A PoC/exploit has been discovered for vulnerability CVE-2026-26114
PT ID: PT-2026-24324
Vendor: Microsoft
Product: Microsoft SharePoint Enterprise Server 2016
Description: Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Link: https://t.co/uHBd5jt9MN
#dbugs_vuln
Anonim bir GitHub kullanıcısı, henüz resmi olarak açıklanmamış olduğu iddia edilen güvenlik açıklarına ait PoC exploitlerini topluca yayınlıyor ve şöyle bir şaka yapıyor: "bunları siz raporlayın, CVE kredisini siz alın".
https://t.co/zJtJdblnzY
the engineer who built Claude Code just dropped a 28-minute video on how to write prompts that actually work
I've seen $300 courses that don't cover what he shows in the first 10 minutes
CLAUDE.md files, memory shortcuts, parallel sessions, prompting patterns
all in one video and completely free
works whether you're a developer, a beginner, or someone who's been using Claude for months
based on this, I put together 18 things you can copy and use in Claude today
full guide in the article below
Aaaand it's official! Orange Tsai (@orange_8361) of DEVCORE Research Team chained 3 bugs to achieve Remote Code Execution as SYSTEM on Microsoft Exchange, earning a whooping $200,000 and 20 Master of Pwn points. Full win! #Pwn2Own#P2OBerlin
‼️🚨 Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots.
Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's usual secrecy.
▪️ AI surfaces a massive wave of 0-day RCEs.
▪️ Submissions overwhelm ZDI past max capacity.
▪️ Slots run out. Researchers with working chains get rejected.
▪️ "Revenge disclosures" begin. ← we are here.
Confirmed casualties so far:
▪️ @xchglabs : 86 vulnerabilities prepared (PyTorch, NVIDIA, Linux KVM, Oracle, Docker, Ollama, Chroma, LiteLLM, llama.cpp). All rejected. Now reporting directly to vendors with writeups dropping as patches land.
▪️ @ggwhyp : full-chain Firefox RCE on Windows. Rejected. Publicly demoed (HTML page → cmd.exe → calc.exe). Responsibly disclosed to Mozilla.
▪️ @yunsu_dev : working RCE chain, rejected. Submitting elsewhere.
▪️ @ryotkak : tried to register for 3+ weeks. ZDI confirmed "at maximum capacity, can't add extra contest days." Considered canceling flight and hotel.
▪️ @anzuukino2802 : Claude Code RCE PoC. Rejected.
▪️ @desckimh : 0-day RCEs in Ollama and LM Studio. Rejected.
Reported impact: a community-estimated 150+ researchers tried to register. Accepted contestants are now being warned about collisions. Rejected vulnerabilities going to bug bounty programs may trigger pre-event patches that invalidate the work of those who got in.
ZDI has not publicly addressed the capacity issue. The event still runs May 14-16 in Berlin.
I had a great time at BSides Varaždin today. This conference keeps punching above its weight - single track, no sales pitches, just people who actually know their stuff talking about things that actually matter.
@BSidesVarazdin
He said in this video that finding 0-days with Claude wasn’t possible 3–4 months ago but at @0dinai we were already doing it back in Feb/March 2025.
We called the technique “OH LAWWWD.” We talked about it multiple times on podcasts and even demoed it live at @ekoparty last October.
We asked the crowd to pick any target someone said Discord.
We found 10 zero days in under 15 minutes.
1k retweets and I will release the monolithic prompt!
A threat actor installed Huntress.
... a hysterical mistake on their part, giving us first-hand insight to their tooling, workflow & routine. Phishing infra, stealer logs, Telegram+dark web sites, AI...
Hilarious goldmine of cybercrime deets with a front row seat: https://t.co/2gLT2VNDkO
🚨Alert🚨CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.8): Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol!
⚠They could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted network packet
📊34K+ Services are found on https://t.co/g3tSyh1Boc
🔗Hunter Link: https://t.co/jm6vQe2ZzV
📰Refer: https://t.co/CwqlZre3cz
👇Query
Hunter:/product.name="VMware vCenter Server"
FOFA: app="vmware-vCenter"
SHODAN: product:"VMware vCenter Server"
#VMware #hunterhow #infosec #infosecurity #Infosys #Vulnerability