Antonio Taboada 🇪🇸 hackingyseguridad.com

🤖 Pentest Copilot: AI Agent for Autonomous Penetration Testing What if you could simply describe a target and let an AI agent handle the enumeration, exploitation workflow, tool execution, and result analysis? Pentest Copilot is an open-source AI-driven penetration testing platform that: ⚡ Runs security tools autonomously 🛠️ Supports 100+ pentesting capabilities 🌐 Integrates with Burp Suite 🖥️ Includes Browser Automation 🔄 Uses Multi-Agent Parallel Execution 🔌 Supports MCP Integration 🔒 Includes Safety Controls for Dangerous Actions Simply provide the target. The agent executes commands, analyzes output, decides the next step, and continues the attack workflow with minimal human intervention. 🔗 https://t.co/W4NpROzPYb #CyberSecurity #Pentesting #RedTeam #BugBounty #CTF #AIAgents #AgenticAI #BurpSuite #EthicalHacking #OpenSource

PoC Exploit Released for HTTP/2 Bomb Remote DoS Vulnerability in Apache HTTP Server Source: https://t.co/AnjXTI9uG0 A proof-of-concept (PoC) exploit has been publicly released for a critical Denial of Service vulnerability in Apache HTTP Server, tracked as CVE-2026-49975, dubbed the "HTTP/2 Bomb." The flaw allows remote attackers to exhaust server memory and disrupt services without authentication, posing a significant risk to organizations running unpatched Apache deployments. The publicly released PoC, available on GitHub, demonstrates the attack using a Python-based exploit script. The attack is reproducible in a Dockerized environment, where the server is containerized with an 8 GB memory limit. Upgrade immediately to Apache HTTP Server 2.4.68 or later. #cybersecuritynews

A critical flaw in Anthropic's Claude Code GitHub Action allows attackers to hijack repositories via a single GitHub issue. This highlights the risks of integrating AI tools like Claude into CI/CD pipelines without stringent security measures. Repository maintainers should update to claude-code-action v1.0.94 and audit workflows to prevent unauthorized access. #Security #Anthropic #ClaudeCode #GitHub #AI #Vulnerability https://t.co/bnj1CvvBHB

🛡️ F5 Patches NGINX Vulnerability That Enables Code Execution and DoS Attacks Source: https://t.co/Q0htkgLIhh F5 has released an out-of-band security advisory addressing multiple high-severity vulnerabilities in NGINX that could allow attackers to execute arbitrary code and launch denial-of-service (DoS) attacks across affected environments. The advisory, published on June 17, 2026, highlights several critical flaws impacting NGINX Open Source, NGINX Plus, and related products, including NGINX Gateway Fabric and NGINX Ingress Controller. One of the most critical issues, tracked as CVE-2026-42530, affects the ngx_http_v3_module in NGINX. This flaw impacts NGINX Open-Source versions 1.31.0 and 1.31.1 and has been patched in version 1.31.2. #cybersecuritynews

UPDATE 🠖 FortiBleed looks bigger than first reported. Update: Hudson Rock says FortiBleed targeted 73,932 Fortinet firewall URLs across 194 countries, affecting 21,632 domains. The bigger risk: exposed FortiGate SSL VPNs may be used as listening posts to capture more credentials and keep the access loop going. Read the full update: https://t.co/r8VrvtdCie

SSH Penetration Testing (Port 22) 🔥 Telegram: https://t.co/upuP8k8ckB ✴ Twitter: https://t.co/Za7rYILz6E SSH (Secure Shell) is a cryptographic protocol used for secure remote login and command execution over unsecured networks. During penetration testing, misconfigurations or weak credentials in SSH services can allow attackers to gain unauthorized access. () 📚 Techniques Covered in This Guide 🔎 Enumeration with Nmap 🔐 Password Cracking using Hydra ⚡ Authentication using Metasploit 💻 Running Commands on Remote Machine 🔁 SSH Port Redirection 🧪 Nmap SSH Brute Force Script 🔍 Enumerating SSH Authentication Methods 🔑 Key-Based Authentication 🛠 Key-Based Authentication using Metasploit 📦 Post Exploitation using Metasploit 🌐 Local Port Forwarding (Password Based) 🔐 Local Port Forwarding (Key Based) 📖 Article: https://t.co/QcYf2wWuu3 #CyberSecurity #EthicalHacking #Pentesting #SSH #RedTeam #InfoSec

