CVE-2026-5426: Mandiant Catches ViewState RCE Against KnowledgeDeliver LMS in Japan
Original: This article is an independent of “Exploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability” by Takahiro Sugiyama, Peter Revelant, and Mathew Potaczek, published on the Google Cloud Threat Intelligence (Mandiant) blog on May 25, 2026.
All incident-response work, IOCs, BLUEBEAM analysis, hunting queries, and the underlying disclosure (MNDT-2026-0009) are the work of the original authors…
https://core-jmp.org/2026/05/knowledgedeliver-viewstate-deserialization-cve-2026-5426/
Original: This article is an independent of “Exploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability” by Takahiro Sugiyama, Peter Revelant, and Mathew Potaczek, published on the Google Cloud Threat Intelligence (Mandiant) blog on May 25, 2026.
All incident-response work, IOCs, BLUEBEAM analysis, hunting queries, and the underlying disclosure (MNDT-2026-0009) are the work of the original authors…
https://core-jmp.org/2026/05/knowledgedeliver-viewstate-deserialization-cve-2026-5426/
🔥2👍1
OpenTrafficMap’s €20 ESP32-C5 Board Turns 802.11p V2X Into a Public Map of Traffic Lights and Buses
Original: This article is an independent of “OpenTrafficMap ESP32-C5 C-ITS receiver board can help improve traffic efficiency using 802.11p V2X communication” by Jean-Luc Aufranc (CNXSoft), published on CNX Software on May 24, 2026.
All hardware photos, deployment screenshots, the Graz Linux Days talk, and the underlying reporting are the work of the original author and…
https://core-jmp.org/2026/05/opentrafficmap-esp32-c5-cits-receiver-rewrite/
Original: This article is an independent of “OpenTrafficMap ESP32-C5 C-ITS receiver board can help improve traffic efficiency using 802.11p V2X communication” by Jean-Luc Aufranc (CNXSoft), published on CNX Software on May 24, 2026.
All hardware photos, deployment screenshots, the Graz Linux Days talk, and the underlying reporting are the work of the original author and…
https://core-jmp.org/2026/05/opentrafficmap-esp32-c5-cits-receiver-rewrite/
🔥7
CVE-2026-41873: Apache Pony Mail OAuth SSRF + Lua CRLF Smuggling = Unauthenticated Account Takeover
Original: This article is an independent of “(CVE-2026-41873) Apache Pony Mail CRLF Injection and SSRF Leading to Full Account Takeover”, by Li Jiantao and Tevel Sho, published on STAR Labs SG on 28 April 2026.
All vulnerability research, the PoC scripts, the Elasticsearch SQL exfiltration chain, the CRLF / HTTP-request-smuggling payload analysis, and the patch-diff…
https://core-jmp.org/2026/05/cve-2026-41873-apache-pony-mail-ssrf-crlf-rewrite/
Original: This article is an independent of “(CVE-2026-41873) Apache Pony Mail CRLF Injection and SSRF Leading to Full Account Takeover”, by Li Jiantao and Tevel Sho, published on STAR Labs SG on 28 April 2026.
All vulnerability research, the PoC scripts, the Elasticsearch SQL exfiltration chain, the CRLF / HTTP-request-smuggling payload analysis, and the patch-diff…
https://core-jmp.org/2026/05/cve-2026-41873-apache-pony-mail-ssrf-crlf-rewrite/
🔥6👍4
Gargoyle, A Decade Later: Josh Lospinoso’s Memory-Scanning Evasion Idea, Refreshed for 2026
Original: This article is an independent of “Gargoyle, a decade later” by Josh Lospinoso, published on lospino.so on May 13, 2026.
All research, framing, the 2017 original Gargoyle proof of concept, the 2026 refresh, and the discussion of the broader sleep-obfuscation / temporal-memory-state family belong to the original author. The post contains no published code…
https://core-jmp.org/2026/05/gargoyle-decade-later-josh-lospinoso-rewrite/
Original: This article is an independent of “Gargoyle, a decade later” by Josh Lospinoso, published on lospino.so on May 13, 2026.
