[ZDI-26-331|CVE-2026-45495] (Pwn2Own) Microsoft Edge Feedback Log File Handling Directory Traversal Remote Code Execution Vulnerability (CVSS 7.5; Credit: Orange Tsai (@orange_8361) of DEVCORE Research Team (@d3vc0r3)) zerodayinitiative.com/adviso…

Chinese-linked actors are targeting edge devices across Southeast Asia, leveraging DoH for C2 communications and large-scale DNS hijacking via iptables. See details: EN: qiita.com/Y4er/items/0b60717… CN: qiita.com/Y4er/items/549cfca…

There it is! Orange Tsai (@orange_8361) of DEVCORE Research Team was able to exploit Microsoft Exchange! If confirmed, they win a whooping $200,000 and 20 Master of Pwn points. Off to the disclosure room to explain how they did it and seal the deal. #Pwn2Own #P2OBerlin

The Internet is falling down, falling down, falling down Welcome back to another disaster - this time, an Auth Bypass in cPanel/WHM, tracked as CVE-2026-41940 Enjoy with us.. labs.watchtowr.com/the-inter…

Patch your Linux boxes! Copy.Fail is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms. Found by the teams at @theori_io and @xint_official More details below xint.io/blog/copy-fail-linux…

We promised we'd be back! Join us on our journey, from repro'ing N-days to stumbling into 0-days in SolarWinds Web Help Desk, eventually achieving pre-auth RCE. This research fuels the watchTowr Platform, our Preemptive Exposure Management technology. labs.watchtowr.com/buy-a-hel…

Ever wondered what happens when you pickle a mailbox? 🥒📬 (No, it’s not a recipe, it’s a vulnerability.) Our team breaks down CVE-2025-20393 in a new deep dive post covering root cause, internals & exploitation details starlabs.sg/blog/2026/01-pic… Written by @CurseRed & @bestswngs

Oracle E-Business Suite Authentication Bypass & RCE (CVE-2025-61882) vred.mbbank.com.vn/p/oracle-…

From Zero to SYSTEM: Building PrintSpoofer from Scratch - @bl4ckarch bl4ckarch.github.io/posts/Pr…

testbnull.medium.com/and-the… My note while trying to reproduce the famous react2shell bug, no WAF bypass and bugbountytips inside, I promise ;) Happy reading!

Oracle Cloud was breached in Jan 2025 through vulns in Oracle Access Manager. @SLCyberSec's Research team found a new pre-auth RCE vulnerability in Oracle Identity Manager (CVE-2025-61757). This is a critical vulnerability and is trivial to exploit. slcyber.io/research-center/b…

hot take: maybe instead of reporting vuln and getting cves, security nerds should just sell exploits that way devs won't need to bother with too much reports, only critical one that got exploited would need to be fixed. neat!

We have published our AttackerKB @rapid7 Analysis for the recent GoAnywhere MFT vuln, CVE-2025-10035. It's an access control bypass unsafe deserialization an as-yet unknown issue in how an attacker can know a specific private key! attackerkb.com/topics/LbA9AN…

NEED YOUR HELP! My Friend/Teacher Soroush (@irsdl) Is looking for a new company to join, you know him as the .NET-God, the guy who has popped exchange, sharepoint, has maintained ysoserial_.net for years, contributed to the exploitation scene numerous times, taught all of you about what .net ghost webshells are, taught you about what viewstate exploitation is, how .net remoting exploitation issues can be solved, iis cookieless, web_config exploitation, countless of blogs, talks, techniques,... but companies keep saying: "we aren't hiring right now!" if i was in position of hiring, woudln't wanna miss out on having one of THE BEST in my team you're retweet is Extremely appreciated ❤️‍🔥 soroush, if you see this, don't hate me, had to do it without telling you

I had the pleasure of working with the web team at DFSEC for the last 2 years. If you feel you are wasting your time finding web 0days for marketing, I suggest you try this role as it requires you to think more outside the box to solve the hardest problems in web app security!

We've added a new demo to NewRemotingTricks that makes deploying a MarshalByRefObject (e.g., WebClient) even easier: System.Lazy<T> creates an instance of T on serialization, which is probably more likely to be allowed than a XAML gadget getting through. github.com/codewhitesec/NewR…

Semi-controversial thoughts on the recent #SharePoint patch & CVE-2025-53770 (ToolShell or ToolPain 🥸): 🪟On Microsoft’s effort: I now believe MS genuinely tried to fix a flawed patch over the weekend before it was exploited by APTs. But several things went wrong beforehand: - The initial patch left known bypasses which could have been avoided by a bit of testing. - The original Defender workaround could also be bypassed. - MS must have known about the ExcelData gadget since at least 2020: srcincite.io/blog/2020/07/20… but didn’t block it proactively. - SP still relying on a blocklist that might be bypassed. ⌛️On exploitation of CVE-2025-53770: I haven’t seen credible signs the new variant was exploited before the second patch. I know the bypass chain, and none of the public payloads would have worked after the first patch. 🗞️On inaccurate information: This blog post is misleading imho: research.eye.security/sharep… - It has used CVE-2025-53770 instead of CVE-2025-49704. Anyone reading that blog post would think the new variants were being exploited too. - CVE-2025-49706 (auth check bypass) and its variant, CVE-2025-53771, won't do any good without the deserialization gadget afaik. - It doesn't explain that attackers do not need to write a file to exploit this. Although it is obvious to technical folks, it may not be so obvious to others especially if we are giving advice. - MS remains quiet on whether the vuln was exploited before the first patch. It would have been much better if MS could clear the water. 👎On the fallout: This will likely backfire on some researchers and vendors again due to inaccurate media hype even though this was a real N-day by the looks of it. The part bypassing ParseAssemblyQualifiedName is difficult to be figured out quickly after the patch though; perhaps there are some smart people amongst bad guys too. 🤥On GitHub noise and our community: GitHub is full of AI-generated or miscategorized PoCs for this vuln - e.g. github.com/kaizensecurity/CV… We as a infosec/cybersec community should be better than this. Many of us went after the credit without actually adding much value in addition to what was published already. I for one thought the bypasses are also being exploited too at some point last week (it was hard to verify them with all the noise and limited access to a working lab). I salute those amongst us who keep calm and keep the world safer - no headlines, no ego, just consistent work that makes a real difference.🫡

testbnull.medium.com/no-one-… A nasty hack to save your exiled server from being pwn Not a recommended way, but it can save your work sometime Have a good read!

Viettel Cyber Security Press Release for Customer alert, Latest research and Recommendations. Blog is comming viettelsecurity.com/microsof… #SharePoint #ToolShell

My research on CVE-2025-49113 is out. fearsoff.org/research/roundc…. Happy reading! #CVE #roundcube #poc @FearsOff