1. https://t.co/JuPfIOn93a (solve any problem) 2. https://t.co/Al3x8asjTS (remove backgrounds) 3. https://t.co/LzN2E5djpv (research anything) 4. https://t.co/I3qDgalhlT (compose music) 5. https://t.co/TObZPm5JM8 (design graphics) 6. https://t.co/gFND9v6OLG (clone voices) 7. https://t.co/8kwGdHsVLc (perfect note) 8. https://t.co/EvA2Mzqe0h (summarize YouTube) 9. https://t.co/URku6S35td (edit videos) 10. https://t.co/ibhcMYTDrM (edit podcasts) 11. https://t.co/h67Y6U2cQU (create ai avatar videos) Save + Share🙂

If you’re still “prompting” Claude Code, you’re missing the point. Here are 26 Claude Code shortcuts that most users don't know exist: SESSION CONTROL /clear — wipes context and starts clean /resume [session] — reopens a previous session by ID or name /branch [name] — forks the conversation to explore a different path /rewind — rolls back conversation and code to an earlier checkpoint /rename [name] — renames the session. Leave it blank and one gets auto-generated /export [filename] — saves the full conversation as plain text MODEL & USAGE /model [model] — switches to Sonnet, Opus, or Haiku mid-session /cost — shows token usage for the current session /usage — shows plan limits and rate-limit status /extra-usage — unlocks extended usage when standard limits hit PROJECT SETUP /init — builds a CLAUDE.md project guide on first run /memory — edits CLAUDE.md and controls what auto-memory saves /add-dir <path> — adds a directory for file access during the session /config — opens settings for model, output style, and preferences CODE OPERATIONS /diff — opens an interactive diff viewer for uncommitted changes /security-review — scans pending changes for vulnerabilities /plan [description] — enters plan mode before Claude touches anything /permissions — sets allow, ask, and deny rules for every tool AGENT LAYER /agents — manages agent and sub-agent configurations /skills — lists all available skills, built-in and custom /plugin — manages Claude Code plugins /reload-plugins — reloads active plugins without restarting /mcp — manages MCP server connections and OAuth /compact [instructions] — compresses conversation history, keep what matters INTERFACE /theme — switches between light, dark, and colorblind-accessible modes /color [color] — sets prompt bar color for the current session This is Claude Code, not https://t.co/EePliJpUip. Different tool. Steeper learning curve. Higher ceiling. ⭐ Save this. Use it the next time you open Claude. ➕ Follow me for content that actually moves work forward.

‼️🚨 BREAKING: 320,000 Fortinet firewall devices have been targeted in a campaign that has been dubbed 'FortiBleed'. Attackers were able to confirm 75,000 working credentials against the admin and SSL VPN interfaces. The victims include really big names like Samsung, Oracle, Spotify, Sony, and more. The data was first surfaced by researcher Volodymyr "Bob" Diachenko and analyzed by Hudson Rock and SOCRadar. The operation runs as a self-feeding loop. Attackers scan the internet for exposed Fortinet devices, then test each one against a curated list of passwords leaked from earlier Fortinet breaches and infostealer logs. Every successful login gets recorded into a verified database. They then turn each compromised box into a listening post, sniffing the traffic passing through the firewall to harvest fresh credentials, which go straight back into the scanner. The scale is large. The group ran an estimated 1.16 billion credential attempts against more than 320,000 FortiGate targets, plus 2.1 billion brute-force tries against 160,000 MSSQL servers. In the deeper intrusions they intercept SSL VPN authentication hashes, crack them on a dedicated 45-GPU cluster, and move into internal Active Directory. Diachenko confirmed full network compromises in Japan, Taiwan, Vietnam, Iraq, and Turkey, including a Turkish NATO defense contractor that had classified defense documents stolen. If you run Fortinet, act now: rotate every VPN and admin credential, enforce MFA on all external gateways, restrict management access to approved sources, segment internal networks, and audit gateway logs for unusual logins. Hudson Rock has a free domain lookup at https://t.co/KLv2YiMtpm. Data surfaced via the Hunt Intelligence, Inc. feed.