9 Photos and videos
Huge Instagram exploit going around where threat actors are social engineering meta employees and spoofing ip addresses to force password resets and take over accounts. Make sure your MFA is setup, the username @hey was stolen.
I personally just had an account recovery code emailed to me, was logged out of my account and received a 2FA text
#instagram
#exploit
4
3
12
2,642
Microsoft Warns Against Public Release of Zero-Day Details Before Vendor Coordination.
patch tuesday came early. assume mass scanning starts within 48h.
#Microsoft #0day
valtikstudios.com/blog
2
2
259
cpanel dropped CVE-2026-48172. privilege escalation, CVSS high, actively exploited in the wild.
if you operate shared hosting with WHM open, block external access to the affected endpoint until patched.
#ActiveExploitation #PrivEsc #SharedHosting
valtikstudios.com
1
1
181
Windows Kernel Vulnerability Lets Attackers Modify Kernel Memory Counters.
kernel CVEs cascade. patch the host, expect container escapes to follow within days.
#CVE-2026-40369
valtikstudios.com
1
1
89
CISA gives feds 4 days to patch actively exploited cPanel plugin flaw.
if CISA's calling it out, your auditors will too. patch ahead of the next compliance review.
#ActiveExploitation #SharedHosting
valtikstudios.com/blog/cpane…
1
1
56
github CVE-2026-44789: RCE.
cloud misconfigs scale your blast radius by every region you operate in. audit IAM first.
#GitHub #RCE #CVE-2026-44789
valtikstudios.com
2
2
111
cisco did the thing the privacy policy said they wouldnt. significant scale.
the thing they swore wasnt happening was happening the entire time.
#Cisco #AuthBypass #CVE-2026-20182
valtikstudios.com/blog
1
1
119
wordpress CVE-2026-8181: auth bypass.
shared hosting outdated CMS = a botnet recruitment ad. assume compromise if you cant patch fast.
#AuthBypass #WordPress #CVE-2026-8181
valtikstudios.com
1
1
86
microsoft CVE-2026-40361: RCE.
patch tuesday came early. assume mass scanning starts within 48h.
#Microsoft #RCE #AIsecurity #CVE-2026-40361
valtikstudios.com/blog
2
2
140
if you run microsoft, patch tonight. CVE-2026-32185 weaponized, CVSS high.
workaround: block external access to the affected endpoint until patched.
#Microsoft #PatchTuesday #CVE-2026-32185
valtikstudios.com/blog
1
1
65
microsoft dropped CVE-2025-48804. an unauth bug, CVSS high, exploit available.
if you have microsoft in your stack, block external access to the affected endpoint until patched.
#Microsoft #0day #CVE-2025-48804
valtikstudios.com/blog
1
1
701
if you ran npm install on a tanstack package today, your laptop is rigged to self-destruct the moment you try to revoke your aws keys. not a joke. it's already in 42 packages with 12M weekly downloads. here's what happened and how to clean up without bricking your machine:
valtikstudios.com/blog/tanst…
1
3
88
metinfo CVE-2026-29014: unauth PHP code injection. CVSS 9.8. exploited since early April.
if you run shared hosting, find your metinfo installs:
find /home/*/public_html -name metinfo.php 2>/dev/null
#CodeInjection #CVE-2026-29014
valtikstudios.com/blog/metin…
1
1
108
apache CVE-2026-23918: double-free in mod_http2. apache calls it "possible RCE", CVSS 8.8.
"possible" is doing work. that bug class is reliable RCE in skilled hands. PoCs land in 2-3 weeks.
workaround if you can't patch: Protocols http/1.1
#Apache #RCE
valtikstudios.com
1
1
135
cpanel dropped CVE-2026-41940. auth bypass, CVSS 9.8, exploit available.
if you operate shared hosting with WHM open, block external access to the affected endpoint until patched.
#AuthBypass #SharedHosting #CVE-2026-41940
valtikstudios.com/blog/cpane…
1
1
104
new phishing campaign: real Google/Outlook calendar invites, signed by the platform.
landing page steals creds TOTP, relays live to M365. variants drop signed RMM installers.
FIDO2 keys break the kill chain.
#phishing #M365
valtikstudios.com/blog
1
2
68