I am starting a new project BoxPwnr, using LLMs to solve HackTheBox machines autonomously 🤖 So far it solves 6 out of 9 of the very easy boxes from Starting Point.

Just tried Gemini 2.5 Pro on BoxPwnr against all the HackTheBox StartingPoint machines. It solved 15/25 in one shot! First time solving Tactics, Bike & Base 🦾🤖 Super interesting how it solved Base, it's the longest exploration I have seen with 112 turns...🧵

CVE-2025-24071> Windows Explorer automatically initiates an SMB authentication request when a .library-ms file is extracted from a .rar archive, leading to NTLM hash disclosure. The user does not need to open or execute the file... https://t.co/d1myefHndw

Espressif Systems - ESP32 BluFi Reference Application Vulnerabilities

In-depth technical analysis of the Bybit hack (more than $1.4 billion assets): https://t.co/kUXtHpv19i Awesome work @Grifo!!

Behind the hype, missteps, and marketing buzz, there’s great work with USB Bluetooth ( https://t.co/Qw2keYKwBD) and the research that supports it! Congratulations @antonvblanco

Today I'm releasing a new minor version of Monkey365. This new version adds some fixes and a new ruleset (CIS Benchmark 4.0) for Microsoft 365 was added. https://t.co/ijQcVKZrgx #azure #EntraID #microsoft365 #cloudsecurity

🚀 Introducing binaryninja-ollama-plus! A fork of the original Binary Ninja Ollama plugin, now with: • requests replacing ollama for easier integration • Function explanations • Basic vulnerability analysis • Optimized AI interactions @vector35 🔗

I'm thrilled to share that a new release of #Monkey365 is out! With many improvements, including the incorporation of the entire list of CIS controls https://t.co/NmbsgNh0Nv #cloudsecurity #azuresecurity #microsoft365security #AzureAD #EntraID #CSPM #microsoft365

I'm thrilled to announce a new release of #Monkey365! This new release contains a lot of improvements and fixes. For example new flags were added to list collectors and CIS benchmarks for both Azure and M365 were updated to 3.0 version. Check it now! https://t.co/NmbsgNh0Nv

Excited to announce the release of a new version of Monkey365. Multiple bug fixes were fixed and feature enhancements were added. Enjoy! https://t.co/8CFEhZwYNw #cloudsecurity #azuresecurity #microsoft365security #office365security #hardening #PenTest #AzureAD #EntraID #CSPM

#Monkey365 dev branch has been updated, introducing a batch of fixes & improvements across the various modules. #Security #Microsoft365 #Office365 #Azure #Compliance #CSPM https://t.co/NmbsgNh0Nv

#OffensiveCon23 recordings are now live! Hope you enjoy :) https://t.co/8cvBFzxoVU

Today I'm releasing a new major version of Monkey365. This new version adds a bunch of fixes and include a lot of new improvements to the core module. https://t.co/NmbsgNh0Nv #cloud #azure #azuread #microsoft365 #cloudsecurity #compliance

Just published details of 5x SMM vulnerabilities in Insyde Software. The bugs span several SMI handlers including a fun parsing bug when performing a BIOS Guard Update.

I reported a SMM TOCTOU vuln to Intel, but unfortunately it was a dupe of an internally discovered issue. Intel's advisory was vague, so I decided to publish my own detailed analysis. Check it out:

Working on the new version of #Monkey365. There will be a lot of new features like new rules, support for CIS 1.5 benchmarks, bug fixes and much more. Actually using it right now for bug fixes and other improvements. https://t.co/NmbsgNh0Nv #Azure #AzureAD #Office365

We just dropped part 2, wherein @domenpk analyzes whether Rust-based Linux device drivers can be impacted by race condition (TOCTOU) bugs that are common in the C-based driver counterparts.

My coworker @domenpk has started a series where he deep dives into the Rust for Linux project and tries to understand what kinds of memory safety bugs can persist when a C driver is ported to Rust. Part 1: kernel pointer & structure padding info leaks. https://t.co/JvwXogVvyA

Our hardware research team is churning out more advisories - this time a heap memory corruption bug in U-Boot's USB DFU.