Third Hand @p4rcomx - Twitter Profile

p4rcomx retweeted

about 1 month ago

‼️🚨 Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots. Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's usual secrecy. ▪️ AI surfaces a massive wave of 0-day RCEs. ▪️ Submissions overwhelm ZDI past max capacity. ▪️ Slots run out. Researchers with working chains get rejected. ▪️ "Revenge disclosures" begin. ← we are here. Confirmed casualties so far: ▪️ @xchglabs : 86 vulnerabilities prepared (PyTorch, NVIDIA, Linux KVM, Oracle, Docker, Ollama, Chroma, LiteLLM, llama.cpp). All rejected. Now reporting directly to vendors with writeups dropping as patches land. ▪️ @ggwhyp : full-chain Firefox RCE on Windows. Rejected. Publicly demoed (HTML page → cmd.exe → calc.exe). Responsibly disclosed to Mozilla. ▪️ @yunsu_dev : working RCE chain, rejected. Submitting elsewhere. ▪️ @ryotkak : tried to register for 3+ weeks. ZDI confirmed "at maximum capacity, can't add extra contest days." Considered canceling flight and hotel. ▪️ @anzuukino2802 : Claude Code RCE PoC. Rejected. ▪️ @desckimh : 0-day RCEs in Ollama and LM Studio. Rejected. Reported impact: a community-estimated 150+ researchers tried to register. Accepted contestants are now being warned about collisions. Rejected vulnerabilities going to bug bounty programs may trigger pre-event patches that invalidate the work of those who got in. ZDI has not publicly addressed the capacity issue. The event still runs May 14-16 in Berlin.

IntCyberDigest's tweet photo. ‼️🚨 Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots.

Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's usual secrecy.

▪️ AI surfaces a massive wave of 0-day RCEs.
▪️ Submissions overwhelm ZDI past max capacity.
▪️ Slots run out. Researchers with working chains get rejected.
▪️ "Revenge disclosures" begin. ← we are here.

Confirmed casualties so far:
▪️ @xchglabs : 86 vulnerabilities prepared (PyTorch, NVIDIA, Linux KVM, Oracle, Docker, Ollama, Chroma, LiteLLM, llama.cpp). All rejected. Now reporting directly to vendors with writeups dropping as patches land.
▪️ @ggwhyp : full-chain Firefox RCE on Windows. Rejected. Publicly demoed (HTML page → cmd.exe → calc.exe). Responsibly disclosed to Mozilla.
▪️ @yunsu_dev : working RCE chain, rejected. Submitting elsewhere.
▪️ @ryotkak : tried to register for 3+ weeks. ZDI confirmed "at maximum capacity, can't add extra contest days." Considered canceling flight and hotel.
▪️ @anzuukino2802 : Claude Code RCE PoC. Rejected.
▪️ @desckimh : 0-day RCEs in Ollama and LM Studio. Rejected.

Reported impact: a community-estimated 150+ researchers tried to register. Accepted contestants are now being warned about collisions. Rejected vulnerabilities going to bug bounty programs may trigger pre-event patches that invalidate the work of those who got in.

ZDI has not publicly addressed the capacity issue. The event still runs May 14-16 in Berlin.

31

2K

377

640

415K

Third Hand @p4rcomx

4 months ago

@0xf4c0 aihhhhhhhhh

0

15

Third Hand @p4rcomx

7 months ago

@gothburz crossing the line isn't wise

0

32

Third Hand @p4rcomx

about 2 years ago

@IndiHomeCare cek dm min

1

0

13

Who to follow

Ammar WK

@y3dips

Professional Bandwidth Hunter; IT(Security) Fans; Pen-tester; Jedi Researcher; @echordc; @idsecconf; @rentjongteam; @seclabid . Very Proud Husband & Dad.

jMozac

@jmozac

Pria biasa-biasa saja yang paranoid dengan genset, benda tajam, dan keramaian.

Third Hand @p4rcomx

about 2 years ago

@traveloka cek DM plsss

1

0

42

p4rcomx retweeted

Matthew

@embee_research

over 2 years ago

Decoding a Cobalt Strike Loader with Cyberchef and Emulation A short video looking into a common CS loader and methods for extracting C2 addresses from Shellcode 😁 https://t.co/2DY4hgNw1k #Malwareanalysis #Cobaltstrike

2

423

125

204

29K

p4rcomx retweeted

0xblackbird @0xblackbird

over 3 years ago

Mega-thread on IDORs

49

715

276

486

94K

p4rcomx retweeted

Arkbird @Arkbird_SOLG

over 3 years ago

I share the samples and a Yara rule for the new backdoor #WarHawk used by #SideWinder group. Samples: https://t.co/uGO7VNEapB ref : https://t.co/RX46TgOOEK Yara: https://t.co/QfRupH6Oea cc @h2jazi @ShadowChasing1 @c3rb3ru5d3d53c @f0wlsec

2

38

18

11

0

Third Hand @p4rcomx

almost 4 years ago

@traveloka udah saya DM ya min

0

Third Hand @p4rcomx

almost 4 years ago

min @traveloka ini maksudnya gmana ya? jadi gw harus miss flight?

1

0

Third Hand @p4rcomx

almost 4 years ago

@haeboys @nojenen9 @shortamess @tanyakanrl https://t.co/sSJZJWfubr

1

0

p4rcomx retweeted

Samir

@SBousseaden

about 4 years ago

detailed analysis of the BLISTER Loader along with a config extractor h/t @DanielStepanic @soolidsnakee and MARE team https://t.co/slJZ8g0huM https://t.co/R65utJNvzv

1

50

21

8

0

Third Hand @p4rcomx

about 4 years ago

@indodax kalo lo ga becus ngurus migrasi, mending balikin ke bttold, biar bisa ngirim ke exchange lain dan lo bakal di tinggalin

2

0

p4rcomx retweeted

Samir

@SBousseaden

over 4 years ago

Some Detections for this IR report https://t.co/hGZLzekBCl: https://t.co/Y3BvgeInbG https://t.co/9BUpvMjSKE https://t.co/wRfQ8jxzQu https://t.co/KryLkzNEaO https://t.co/DrfDvWTkiy https://t.co/bGZXazMFJQ

1

159

56

39

0

p4rcomx retweeted

Stuhli @stuhlonsky

almost 5 years ago

Hello #DFIR people, since i often have to look up event IDs when doing analyses, i have structured my bookmark collection a bit and put it into a repo. Not much so far. And since that's how you do it today, I hope it turns into an awesome collection. https://t.co/IJCMp6dC6o

3

369

143

113

0

p4rcomx retweeted