All research, framing, the 2017 original Gargoyle proof of concept, the 2026 refresh, and the discussion of the broader sleep-obfuscation / temporal-memory-state family belong to the original author. The post contains no published code…
https://core-jmp.org/2026/05/gargoyle-decade-later-josh-lospinoso-rewrite/
🔥4
The epoll UAF: A Same-CPU Preemption Race in fs/eventpoll.c on Linux 6.6+
Original: This article is an independent of “The epoll uaf”, published on the personal blog at guysrd.github.io. Author not clearly listed on the source page — the site handle is guysrd, with no byline.
All vulnerability research, reverse engineering, the struct-offset table, the C excerpts from fs/eventpoll.c and the exploit-feasibility analysis are the work of…
https://core-jmp.org/2026/05/epoll-uaf-eventpoll-rcu-race-rewrite/
Original: This article is an independent of “The epoll uaf”, published on the personal blog at guysrd.github.io. Author not clearly listed on the source page — the site handle is guysrd, with no byline.
All vulnerability research, reverse engineering, the struct-offset table, the C excerpts from fs/eventpoll.c and the exploit-feasibility analysis are the work of…
https://core-jmp.org/2026/05/epoll-uaf-eventpoll-rcu-race-rewrite/
🔥3👍2
CVE-2021-21735: From Unauthenticated Information Leak to Full Admin Compromise on ZTE ZXHN H168N
Source & attribution. This is an original English rewrite of the writeup “Unauthenticated Information Leak to Full Admin Compromise on ZTE ZXHN H168N (CVE-2021-21735)” by Mina Zekry, published at minanagehsalalma.github.io. The accompanying public PoC repository is at github.com/minanagehsalalma/cve-2021-21735-zte-zxhn-h168n-admin-compromise. All technical observations, evidence images, code excerpts and the disclosure timeline are credited to the original author;…
https://core-jmp.org/2026/05/zte-zxhn-h168n-cve-2021-21735-admin-compromise/
Source & attribution. This is an original English rewrite of the writeup “Unauthenticated Information Leak to Full Admin Compromise on ZTE ZXHN H168N (CVE-2021-21735)” by Mina Zekry, published at minanagehsalalma.github.io. The accompanying public PoC repository is at github.com/minanagehsalalma/cve-2021-21735-zte-zxhn-h168n-admin-compromise. All technical observations, evidence images, code excerpts and the disclosure timeline are credited to the original author;…
https://core-jmp.org/2026/05/zte-zxhn-h168n-cve-2021-21735-admin-compromise/
👍5🔥4
Ghidra Basics: Reverse-Engineering Cobalt Strike Shellcode and Extracting the C2 Server
Source & attribution. This post is an original English rewrite of “How to Use Ghidra to Analyse Shellcode and Extract Cobalt Strike Command & Control Servers” by Matthew, published on Dec 08, 2023 at Embee Research (embeeresearch.io). All original screenshots are reproduced with attribution; the prose is paraphrased for core-jmp.org readers. For the canonical walkthrough,…
https://core-jmp.org/2026/05/ghidra-basics-shellcode-analysis-cobalt-strike/
Source & attribution. This post is an original English rewrite of “How to Use Ghidra to Analyse Shellcode and Extract Cobalt Strike Command & Control Servers” by Matthew, published on Dec 08, 2023 at Embee Research (embeeresearch.io). All original screenshots are reproduced with attribution; the prose is paraphrased for core-jmp.org readers. For the canonical walkthrough,…
https://core-jmp.org/2026/05/ghidra-basics-shellcode-analysis-cobalt-strike/
🔥16👍2
CVE-2026-40369: Arbitrary Kernel Address Increment via NtQuerySystemInformation
