "sources". weakpass.com/wordlists/breac… Will try to keep it up-to-date, at least for some time 😀 #infosec

NTLM reflection attacks can be used to compromise Active Directory domains even with SMB signing if systems aren’t fully patched depthsecurity.com/blog/using…

InterceptSuite: MITM proxy for IoT devices, thick clients, and real-time applications GitHub: github.com/InterceptSuite/In…

My Christmas ornaments are officially ready to find their homes, thank you so much again for all your lovely messages & so much interest! There are only 10 of these available ♥️

I said I was leaving here for good but guess not! Hello! I’m back! I’m Em, a traditional craft embroidery & fibre artist from England! Here’s my recent collection- ‘Roots’, a collection of longing for home, community & somewhere to call your own.

Tools such as PsExec.py from Impacket are usually flagged for lateral movement due to the pre-built service executable that is dropped on the remote system. However, some vendors also flag Impacket based on its behaviour. With RustPack, you can easily create service executables that won't be detected by signatures or behaviour-based detection. 😎 In this demo video, an unsigned service executable is generated. This will only fire the payload on a system with the hostname 'Win11' — environmental keying will prevent the payload from showing up in a sandbox or cloud analysis. To avoid Impacket detection, we drop and execute the binary via the recently released Titanis protocol library from @TrustedSec: github.com/trustedsec/Titani…. The result is an Adaptix C2 connection in the SYSTEM context. 🫡 #Pentest #RedTeam #Malware #OST

The UK is demanding another backdoor in Apple’s encryption. ft.com/content/d101fd62-14f9…

Say what you like about Banksy, but with these two pictures, he's managed to sum up the attitude of 'British democracy' to free speech when it comes to Israel and the genocide in Gaza. Trotsky once said that art must tell the truth. I'd say he's met that standard.