Microsoft Softens Stance After Public Feud with 0-Day Researcher

Microsoft has backpedaled in its public feud with a 0-day researcher, easing tensions with the security community after facing criticism for its aggressive stance. The tech giant now explicitly assures that vulnerability hunters are not in its legal crosshairs.

https://osintsights.com/microsoft-softens-stance-after-public-feud-with-0-day-researcher?utm_source=mastodon&utm_medium=social

#ZeroDay #VulnerabilityResearch #Microsoft #Redmond #EmergingThreats

FreeBSD 15.1-RC1 is out — and one detail stands out: the release notes mention AI-discovered security issues being patched.

AI-assisted fuzzing and vulnerability discovery is quietly becoming part of the release pipeline. Worth watching how this shifts the baseline for what gets caught before shipping.

#FreeBSD #infosec #VulnerabilityResearch
https://www.phoronix.com/news/FreeBSD-15.1-RC1

Security Researchers Uncover 47 Zero-Days at Pwn2Own Berlin

In a thrilling three-day competition, security researchers at Pwn2Own Berlin uncovered a staggering 47 zero-day vulnerabilities, raking in nearly $1.3 million in prize money, with the Devcore Research Team taking home a whopping $505,000. The top prizes included a $200,000 award for a VMware ESXi exploit and a $100,000 prize for a…

https://osintsights.com/security-researchers-uncover-47-zero-days-at-pwn2own-berlin?utm_source=mastodon&utm_medium=social

#ZeroDay #Pwn2ownBerlin #VulnerabilityResearch #ExploitDevelopment #Trendai

Security Flaws Exposed in Popular Database Projects' MCP Servers

Critical security flaws have been uncovered in MCP servers used by popular analytics databases, leaving them vulnerable to risks like SQL injection and full database takeover due to faulty validation and authentication processes. These defects, discovered by Akamai security analyst Tomer Peled, highlight a…

https://osintsights.com/security-flaws-exposed-in-popular-database-projects-mcp-servers?utm_source=mastodon&utm_medium=social

#VulnerabilityResearch #McpServers #DatabaseSecurity #AiApplications #ModelContextProtocol

Day 5 — CSRF Token Bypass using GET Request
This article discusses a Cross-Site Request Forgery (CSRF) vulnerability where an attacker can bypass CSRF tokens by manipulating GET requests. The root cause is inconsistent validation of CSRF tokens across HTTP methods, particularly on GET requests. In this case, the application incorrectly validated CSRF tokens for GET requests but did so correctly for POST requests. By modifying a legitimate request to use the GET method and moving parameters into the URL, the researcher discovered that the server did not validate the CSRF token. The attack involves creating an HTML PoC (proof-of-concept) with JavaScript to automatically submit the modified request, exploiting the victim without their interaction. This vulnerability emphasizes the importance of consistent validation for CSRF tokens across all HTTP methods. Key lesson: Validate CSRF tokens consistently regardless of HTTP method to maintain security. #BugBounty #WebSecurity #CSRF #VulnerabilityResearch

https://smartpicks4u.medium.com/day-5-csrf-token-bypass-using-get-request-791cba29812d?source=rss

AI Models Accelerate Vulnerability Research, Raising Cybersecurity Risks

Commercial AI models are rapidly advancing vulnerability research and exploit development, cutting the time from discovery to exploitation and significantly raising the stakes for cybersecurity. This emerging trend poses new and heightened risks for the industry.

https://osintsights.com/ai-models-accelerate-vulnerability-research-raising-cybersecurity-risks?utm_source=mastodon&utm_medium=social

#AiModels #VulnerabilityResearch #CybersecurityRisks #EmergingThreats #ExploitDevelopment

Claude Opus 4.7 and Cyber Verification Programme

https://islandinthenet.com/claude-opus-4-7-and-cyber-verification-programme/

Microsoft Awards $2.3M for Cloud and AI Flaws Uncovered in Zero Day Quest Hacking Contest

Microsoft just took a bold step towards securing our digital future by awarding $2.3 million to researchers who uncovered critical cloud and AI flaws in its Zero Day Quest hacking contest, showcasing the power of incentive-driven vulnerability discovery. Nearly 700 submissions poured in,…

https://osintsights.com/microsoft-awards-23m-for-cloud-and-ai-flaws-uncovered-in-zero-day-quest-hacking?utm_source=mastodon&utm_medium=social

#ZeroDayQuest #CloudSecurity #ArtificialIntelligence #VulnerabilityResearch #BugBounty

The Exploiting Reversing Series (ERS) currently features 945 pages of exploit development based on real-world targets:

[+] ERS 08: https://exploitreversing.com/2026/03/31/exploiting-reversing-er-series-article-08/
[+] ERS 07: https://exploitreversing.com/2026/03/04/exploiting-reversing-er-series-article-07/
[+] ERS 06: https://exploitreversing.com/2026/02/11/exploiting-reversing-er-series-article-06/
[+] ERS 05: https://exploitreversing.com/2025/03/12/exploiting-reversing-er-series-article-05/
[+] ERS 04: https://exploitreversing.com/2025/02/04/exploiting-reversing-er-series-article-04/
[+] ERS 03: https://exploitreversing.com/2025/01/22/exploiting-reversing-er-series-article-03/
[+] ERS 02: https://exploitreversing.com/2024/01/03/exploiting-reversing-er-series-article-02/
[+] ERS 01: https://exploitreversing.com/2023/04/11/exploiting-reversing-er-series/

In the coming weeks, I will publish new articles covering exploration in areas such as Windows, Chrome, iOS/macOS, and hypervisors.

I sincerely hope these articles help other professionals define their own steps in this area.

Have a great day and enjoy reading.

#exploit #exploitation #windows #chrome #macOS #iOS #hypervisors #vulnerabilityresearch