Source & attribution. This post is an original English rewrite of “Arbitrary Kernel Address Increment via NtQuerySystemInformation (CVE-2026-40369)” by Ori Nimron (@orinimron123), published at pwn2nimron.com. The full exploit source lives at github.com/orinimron123/CVE-2026-40369-EXPLOIT. A shorter news-style coverage was also published by Daily CyberSecurity (securityonline.info). All IDA decompilations, the PoC source, the crash dump, the affected-versions table…
https://core-jmp.org/2026/05/cve-2026-40369-arbitrary-kernel-address-increment/
Source & attribution. This post is an original English rewrite of “Arbitrary Kernel Address Increment via NtQuerySystemInformation (CVE-2026-40369)” by Ori Nimron (@orinimron123), published at pwn2nimron.com. The full exploit source lives at github.com/orinimron123/CVE-2026-40369-EXPLOIT. A shorter news-style coverage was also published by Daily CyberSecurity (securityonline.info). All IDA decompilations, the PoC source, the crash dump, the affected-versions table…
https://core-jmp.org/2026/05/cve-2026-40369-arbitrary-kernel-address-increment/
👍10🔥4😱2
Вчера на Linux тусе (Security of the linux kernel) мы как раз коллективно обсуждали нечто похожее, от hardware backdoors до дыр в sim-card
Ну так вот:
Сайты научились следить за юзерами через задержки в работе SSD
—PDF—
Ну так вот:
Сайты научились следить за юзерами через задержки в работе SSD
—PDF—
👍15🔥11😱6
CVE-2026-20182: Unauthenticated vHub Bypass in the Cisco Catalyst SD-WAN Controller
Original text: “CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)” — Jonah Burgess & Stephen Fewer, Rapid7 (May 14, 2026). Vendor advisory: cisco-sa-sdwan-rpa2-v69WY2SW. Code, tables and figures below are reproduced verbatim with attribution captions.
Executive Summary
CVE-2026-20182 is a critical (CVSS 10.0, CWE-287) authentication bypass in the Cisco Catalyst SD-WAN Controller — historically…
https://core-jmp.org/2026/05/cve-2026-20182-cisco-catalyst-sd-wan-vhub-auth-bypass/
Original text: “CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)” — Jonah Burgess & Stephen Fewer, Rapid7 (May 14, 2026). Vendor advisory: cisco-sa-sdwan-rpa2-v69WY2SW. Code, tables and figures below are reproduced verbatim with attribution captions.
Executive Summary
CVE-2026-20182 is a critical (CVSS 10.0, CWE-287) authentication bypass in the Cisco Catalyst SD-WAN Controller — historically…
https://core-jmp.org/2026/05/cve-2026-20182-cisco-catalyst-sd-wan-vhub-auth-bypass/
👍4🔥1😱1
Reverse Engineering for Beginners: Defeating an XOR Crackme on Windows x64
Original text: “Reverse Engineering For Beginners – XOR encryption – Windows x64” — Chetan Nayak, Network Intelligence (July 29, 2025). The original tutorial was first published at scriptdotsh.com in May 2018 and the source code lives at paranoidninja/ScriptDotSh-Reverse-Engineering. Code, screenshots, register/value tables and worked XOR examples below are reproduced verbatim with attribution captions.
Executive Summary…
https://core-jmp.org/2026/05/reverse-engineering-xor-encryption-windows-x64-beginners/
Original text: “Reverse Engineering For Beginners – XOR encryption – Windows x64” — Chetan Nayak, Network Intelligence (July 29, 2025). The original tutorial was first published at scriptdotsh.com in May 2018 and the source code lives at paranoidninja/ScriptDotSh-Reverse-Engineering. Code, screenshots, register/value tables and worked XOR examples below are reproduced verbatim with attribution captions.
Executive Summary…
https://core-jmp.org/2026/05/reverse-engineering-xor-encryption-windows-x64-beginners/
👍5🔥3😱1
Visual Studio Extensions Revisited: Building, Publishing, and Hunting Malicious VSIXs
Original text: “Visual Studio Extensions Revisited” — MDSec Research (research by Dominic Chell), MDSec (28/05/2026). Code, tables and figures below are reproduced verbatim with attribution captions.
