Getting Started with the Pack2TheRoot (CVE-2026-41651) Vulnerability to Escalate Privileges
Pack2TheRoot is a security flaw that allows unprivileged users to gain full root access on Linux systems via the PackageKit service. Details below:
https://t.co/fpZYBZBaPb
@three_cube
I'm looking for 50 more software engineers to join my team at https://t.co/dSpoqHsWo9 for the next week. We work with frontier labs to help them train models.
100 - 200 USD /hr. Fully remote. Hiring in 150+ countries. RT's appreciated!
https://t.co/DGV9sKw6di
🚨 BREAKING: Wiz Research discovered Remote Code Execution on https://t.co/SvN2lGsnbO with a single git push
The flaw in @github allowed unauthorized access to millions of repositories belonging to other users and organizations 🤯
we cracked it. the cch= signing system in claude code is fully reverse engineered - all credits for the work go to @ssslomp who did an amazing re work
now any opensource client can let users actually use the anthropic subscription they already paid for. with whatever tool they want
already merged into free-code. third party clients can generate valid cch= hashes now, no official binary needed
the "native attestation layer" lasted about a day lol
You may have read @AnthropicAI Frontier Red Team's blogpost about finding zero-day vulnerabilities at scale. I think it's more than that - LLM workflows greatly improve "negative-day" and "never-day" discovery. Here's the tool I built to do this.
https://t.co/2U5VHOiBBD
Another vulnerability in React Server Components (CVE-2026-23864) that I reported was disclosed today.
This is separate from the one disclosed in December, so you'll need to update again.
https://t.co/k7hgEzIWDb
Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more.
Researchers have found two new vulnerabilities in React Server Components while attempting to exploit the patches last week.
These are new issues, separate from the critical CVE last week. The patch for React2Shell remains effective for the Remote Code Execution exploit.
Hey everyone! I’ve been building rep+, a lightweight HTTP Repeater inside Chrome DevTools. No proxy setup or certificates. Just open DevTools and start poking requests. It also has built-in AI for explanations and attack ideas. I’ll share one rep+ feature every day.
Try it 👇
IP whitelisting is fundamentally broken. At @assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: https://t.co/X3dkMz9gwK
How do we turn bad SSRF (blind) into good SSRF (full response)? The @assetnote Security Research team at @SLCyberSec used a novel technique involving HTTP redirect loops and incremental status codes that leaked the full HTTP resp. It may work elsewhere! https://t.co/CTSTEtKiD1