Early this week, we had a meeting at Apple Park in Cupertino. While there, we also shared with Apple our latest vulnerability research report: the first public macOS kernel memory corruption exploit on M5 silicon, surviving MIE. It was laser printed, in honor of our hacker friends.
Full story: https://t.co/AmKMGUmWPt
MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
To our knowledge, this is the first remote kernel exploit both discovered and exploited by an AI.
https://t.co/Cv8M69i1Mk
A Race Within A Race: Exploiting CVE-2025-38617 in Linux Packet Sockets.
A step-by-step guide to exploiting a 20-year-old bug in the Linux kernel to achieve full privilege escalation and container escape, plus a cool bug-hunting heuristic.
https://t.co/IxURrHpBT0
In Singapore, @okx and HackerOne brought an elite team of security researchers together for a live hacking event focused on one thing: building trust through real-time collaboration.
This was security in action—fast-paced, transparent, and deeply human. Researchers tested live systems. Teams worked side by side. Vulnerabilities were uncovered and addressed when it mattered most.
When trust is built in real time, everyone wins.
#H165 #TogetherWeHitHarder
@ElS1carius After digging deeper, I found the root cause in lua-nginx-module, which Kong is built on. Still, I believe Kong should have investigated further, as I found the issue easily exploitable across multiple companies using their products!
🚨HTTP Request Smuggling in lua-nginx-module!🚨
This affects major proxies like Kong GW, OpenResty, Apache APISIX and many more👀
Check it out: https://t.co/G9juMax7zk
Big thanks to @albinowax for his awesome research and for answering all my questions!
#bugbounty#bugbountytips