Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...

Full Details: https://forum.hashpwn.net/post/11277

#pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn

CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.

hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.

If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.

Details:
https://forum.hashpwn.net/post/11119

GitHub repo:
https://github.com/Cynosureprime/hashpipe

#hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn

Update: Solflare “xpass exploit" Details Released

In Feb 2025, I reported an exploit vulnerability in the Solflare Chrome wallet which allowed the wallet vault (solflaredata) to be decrypted without the user's password.

Turns out, this was a backdoor, not a bug.

Today, I am releasing the full details of the xpass exploit, aka the "backdoor master key".

https://forum.hashpwn.net/post/11116

#solflare #crypto #wallet #vulnerability #exploit #backdoor #xpass #cyclone #hashpwn #news #infosec #cybersecurity

Cisco Catalyst SD-WAN CVSS 10.0 zero-day (CVE-2026-20127) has been actively exploited, with attackers gaining admin access.

Full technical breakdown: https://forum.hashpwn.net/post/10802

#cisco #sdwan #cvss10 #cve202620127 #exploit #cybersecurity #infosec #news #hashpwn

New release: guarda_pwn

Tool to decrypt and recover Guarda crypto wallets.

Details: https://forum.hashpwn.net/post/10799

#guarda #wallet #crypto #recovery #seedphrase #infosec #hashpwn

New release: trustwallet_pwn

Toolset to extract and decrypt Chrome-based extension TrustWallet vaults.

Details: https://forum.hashpwn.net/post/10795

#trustwallet #recovery #seedphrase #infosec #crypto #hashpwn

Chrome CSS Zero-Day (CVE-2026-2441)

Google has patched a CVSS 8.8 high-severity use-after-free bug in Chrome’s CSS engine that is being exploited in the wild. This also affects all Chrome-based browsers such as Brave, Edge and Opera.

https://forum.hashpwn.net/post/10273

#google #chrome #brave #edge #opera #browser #cybersecurity #css #zeroday #cve20262441 #news #hashpwn

Another successful MetaMask crypto wallet recovered. This one was on the Zen browser, so was a first for me.

https://forum.hashpwn.net/post/10221

#metamask #crypto #wallet #recovery #zen #browser #firefox #hashpwn

For those who lost their Dogecoins due to the defunct Dough Wallet iPhone app, here's a tool to recover your Dogecoin address and private keys.

https://forum.hashpwn.net/post/10034

#doughwallet #recoverytool #crypto #hashpwn

Windows Notepad RCE - CVE-2026-20841

A crafted Markdown link could trigger command execution via protocol handler abuse on Windows 11 Notepad.

https://forum.hashpwn.net/post/10031

#notepad #rce #cve202620841 #cybersecurity #news #hashpwn