CVE-2026-21858 + CVE-2025-68613: n8n Ni8mare - Full Chain Exploit

Unauthenticated to Root RCE:
- LFI via Content-Type confusion
- Read /proc/self/environ to find HOME
- Steal encryption key + database
- Forge admin JWT token
- Expression injection sandbox bypass
- RCE as root

CVSS 10.0

https://github.com/Chocapikk/CVE-2026-21858

Hello everyone, DarkShadow is back.

I want to clarify one important thing:

Quality or Quantity?

In my opinion, quality always matters more than quantity.

I focus on sharing content that actually matters, even if it takes time.
Your understanding and support are always appreciated.❤️

Guy's check out my new post on our BugBounty POC channel 👇🏼

Bug: passive vertical privilege escalation
Severity: 9.8 (critical)

https://t.me/brutsecurity_poc/220

Hey Hunter's,

Do you guys want to learn about how "Google Authenticator" actually works? And how we can bypass it...

If you guys are interested I'll share a detail write-up about the work flow and the bypass method of Google Authenticator 2FA.

Share Your opinion here @brutsec

~DarkShadow

🚨 Brut Security | Feb 2026 – Enrollments Open 🚨

Ready to step into cybersecurity the right way?

🔥 Courses Available
• Ethical Hacking
• Web Penetration Testing
• Bug Bounty Hunting
• SOC / SIEM (Blue Team)

💻 Live training + practical labs
🧠 Real-world attack & defense mindset
🎯 Limited seats only

📅 Batch Starts: February 2026

If you’re serious about skills, not certificates — this is for you.

📩 DM Brut Security to enroll

Argus: A Python-based toolkit for Information Gathering & Reconnaissance #OSINT

GitHub: github.com/jasonxtn/Argus

🚨 CVE-2026-22794: Critical Appsmith Flaw Allows Account Takeover.
🔥PoC -https://github.com/appsmithorg/appsmith/security/advisories/GHSA-7hf5-mc28-xmcv

Hey Hunter's,
DarkShadow is here back again!

hunting backup is a underestimate vulnerability which missed by many bug bounty hunters.

Find API endpoints via reading js or api documentation (if available). Then play with various request methods (e g. GET, POST)

also you might use my this provided simple and effective Wordlist:

/api/v1/backup/create
/api/v1/backup/export
/api/v1/backup/download/{id}
/api/v1/backup/restore
/api/v1/backup/schedule
/api/v1/backup/config
/api/setup/backup
/api/admin/system/backup/run
/api/manage/backup/snapshot
/api/settings/maintenance/backup
/api/system/export-data
/api/db/backup/start
/api/db/dump
/api/v1/database/snapshot
/api/v1/sql/backup
/api/v1/storage/archive
/api/v1/sync/backup
/api/v1/volumes/{id}/snapshot
/api/v1/backups/checkpoints



Guys I'll soon upload a detailed write-up about "Google Authenticator" workflow fundamentals and chain reaction for bypass it. Until show your love ❤️

#bugbountytips #missconfig

100+ N8N Security workflow & automation✨

For Red/Blue/AppSec workflows, integrations, and ready-to-run playbooks.

https://github.com/0xSojalSec/n8n-Red-Blue-AppSec-workflows

#infosec #cybersec #bugbounty

Automates enumeration and recon scans in the background

https://github.com/21y4d/nmapAutomator

Hey everyone! We’ve officially updated the Brut Security branding. We wanted something more minimal, eye-catching, and "cyber."

Check out the new orange-red glow. Does it hit the mark for you?

Drop a 🔥 if you love it, or let us know your thoughts in the comments!

🔓 Google released Net-NTLMv1 rainbow tables that enable cracking password hashes in under 12 hours using consumer hardware.

🔗 Learn more here