Executive Summary
Three years after their original work on VS Code extensions for red-team initial access, MDSec revisits the larger sibling — Visual Studio proper — and finds the…
https://core-jmp.org/2026/05/visual-studio-extensions-revisited-malicious-vsix/
Original text: “Visual Studio Extensions Revisited” — MDSec Research (research by Dominic Chell), MDSec (28/05/2026). Code, tables and figures below are reproduced verbatim with attribution captions.
Executive Summary
Three years after their original work on VS Code extensions for red-team initial access, MDSec revisits the larger sibling — Visual Studio proper — and finds the…
https://core-jmp.org/2026/05/visual-studio-extensions-revisited-malicious-vsix/
👍5🔥4😱1
CVE-2025-61622: PyFory Insecure Pickle Deserialization to Remote Code Execution
Original text: “CVE-2025-61622: PyFory – Insecure Pickle Deserialization to Remote Code Execution” — SecureLayer7 Blog (May 28, 2026). Code blocks, screenshots and patch diff below are reproduced verbatim with attribution captions.
Executive Summary
CVE-2025-61622 is an unauthenticated remote code execution in PyFory (formerly PyFury / Apache Fory), an open-source high-performance Python serialization framework marketed as…
https://core-jmp.org/2026/05/cve-2025-61622-pyfory-pickle-deserialization-rce/
Original text: “CVE-2025-61622: PyFory – Insecure Pickle Deserialization to Remote Code Execution” — SecureLayer7 Blog (May 28, 2026). Code blocks, screenshots and patch diff below are reproduced verbatim with attribution captions.
Executive Summary
CVE-2025-61622 is an unauthenticated remote code execution in PyFory (formerly PyFury / Apache Fory), an open-source high-performance Python serialization framework marketed as…
https://core-jmp.org/2026/05/cve-2025-61622-pyfory-pickle-deserialization-rce/
😱3🔥1
Calif’s AI Audit of FreeBSD: 15 Kernel Bugs (3 RCEs, 5 LPEs, 1 bhyve Escape) and Three Public CVE Writeups
Original text: “An AI audit of FreeBSD — 15 kernel bugs, including 3 RCEs, 5 LPEs, and 1 bhyve escape” — Calif (publication; no individual byline), blog.calif.io (May 28, 2026). The PoC repositories on GitHub are califio/publications/MADBugs/freebsd. Demo GIFs below are reproduced verbatim with attribution captions.
Executive Summary
Calif — a small AI-security shop —…
https://core-jmp.org/2026/05/calif-ai-audit-freebsd-cve-2026-45250-45251-45253/
Original text: “An AI audit of FreeBSD — 15 kernel bugs, including 3 RCEs, 5 LPEs, and 1 bhyve escape” — Calif (publication; no individual byline), blog.calif.io (May 28, 2026). The PoC repositories on GitHub are califio/publications/MADBugs/freebsd. Demo GIFs below are reproduced verbatim with attribution captions.
