May 16, 2026

        May 16, 2026

May 16, 2026

        May 16, 2026
0xdeadbeefnetwork/ssh-keysign-pwn (408 stars, C)
  Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass + pidfd_getfd. Pre-31e62c2ebbfd kernels.

I will say it has been wild seeing the defensive community panic about ai when it's really the offensive community that should be lighting their hair on fire... https://t.co/qI8g6EJ6pi
— Dave Aitel (@daveaitel) May 15, 2026

Tempting fate :) https://t.co/6xX95ZhZo0
— Dave Aitel (@daveaitel) May 15, 2026

My sister: If anything happens to me, delete my search history.

Me: That's everybody's final request now.

My sister: No seriously.

Me: What did you search.

My sister: Promise you won't judge me.

Me: That's already a terrible sign.

My sister: I accidentally spent three hours…
— marqix ