@SLCyberSec @hash_kitten @assetnote This has been silently patched now 🫠 There's probably more WAF bypasses out there.

Vercel is questioning whether or not a WAF bypass is possible... Pushed an update that uses a payload from @SLCyberSec research team (specifically @hash_kitten). Payload has been running for @assetnote customers for last 18h. https://t.co/9CqANckHK0 use --vercel-waf-bypass flag

Pushed a new update to https://t.co/9CqANckHK0 -- it now scans for the RCE payload via reflection. Use the --waf-bypass flag to bypass WAFs, works well for Cloudflare/AWS. Other WAFs might need tinkering with the payload, depending on whether they don't have a max context limit.

For the Next.js/RSC RCE, it's possible to bypass both Vercel and Cloudflare, and most WAFs really. Don't trust your provider's WAFs, patch your systems ASAP. We added these new WAF aware checks to @assetnote earlier this morning.

A POC for CVE-2025-55182 https://t.co/BcyJ1UbivA

I've pushed a few updates to https://t.co/9CqANckHK0. Vercel and Netlify are no longer flagged as vuln. Offsite redirs not followed. Custom header support in case you need auth or custom UA. Redir test cases are more accurate now (both base path and redir tested).

You can now scan for #react2shell in @Burp_Suite. To enable, install the Extensibility Helper bapp, go to the bambda tab and search for react2shell. Shout-out to @assetnote for sharing a reliable detection technique!

Our Security Research team at @SLCyberSec just published a high-fidelity detection mechanism for the Next.js/RSC RCE (CVE-2025-55182 & CVE-2025-66478) - https://t.co/aa62OKXpK2. There are a lot of PoCs on GitHub that are adding noise to the problem; I hope this helps people!

My very first blog post is live: https://t.co/Ud0Iffh4Gg During research, I've run into and documented a simple universal SQLite Injection RCE trick. Enjoy! N-day Analysis about Synology Beestation RCE (CVE-2024-50629~50631) by legendary DEVCORE 🎃 🍊 Thanks to @u1f383

🛡️ We added Oracle Fusion Middleware missing authentication for critical function vulnerability CVE-2025-61757 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/bJOgGeWmb8 & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec

Oracle Cloud was breached in Jan 2025 through vulns in Oracle Access Manager. @SLCyberSec's Research team found a new pre-auth RCE vulnerability in Oracle Identity Manager (CVE-2025-61757). This is a critical vulnerability and is trivial to exploit. https://t.co/hXdzU4TJVP

A friend found multiple RCE on GitHub Enterprise and it paid minimum crit. Should you hack on GitHub? #bugbounty https://t.co/LcN1X3K1o2

Thoughts on fuzzing research by Addison Crump: https://t.co/CK0JoKr6Ge

Credential Guard was supposed to end credential dumping. It didn't. @bytewreck just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled. Read for more ⤵️

We became an admin in the Fédération Internationale de l'Automobile's driver categorisation system, which allowed us to access the PII and password hashes of any rated driver, including Max Verstappen. 🏎️ https://t.co/vdX7OegqmW

As a homage to the work of @Blaklis_, our Security Researcher @softpoison_ debuts his first research post on reverse engineering a critical unauthenticated RCE in Magento (SessionReaper) CVE-2025-54236 at @SLCyberSec:

A mini research I did about escalating an XSS using 414 and 431 server size limit errors, and how I escalated an XSS to account takeover using a Salesforce URL Limit Gadget on a Ecommerce website. Hope you enjoy it https://t.co/FH4HGaXGia

Two weeks ago, I did my first (in-person) @Hacker0x01 LHE in Singapore! I worked with @hash_kitten and @infosec_au, and I'm really happy with how it went and what we found :D (We won the Best Team and Best Bug awards! 🔥) It was an amazing event, thanks @Hacker0x01! 😁

Quick post regarding sqlite injection. TLDR, when using it for file creation, create a VIEW rather than a TABLE:

Earlier this year, @infosec_au and I discovered multiple vulnerabilities that allowed us to access the back office admin panel of ClubWPT Gold (the World Poker Tour's website) where we could manage customer data, KYC, and more. Read the writeup here: https://t.co/K2402UPWYk