HAIJA INTEL REPORT

Amaze! Amaze! Amaze! @orange_8361 of DEVCORE Research Team was able to exploit Edge with a sandbox escape! If confirmed, we wins $175K. He's off to the disclosure room to explain how he did it. #Pwn2Own #P2OBerlin

Claude helped me with this bug too but in a different way... Tried to gaslight me saying it wasn’t ~exploitable in practice~ and I got obsessed with proving it wrong Confirmed! @chompie1337 of IBM X-Force Offensive Research (XOR) used a race condition to escalate privileges on Re

AI-pentest companies get significant marketing value from publishing findings attributed to their products. In The HTTP Terminator, I’ll include the other side - the techniques and breakthroughs that AI consistently fumbles. security research now has this weird incentive where fi

That's my chain - a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all Confirmed! Orange Tsai (@orange_8361) of DEVCORE Research Team (@d3vc0r3) chained 4 logic bugs to achieve a sandbox escape on Microsoft Edge, earning $175,000 and 17

New DFIR Labs case drops this weekend! ClickFix → RomComRAT → Domain Compromise (Private Case #35646) Hard | 30 Qs + 5 bonus Nine-day op: fake CAPTCHA lure, custom RAT implants, credential theft, mass exfil. New Splunk + Elastic dashboards included. Launch

Always good to hear about people having fun triggering race conditions with the single-packet attack! Recently performed a Pentest of a hybrid perp DEX. Found several issues, but one critical stood out: a race condition in the close-position logic that turned a 100 USDT position

In Episode 5 of Hacktics and Telemetry, @fulmetalpackets & @_CryptoCat talk zero-click XSS vulns (featuring @J0R1AN ), bug bounty updates, Copyfail, and @metasploit 's new MCP server Full video on YouTube: https:// r-7.co/49wOqG9 Audio on Spotify: https:// r-7.co/436KHLS

vx-underground @vxunderground · 11h Quote b0t @bot59751939 · 15h Article Apache Shiro RCE 0day on default config Hi everyone, This is a one off article with what appears to me to be a 0day for Apache Shiro, which is an authentication platform. Though this works, I would say it do