Meet Hy3 on ModelScope!
295B total / 21B active MoE, built for agentic workflows with 256K context and an FP8 variant ready for deployment. 🚀 License: Apache 2.0.
🤖https://t.co/0y9tfq8iBP
🏆 Human eval: 270 experts compared outputs in blind real-world workflow tests. Hy3 scores 2.67/4, ahead of GLM-5.1 at 2.51/4, with the clearest gains in frontend development, CI/CD, and data & storage.
🛠️ Agent reliability: stronger tool calling, formatting, and error recovery, with SWE-Bench Verified variance within 4% across major scaffolds.
🧠 Multi-turn gains: issue rate drops from 17.4% to 7.9%, and MRCR rises from 42.9% to 75.1%.
⚙️ Model lineup: Hy3 BF16 instruct model plus Hy3-FP8 quantized instruct model, with vLLM and SGLang deployment support.
🚀 Qwen3.6-27B-NVFP4 is inference ready with vLLM on NVIDIA Blackwell GPUs.
This checkpoint is optimized for Blackwell and reduces GPU memory requirements by ~2.5x for local AI with open-source models.
🧠 27B params, Hybrid Attention
📊 NVFP4 evals: 86.3 on MMLU Pro, 85.5 on GPQA Diamond
🛠️ Exclusively supported on vLLM as the runtime engine
Get started from the Hugging Face checkpoint: https://t.co/TDA75Mqam6
New research: We were able to access camera permissions and obtain user GPS coordinates across 20+ major mobile wallets by exploiting WebView misconfigurations. Here's how ↓
New entry added to the #LOLBAS Project:
Proxy execution via system-native scp.exe. Takes any remote destination, doesn't actually have to run an SSH server.
👉 https://t.co/jLCiaB1fuM
Thanks @BinFault
Slides for our OffensiveCon talk (by me and @jmartijnb) https://t.co/F3yM2pIgwy:
A tiny mistake in a render config ➡️ corrupt a special GPU stack pointer register ➡️ GPU hardware “renders” pixels to the AP kernel directly ➡️ pwned
More presentations: https://t.co/0QOsr0uuTJ :)
Bitkocker exploits go brrrr
Nothing is safe, everything is vulnerable ;) (that’s not true but it sounds like a cool marketing line)
Not tested this but I’m sure many will.
Just woke up! Need tea 🫖
#bitlocker#microsoft#windows#exploits
https://t.co/OFFbzToOIZ
‼️ Nightmare Eclipse is back on GitHub under a new alias and has released a new Windows Defender vulnerability zero-day called RoguePlanet.
PoC: https://t.co/n0xF6uGt4u
New GitHub Account: https://t.co/qwU93VedpH
SPN-less RBCD with NetExec🔥
While classic RBCD requires a computer account, you can use U2U authentication to perform RBCD with a normal user account, if a computer account is not available.
Thanks to @azoxlpf, you can now perform this attack with NetExec as well🚀
🎉 Our Call for Talks is officially open.
Submit your proposal from June 1st to August 23rd and be part of this incredible event.
Scheduled from February 4th to 5th, the conference is your platform to share your insights.
👉 Apply now: https://t.co/HCGeleq8vs
#CyberSecurity
IRIS (Intent Runtime Inspection System) is my attempt at building a Burp Suite for Android intents :) . Give it a spin and let me know what breaks, what’s missing, and what you’d like to see next: https://t.co/u5sUlvHBpB
Demo here: https://t.co/IdAZDIq3qU
Stop burning RDP persistence with 4732 alerts. Bypass the "Remote Desktop Users" group entirely.
GUI access only requires:
- SeRemoteInteractiveLogonRight (Inject SID via secedit)
- RDP-Tcp listener permissions (Modify CIM class)
OPSEC: Trades 4732 for 4704. Most SOCs don't tune 4704 with the same aggression.
h/t @Cptjesus for the concept.
Impacket 0.13.1 is live! This release includes new relay surfaces, stronger support for modern Windows and SQL Server environments, and a set of practical improvements across the examples scripts. Check out the blog post to get more details>
https://t.co/B52xTyCNMT
I just reverse engineered the YellowKey BitLocker bypass
Microsoft shipped code that checks for a flag called "FailRelock" in every Windows 11 recovery image. When it's set to 1, after recovery unlocks your BitLocker drive, it never relocks it. All you need is a USB stick.
This code only exists in the recovery environment. Not in normal Windows. They left an entire debug testing framework in production.
‼️🚨 Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots.
Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's usual secrecy.
▪️ AI surfaces a massive wave of 0-day RCEs.
▪️ Submissions overwhelm ZDI past max capacity.
▪️ Slots run out. Researchers with working chains get rejected.
▪️ "Revenge disclosures" begin. ← we are here.
Confirmed casualties so far:
▪️ @xchglabs : 86 vulnerabilities prepared (PyTorch, NVIDIA, Linux KVM, Oracle, Docker, Ollama, Chroma, LiteLLM, llama.cpp). All rejected. Now reporting directly to vendors with writeups dropping as patches land.
▪️ @ggwhyp : full-chain Firefox RCE on Windows. Rejected. Publicly demoed (HTML page → cmd.exe → calc.exe). Responsibly disclosed to Mozilla.
▪️ @yunsu_dev : working RCE chain, rejected. Submitting elsewhere.
▪️ @ryotkak : tried to register for 3+ weeks. ZDI confirmed "at maximum capacity, can't add extra contest days." Considered canceling flight and hotel.
▪️ @anzuukino2802 : Claude Code RCE PoC. Rejected.
▪️ @desckimh : 0-day RCEs in Ollama and LM Studio. Rejected.
Reported impact: a community-estimated 150+ researchers tried to register. Accepted contestants are now being warned about collisions. Rejected vulnerabilities going to bug bounty programs may trigger pre-event patches that invalidate the work of those who got in.
ZDI has not publicly addressed the capacity issue. The event still runs May 14-16 in Berlin.
We obtained root privilege on the S26 (Exynos 2600 Chipset), the latest flagship smartphone from Samsung. To our knowledge, this is the first root exploit for Exynos S26 since Samsung removed bootloader unlocking option in One UI 8. It is exploitable from APP context, so we make a cmd wrapper app for demo����(1/n)
This second blogpost concludes @yaumn_'s research on #Windows authentication reflection.
He discloses the new Kerberos authentication coercion technique he discovered to remotely compromise Windows systems 💥
A little bonus is even included at the end 👀👇
https://t.co/RsJHxCdIGe