A penetration tester got root access to our Kubernetes cluster in 15 minutes. Here's what they exploited. The attack chain: - Found exposed Kubernetes dashboard (our bad) - Dashboard had view-only service account (we thought this was safe) - Service account could list secrets

The scammers are evolving 💀

The security vulnerability we found in Perplexity’s Comet browser this summer is not an isolated issue. Indirect prompt injections are a systemic problem facing Comet and other AI-powered browsers. Today we’re publishing details on more security vulnerabilities we uncovered.

OMG.. whatsapp 0c in pwn2own

We just launched a $4.5m bug bounty live hacking event competition targeting the most popular cloud & ai open source software 🧵

The watchTowr Labs team is back, providing our full analysis of the Oracle E-Business Suite Pre-Auth RCE exploit chain (CVE-2025-61882). Enjoy with us (or cry, your choice..) https://t.co/ffDKb723N6

The team at @OpenAI just fixed a critical account takeover vulnerability I reported few hours ago affecting #ChatGPT. It was possible to takeover someone's account, view their chat history, and access their billing information without them ever realizing it. Breakdown below 👇

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog:

The @ReconVillage at @DEFCON 33 explored the digital terrain with Live Recon, GE(O)SINT, CTFs & labs. 🗺️ 🔍 Shoutout to @NahamSec @Jhaddix @DanielMiessler @InfosecVandana @niksthehacker @jeff_foley @anantshri & others! All #DEFCON33 villages 👇🏽 https://t.co/sxs3HBhtKV #InfoSec

Had an amazing time at my first #BSidesAhmedabad 🎉 Great discussions, diverse connections & of course the mandatory MSRC team pic + group selfies 📸

No doubt, the fieriest panel of all🔥🔥

When the hunters of threats join the battlefield, you know the game changes. ⚔️🛡️ We’re beyond thrilled to announce @CrowdStrike as the Cyber Security Partner at BSides Ahmedabad 0x06 — bringing the power of Falcon intelligence to the most awaited cyber security gathering of the

Sept 12–13: BSides Ahmedabad 🇮🇳 — Positive Technologies Offensive Team from @ptswarm with talks, networking & fresh research. Sept 13: Standoff Hacks finale — top bug hunters, private bounty scope & party. @amoshkov has the secret code for the grand party, DM him to crash it 👀

🇮🇳 Independence = Incredible Savings! This Independence Day, BSides Ahmedabad is celebrating with you! Grab your passes now and enjoy a patriotic 15% discount because liberty deserves a great learning party!🎉 Use coupon code “FREEDOM” & get 15% Off on Delegate & Professional

🟥🟦 CTF teams, take note — Standoff Cyberbattle 16, October 6–8, online. 💰 $17,500 prize pool. 30 hours of pure Attack–Defence. 1500+ real-world systems, PLC/SCADA included, 30 hours of epic battle. Apply by Sept 1 → https://t.co/lhYy3XiO2s

The @SLCyberSec research team is releasing our final research post for our Christmas in July efforts, two RCEs and one XXE (all pre-auth) in Adobe Experience Manager Forms. One of the RCEs and the XXE still do not have official patches:

🚨 Only 45 Days to Go! 🚨 BSides Ahmedabad 0x06 is almost here! 🎟️ Grab your pass NOW to witness the finest in cybersecurity — where cyber brilliance meets real-world defense➡️🔗 https://t.co/ZSYqohYSMI Don’t just hear about it — be there. #BSidesAhmedabad #CyberSecurity

I have launched YSoNet ( https://t.co/9BofGcFaWh) and added #SharePoint CVE-2025-49704 payload generator to it as the first thing. Here is how this can work: Running command: ``` ysonet.exe -p sharepoint --cve=CVE-2025-49704 -var 1 -c "calc" ``` Running C# code: ``` ysonet.exe

Blog for ToolShell Disclaimer: The content of this blog is provided for educational and informational purposes only. https://t.co/gT0aoKXkig #SharePoint #ToolShell

What’s better than hacking? Knowing why it works. 🧠💥 That’s why @redteamacademy is teaming up with BSides Ahmedabad 0x6 as our official Knowledge Partner! They’re not just here to drop info—they’re here to build the next wave of cyber warriors with raw, hands-on red teaming