GPUBreach Attack Enables Full System Takeover via GPU Memory Bit-Flips
https://abit.ee/en/cybersecurity/viruses-trojans-and-other-malware/gpubreach-rowhammer-nvidia-gddr6-vulnerability-privilege-escalation-cybersecurity-news-en
#InformationSecurity #HardwareHacking #GPU #VulnerabilityResearch #CyberSecurity
Keep clicking that "check for updates" button. The pressure is now higher than ever 👹
https://neilalexander.dev/2026/03/31/llms-vulnerability-disclosure
It seems that there is no group of people more divided by the rise of LLMs than developers. Debates on whether LLMs are going to help us work, improve our lives, replace us outright or kill us all are certainly not new, but they rarely end with a consensus. One thing that’s becoming evident, however, is that AI is becoming unavoidable, especially within the open source industry. LLMs have advanced significantly in 2026 alone, with Claude Code, Codex and others now showing a surprising ability not just to write simple boilerplate but to also understand and work on complex interactions and nuances in substantial codebases.
🏴☠️ Least privilege? FuelCMS didn't get the memo.
Any authenticated user (regardless of role) can call the Blocks module endpoint. Pair that with PTT-2025-026 and a low privilege (one could even say zero-permission) account becomes full RCE. CVSSv3 goes from 5.4 to 8.8 faster than you can say "access denied."
No patch. ~4 years of unmaintained software. You know the drill.
Matei "Mal" Bădănoiu and Raul Bledea found the gap. Full PoC can be found in our Offensive Security Research Hub: https://pentest-tools.com/research
"In a post-attention-scarcity world, successful exploit developers won’t carefully pick where to aim. They’ll just aim at everything. Operating systems. Databases. Routers. Printers. These kinds of targets run everywhere, including in every regional bank and hospital chain in North America. To patch them, someone has to get in a car, drive somewhere inconvenient, and push a physical button.
These weak points were priced into everyone’s cost of doing business. If a criminal exploits one, they win a ransomware heist. But lucrative as ransomware is, it’s not the jackpot earned from a reliable Chrome drive-by. So elite talent doesn’t bother. That load-bearing bit of risk analysis is built into every IT shop in North America. It no longer holds.
Now consider the poor open source developers who, for the last 18 months, have complained about a torrent of slop vulnerability reports. I’d had mixed sympathies, but the complaints were at least empirically correct. That could change real fast. The new models find real stuff. Forget the slop; will projects be able to keep up with a steady feed of verified, reproducible, reliably-exploitable sev:hi vulnerabilities? That’s what’s coming down the pipe.
Everything is up in the air. The industry is sold on memory-safe software, but the shift is slow going. We’ve bought time with sandboxing and attack surface restriction. How well will these countermeasures hold up? A 4 layer system of sandboxes, kernels, hypervisors, and IPC schemes are, to an agent, an iterated version of the same problem. Agents will generate full-chain exploits, and they will do so soon.
Meanwhile, no defense looks flimsier now than closed source code. Reversing was already mostly a speed-bump even for entry-level teams, who lift binaries into IR or decompile them all the way back to source."
https://sockpuppet.org/blog/2026/03/30/vulnerability-research-is-cooked/
#CyberSecurity #VulnerabilityResearch #AI #LLMs #VibeCoding #Programming #SoftwareDevelopment
Looking at /r/netsec @_r_netsec , one of the recent post is about "Vulnerability Research is Cooked".
Wow, such a scary title tbh. The author viewed this because on how become insanely good LLMs are at finding vulnerabilities.
When asked to Nicolas Carlini from Antropic, he said he only asked Claude to explore the repo, find possible bug, and validate it. And it is mostly valid vuln.
The author also explored the counterpoint, but only going on to the "agree to disagree" thing.
But one thing for certain, that regulation always fucked things up.
I want to find hopium regarding this, but I am no vulnerability researcher. So I can't really say about hopium. Nor, I agree with what this post said.
But, I agree for certain that the industry shift is here, and nothing will be doomed. We only move to another region.
https://sockpuppet.org/blog/2026/03/30/vulnerability-research-is-cooked/
#cybersecurity #infosec #vulnerability #vulnerabilityresearch
One does not simply exfiltrate a reset token using an email array.
And yet, Frodo (Matei "Mal" Bădănoiu) and Samwise (Raul Bledea) from Pentest-Tools.com did exactly that in FuelCMS.
Know someone's email? That's enough. Slip your address alongside theirs in a “forgot password” request and the token lands in your inbox. Their account is yours. You shall not (safely) parse!🧙
Chain it with PTT-2025-026 and you're looking at a 9.8 Critical unauthenticated RCE. One array to rule them all! 💍
Full PoC here: https://pentest-tools.com/research
#offensivesecurity #vulnerabilityresearch #infosec #accounttakeover
ZAST engine has identified and verified CVE-2026-1829 in Content Visibility for Divi Builder 4.01, along with one additional verified vulnerability in the same plugin.
Project page: https://wordpress.org/plugins/content-visibility-for-divi-builder/ Project footprint: 2,000+ active installations on WordPress.org.
The critical issue is a code-execution path where user-controlled visibility expressions reach eval() through multiple application features. This is a representative example of why security teams need autonomous verification: dangerous APIs alone do not define risk. Reachability, privilege boundaries, and runtime behavior do.
ZAST.AI promotes findings into reports only after successful PoC validation, which supports a zero-false-positive operating model and helps enterprise teams prioritize remediation on verified issues.
Full report: https://blog.zast.ai/vulnerability%20research/ai%20security/Auditing-Content-Visibility-for-Divi-Builder/
@wordfence @WordPress @[email protected]
#ApplicationSecurity #WordPressSecurity #AppSec #VulnerabilityResearch #AIForSecurity
🏴☠️ One backslash. Full RCE. That's PTT-2025-026 in a nutshell. Discovered by our Pentest-Tools.com team
FuelCMS uses Dwoo to keep PHP code out of templates. Turns out, it forgot about “\”.
Escape the string. Inject the code. Own the server.
CVSSv3 8.8 High or 9.8 Critical if you chain it with our previous FuelCMS finding (PTT-2025-025 - unauthenticated account takeover). No patch coming either. The project's been on fumes for almost 4 years.
Our colleagues Matei "Mal" Bădănoiu and Raul Bledea did the digging. Full PoC and exploit is added here: https://pentest-tools.com/research
(watchtowr.com) Pre-Authenticated Remote Code Execution Chain Discovered in BMC FootPrints ITSM Platform
watchTowr Labs disclosed a pre authentication remote code execution chain across four vulnerabilities in BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001. The chain begins with an authentication bypass (CVE-2025-71257) that extracts a guest session token from the password reset endpoint, which is then used to reach an unsanitized Java deserialization sink (CVE-2025-71260) in the /aspnetconfig endpoint's VIEWSTATE parameter. Exploitation via the AspectJWeaver gadget chain enables arbitrary file write to the Tomcat web root, achieving full RCE. Two SSRF flaws (CVE-2025-71258, CVE-2025-71259) were also identified. BMC released hot fixes in September 2025.
Fediverse: @watchTowr
SolarWinds. Ivanti. SysAid. ManageEngine. Giants of the KEV world, all of whom have ITSM side-projects. ITSMs, as a group of solutions, have played pivotal roles in numerous ransomware gang campaigns - not only do they represent code running on a system, but they hold a significant amount of sensitive information.
Subconscious Proxy
Artur Meski
pentest-tools.com
Miguel Afonso Caetano
eicker.news ᳇ tech news
AmmarSpaces
ZAST AI
O RLY CYBER