ISC BIND vulnerability discovered and disclosed by Marlink Cyber #MarlinkCyber #ISCBIND #DenialOfService #DNS #SecurityPatch https://marlink.com/resources/knowledge-hub/isc-bind-vulnerability-discovered-and-disclosed-by-marlink-cyber/
Marlink | Managed Service Provider | Possibility Enablers
ISC BIND vulnerability discovered and disclosed by Marlink Cyber
Responsible research and collaboration in support of critical infrastructure
Certificate Transparency as Communication Channel #CertificateTransparency #HiddenData #CovertChannel #RSAKeys #ImmutableLogs https://latedeployment.github.io/posts/certificate-transparency-as-communication-channel/
A lazy blog
Certificate Transparency as Communication Channel
This is part three of the Certificate Transparency series.
Introduction
Described here is a way to leverage the infrastructure used to validate certificates in order to distribute messages through the Certificate Transparency Logs.
Introduction
Described here is a way to leverage the infrastructure used to validate certificates in order to distribute messages through the Certificate Transparency Logs.
Bypassing Windows Administrator Protection #WindowsSecurity #AdministratorProtection #UACBypass #ProjectZero #KernelVulnerability https://projectzero.google/2026/26/windows-administrator-protection.html
projectzero.google
Bypassing Windows Administrator Protection
A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protecti...
Corrupting the Hive Mind: Persistence Through Forgotten Windows Internals #Swarmer #WindowsPersistence #EDREvasion #OfflineRegistry #MandatoryProfiles https://www.praetorian.com/blog/corrupting-the-hive-mind-persistence-through-forgotten-windows-internals/
Praetorian
Corrupting the Hive Mind: Persistence Through Forgotten Windows Internals
Swarmer enables stealthy Windows registry persistence by exploiting mandatory user profiles and the Offline Registry API to bypass EDR detection. Learn how this technique leverages NTUSER.MAN files to modify the registry without triggering standard API monitoring.
CVE-2025-40551: Another Solarwinds Web Help Desk Deserialization Issue #SolarWindsWHD #RCEVulnerability #DeserializationIssue #PatchBypass #CVE202540551 https://horizon3.ai/attack-research/cve-2025-40551-another-solarwinds-web-help-desk-deserialization-issue/
Horizon3.ai
CVE-2025-40551: SolarWinds WHD RCE
Horizon3.ai discovered multiple vulnerabilities in SolarWinds Web Help Desk that enable unauthenticated remote code execution.
General Graboids: Worms and Remote Code Execution in Command & Conquer #CommandAndConquer #GameVulnerabilities #RemoteCodeExecution #P2PWorm #SecurityResearch https://www.atredis.com/blog/2026/1/26/generals
Atredis Partners
General Graboids: Worms and Remote Code Execution in Command & Conquer — Atredis Partners
[this work was conducted collaboratively by Bryan Alexander and Jordan Whitehead] This post details several vulnerabilities discovered in the online game Command & Conquer: Generals. We recently presented some of this work at an information security conference…
ZK credential sharing #ShareMyLogin #ZeroKnowledge #CredentialSharing #SecureSharing #PrivacyTech https://sharemylogin.com/
Sharemylogin
ShareMyLogin | Zero-Knowledge Credential Sharing
Share passwords and credentials securely with self-destructing, encrypted links. Zero-knowledge encryption means we never see your data.
One-click RCE on OpenClaw in under 2 hours with an Autonomous Hacking Agent https://ethiack.com/news/blog/one-click-rce-openclaw
Ethiack
One-click RCE on OpenClaw in under 2 hours with an Autonomous Hacking Agent | Ethiack — Autonomous Ethical Hacking for continuous…
Our AI pentester, Hackian, found a RCE on Openclaw by hacking it fully autonomously in under 2 hours. Learn how and read the logs in this blog.
Cybersecurity AI: A Game-Theoretic AI for Guiding Attack and Defense #CybersecurityAI #GameTheoretic #AttackDefense #LLMGuidance #StrategicAI https://arxiv.org/abs/2601.05887
arXiv.org
Cybersecurity AI: A Game-Theoretic AI for Guiding Attack and Defense
AI-driven penetration testing now executes thousands of actions per hour but still lacks the strategic intuition humans apply in competitive security. To build cybersecurity superintelligence...
Exploiting a PHP Object Injection in Profile Builder Pro in the era of AI #PHPObjectInjection #ProfileBuilderPro #WordPressSecurity #RemoteCodeExecution #AIAssistedExploit https://blog.sicuranext.com/exploiting-a-php-object-injection-in-profile-builder-pro-in-the-era-of-ai/
Sicuranext Blog
Exploiting a PHP Object Injection in Profile Builder Pro in the era of AI
WordPress plugin "Profile Builder Pro" (versions before 3.14.5) is susceptible to Unauthenticated PHP Object Injection. In this blog post, we discuss how we discovered and exploited the vulnerability using a novel POP chain, how AI helped in the process,…