CVE-2026-21858 + CVE-2025-68613: n8n Ni8mare - Full Chain Exploit

Unauthenticated to Root RCE:
- LFI via Content-Type confusion
- Read /proc/self/environ to find HOME
- Steal encryption key + database
- Forge admin JWT token
- Expression injection sandbox bypass
- RCE as root

CVSS 10.0

https://github.com/Chocapikk/CVE-2026-21858

Well Discord seems to be banned in Egypt 🇪🇬

Unfortunately as everything has a good side it has a bad one as well 😔

https://eg.downdetector.com/status/discord/

Be careful ! about what you are clicking these days
Don't click any usernames from untrusted sources because one click can expose your IP address to the attackers servers via a fake proxy initialized before by the attacker

Shared from https://www.facebook.com/Sir.MaTrix

@reverseengineer101

The Proof of Concept (PoC)
https://github.com/g0vguy/Telegram_1-Click_Vulnerability

Thanks for RHine for sharing ❤️

Claude AI is down

After what we saw from cloudflare at the end of 2025 will Claude be the same 😂
As some people say DaaS (Downtime As A Service)

Be updated on https://status.claude.com/

This must be a joke 😂

How to say our app can be a Trojan without saying 😁

Anyway that is why I always advise you not to install anything on your device
I don't have any personal issues with the app manufacture, but I had say my opinion from a security perspective
#stay_safe_stay_secure

@reverseengineer101

Well thank you ❤️

HackerAI is now available on Mac, Linux, and Windows.

hackerai.co/download

Github
https://github.com/hackerai-tech/hackerai

Shared by @reverseengineer101

BITNET an AI model can run locally introduced by Microsoft and it can run with limited resources (cpu, ram,...) people say you can run it using your old PC

https://github.com/microsoft/BitNet

Shared by @reverseengineer101

Microsoft Windows and Privacy 🔏 🫤

https://youtube.com/shorts/eJ28htLZxvA

Chinese hackers have hacked American Telecommunications Companies

In a process called Salt Typhoon, Chinese Hackers has intercepted some calls and compromised millions of metadata records after hacking the American Telecommunications Companies from 2 years before now unnoticed which make it one of the biggest security flaws have occurred.

Experts say it's mostly sponsored by the Chinese Government for spying and politics related reasons

Salt Typhoon Hacks of Telecommunications Companies and Federal Response Implications (American Congress)

@reverseengineer101

New Critical WhatsApp Vulnerability

Immediately stop WhatsApp automatic media download, Google wars users that their devices can be hacked through WhatsApp with a 0-click Vulnerability discovered in WhatsApp

Resources:

Forbes:
https://www.forbes.com/sites/zakdoffman/2026/01/26/google-issues-whatsapp-attack-warning-for-all-android-users/

Malwarebytes:
https://www.malwarebytes.com/blog/news/2026/01/a-whatsapp-bug-lets-malicious-media-files-spread-through-group-chats

@reverseengineer101

a Threat Actor called "quellostanco" claims that he has stolen a full EgyptAir database.

The database mentioned has 104K records related to HR section including sensitive employees data as he say

@reverseengineer101

Ramadan Kaream all ❤️

Intigriti Challenge 0226

CTF solved ✓

The write up will be disclosed ASAP the challenge finishes 🏁

@reverseengineer101

Now The Challenge Is Finished ! 🔥

You Can Watch The Full Walkthrough Video on YouTube
https://youtu.be/fDLTvOayNEk

Or You Can Read The Writeup On Medium
https://medium.com/@mohamedabozaid961/intigriti-challenge-0226-write-up-dbf9146dc1f4

#CTF #Cybersecurity #intigriti

@reverseengineer101