Executive Summary
Calif — a small AI-security shop —…
https://core-jmp.org/2026/05/calif-ai-audit-freebsd-cve-2026-45250-45251-45253/
😱5🔥1
Writing Sync, Popping Cron: A Novel SQLite-Injection-to-Cron RCE on Synology BeeStation (CVE-2024-50629/50630/50631)
Original text: “Writing Sync, Popping Cron: DEVCORE’s Synology BeeStation RCE & A Novel SQLite Injection RCE Technique (CVE-2024-50629~50631)” — Kiddo (handle kiddo-pwn), personal blog (November 30, 2025). Underlying vulnerability research is credited to DEVCORE’s Pwn2Own Ireland 2024 entry; the SQLite-into-cron RCE primitive is Kiddo’s N-day contribution. Code blocks, hex dumps, log fragments and figures below…
https://core-jmp.org/2026/05/kiddo-pwn-synology-beestation-sqlite-cron-rce-cve-2024-50629-50631/
Original text: “Writing Sync, Popping Cron: DEVCORE’s Synology BeeStation RCE & A Novel SQLite Injection RCE Technique (CVE-2024-50629~50631)” — Kiddo (handle kiddo-pwn), personal blog (November 30, 2025). Underlying vulnerability research is credited to DEVCORE’s Pwn2Own Ireland 2024 entry; the SQLite-into-cron RCE primitive is Kiddo’s N-day contribution. Code blocks, hex dumps, log fragments and figures below…
https://core-jmp.org/2026/05/kiddo-pwn-synology-beestation-sqlite-cron-rce-cve-2024-50629-50631/
😱3🔥2
Writing Sync, Popping Cron: A Novel SQLite-Injection-to-Cron RCE on Synology BeeStation (CVE-2024-50629/50630/50631)
Original text: “Writing Sync, Popping Cron: DEVCORE’s Synology BeeStation RCE & A Novel SQLite Injection RCE Technique (CVE-2024-50629~50631)” — Kiddo (handle kiddo-pwn), personal blog (November 30, 2025). Underlying vulnerability research is credited to DEVCORE’s Pwn2Own Ireland 2024 entry; the SQLite-into-cron RCE primitive is Kiddo’s N-day contribution. Code blocks, hex dumps, log fragments and figures below…
https://core-jmp.org/2026/05/kiddo-pwn-synology-beestation-sqlite-cron-rce-cve-2024-50629-50631/
Original text: “Writing Sync, Popping Cron: DEVCORE’s Synology BeeStation RCE & A Novel SQLite Injection RCE Technique (CVE-2024-50629~50631)” — Kiddo (handle kiddo-pwn), personal blog (November 30, 2025). Underlying vulnerability research is credited to DEVCORE’s Pwn2Own Ireland 2024 entry; the SQLite-into-cron RCE primitive is Kiddo’s N-day contribution. Code blocks, hex dumps, log fragments and figures below…
https://core-jmp.org/2026/05/kiddo-pwn-synology-beestation-sqlite-cron-rce-cve-2024-50629-50631/
😱5🔥1
Gogs Authenticated RCE via git rebase –exec Argument Injection (Unpatched)
Original text: “Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code” — The Hacker News (May 28, 2026). The deep technical content is drawn from the canonical Rapid7 advisory by Jonah Burgess at rapid7.com. Code snippets and the disclosure timeline below are reproduced verbatim with attribution.
Executive Summary
Rapid7’s Jonah Burgess has disclosed…
https://core-jmp.org/2026/05/gogs-rce-git-rebase-exec-argument-injection-unpatched/
Original text: “Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code” — The Hacker News (May 28, 2026). The deep technical content is drawn from the canonical Rapid7 advisory by Jonah Burgess at rapid7.com. Code snippets and the disclosure timeline below are reproduced verbatim with attribution.
Executive Summary
Rapid7’s Jonah Burgess has disclosed…
https://core-jmp.org/2026/05/gogs-rce-git-rebase-exec-argument-injection-unpatched/
🔥4😱3
Eventvwr.exe UAC Bypass via mscfile: Anatomy of a Classic HKCU Registry Hijack
Original text: “Eventvwr.exe UAC Bypass via mscfile” — S12 – 0x12Dark Development, Medium (May 28, 2026). The bypass technique itself was originally documented publicly in 2016 by Matt Nelson (@enigma0x3); it is catalogued as MITRE ATT&CK technique T1548.002. C++ source, AV scan table and figures below are reproduced verbatim with attribution captions.
Executive Summary
The…
https://core-jmp.org/2026/05/eventvwr-uac-bypass-mscfile-hkcu-hijack/
Original text: “Eventvwr.exe UAC Bypass via mscfile” — S12 – 0x12Dark Development, Medium (May 28, 2026). The bypass technique itself was originally documented publicly in 2016 by Matt Nelson (@enigma0x3); it is catalogued as MITRE ATT&CK technique T1548.002. C++ source, AV scan table and figures below are reproduced verbatim with attribution captions.
Executive Summary
The…
https://core-jmp.org/2026/05/eventvwr-uac-bypass-mscfile-hkcu-hijack/
😱6🔥5