#CVE-2025-55182 React4Shell — How about Akamai WAF? Even more straightforward: toss a giant junk blob upfront and the parser taps out on sight. Bloody brute force. Go verify it on your own endpoint—again and again. Figure 1: shows the payload validity check. Figure 2:

A POC for CVE-2025-55182 https://t.co/BcyJ1UbivA

Stir up the group chat with a "let’s go to Florida this weekend 😎”

I had a great time at @NDC_Conferences in Manchester thanks to its organisers. I am especially glad that I managed to meet and talk to some good folks in the dev and security communities 👍

Microsoft Silently Mitigated Exploited LNK Vulnerability

Critical Security Vulnerability in React Server Components CVE-2025-55182 and rated CVSS 10.0 The vulnerability is present in versions 19.0, 19.1.0, 19.1.1, and 19.2.0 of: react-server-dom-webpack react-server-dom-parcel react-server-dom-turbopack https://t.co/AMlp6yMPSZ

CVE-2025-55182 RCE in React Server Components 💀 https://t.co/tKKyd9WljA

Power users use Hackvertor tags to make exploitation much easier!

Glassworm malware returns in third wave of malicious VS Code packages

Here is the screenshot of how it can be used inside Burp Suite using the @hackvertor extension

Since we're covering this tomorrow at @NDC_Conferences Manchester, I’ve released the bypass for the ToolShell SharePoint deserialization exploit in https://t.co/9BofGcFaWh (same bug @_l0gg originally showed). “Complex” bypass? 🥵 Just a single whitespace. 👻 Something we even

On Thursday I'm presenting "Splitting the email atom:exploiting parsers to bypass access controls" at NDC Manchester. Please join me if you want to find out how to turn an RFC compliant email address into RCE. https://t.co/ry7V3zfjqa

Interesting list, @secdim also has a good offer!

Leak confirms OpenAI is preparing ads on ChatGPT for public roll out

If you need to generate a target-specific wordlist, make sure to check out @xnl_h4ck3r GAP extension. It will scan for sus parameters and generate you a complete wordlist with one click of a button. See it in action 👇

Math question, how much is the tax rate between 100-125k in the UK? Obvious question, why do they make it like this instead of stating the obvious? Don't use AI! #Tax #UK

Exploit for ToolShell. Modified ysoserial for crafting DataTable payload. https://t.co/1zJMDbGker

The https://t.co/OpFfwtJCLm post by @xoreipeip shows how prepared statements can be exploited in NodeJS using mysql and mysql2 packages leading to SQLi! 🪄 So use of prepared statement might not be the ultimate solution here 🥵 as a side note, @xoreipeip later found this

Active FortiWeb exploitation has been well-covered already by @DefusedCyber, @CERTCyberdef, @watchtowrcyber, @cyb3rops, and more. But the big question is why on earth CVE-2025-64446 was silently patched to begin with.