Holy shit… the exploitation of CVE-2025-55182 has reached a new level. There’s now a publicly available Chrome extension on GitHub that automatically scans for and exploits vulnerable sites as you browse. Absolutely wild. 🤦‍♂️

Finally sharing what’s been under wraps for months. @evildaemond and I tore into HID SEOS to build the first open-source implementation for Proxmark3. This is our Black Hat Asia 2025 story → https://t.co/0c6Wk7JRUf #RFIDHacking #SEOS #CyberSecurity

If you want to extend #BloodHound a little bit and use it for other stuff such as passwordaudits, choke point detection and remediation tracking, increase your session data again etc, than this one's for you. https://t.co/r0wdT8UdKf NO OpenGraph extension - sorry fan boys

You’ve heard of the Unix 2038 Problem. I bet you haven’t heard of the GPS 2038 problem. Every GPS navigation device in existence experiences an integer overflow every 19.6 years. Last time, it wiped out iPhones, NOAA weather buoys, and a number of flights in China:

SAVE THE DATE! The organisation of the #pts26 edition is starting 😎 📣 Info we can already share are: - 🗓️ Tuesday June 30 to Thursday July 2, 2026 ✅ - 📍as asked in your feedback answers, we will be again at Université Catholique de Lille 🎉 Website & more are coming soon!

1995: The movie Hackers was released. Yes, 30 years ago today. 🤯 It grossed just $7 million at the box office against a budget of $20 million. Ouch. A box office failure, but today it's a cult classic. Crash Override. Acid Burn. Rollerblades. Floppy disks. Hack the Gibson!!!

Happy #HackersDay! Today's the 30th anniversary of "Hackers".

Say hello to Eternal Tux🐧, a 0-click RCE exploit against the Linux kernel from KSMBD N-Days (CVE-2023-52440 & CVE-2023-4130) https://t.co/Cbk9MBo91v Cheers to @u1f383 for finding these CVEs + the OffensiveCon talk from gteissier & @laomaiweng for inspiration!

Huge thanks to the @hexacon_fr team for bringing BlackHoodie to Paris! A free 4-day security workshop for women by women Oct 6-9. So grateful for our amazing trainers: Sonia (Linux Forensics) Paula (Web/Mobile Sec) & Jiska (iOS Hacking)! https://t.co/dAdWusbhyE

Zero Cool day!

we got a persistent 0click on ChatGPT by sharing a doc that allowed us to exfiltrate sensitive data and creds from your connectors (google drive, sharepoint, ..) + chat history + future conversations it gets worse. we deploy a memory implant #DEFCON #BHUSA @tamirishaysh

40 YEARS AGO - I launched the Amstrad CPC6128. Having a built-in disc drive opened up the machine to more serious business computing and gaming - see https://t.co/3EIze0EQwN The demo at 15:06 shows off the sound and graphics handling - brilliant for 1985. Discs held 1.4MB 💾

hashcat v7.0.0 released! After nearly 3 years of development and over 900,000 lines of code changed, this is easily the largest release we have ever had. Detailed writeup is available here: https://t.co/fxAIXNXsEr

We found a new container escape affecting all container runtimes using @NVIDIA GPUs. The crazy part? The exploit is just three lines long 🤯 This is the story of #NVIDIAScape 🧵👇

Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by @yaumn_ and @wil_fri3d. https://t.co/EY5Z53w1ZT

TIL how rsync works: 1. PC2 splits a file into blocks 2. For each block, calculates a weak (fast) and strong (slow) checksum 3. Send the checksums to PC1 4. PC1 find all blocks w/ matching checksums. 5. PC1 tells PC2 how to construct a copy based on non-matching byte sums.

Many missed this on #BadSuccessor: it’s also a credential dumper. I wrote a simple PowerShell script that uses Rubeus to dump Kerberos keys and NTLM hashes for every principal-krbtgt, users, machines. no DCSync required, no code execution on DC.

https://t.co/ow3oT40Fs4

Today we unveil BadSuccessor - a new no-fix Active Directory privilege escalation technique. We will explore the recently introduced dMSA feature, and show how it enables turning a very common, seemingly benign permission, into a full domain take over. https://t.co/k4roTZE36T

0-click RCE on Tesla Model 3 through TPMS Sensors : https://t.co/RPZIzCqCuc credits @masthoon @vdehors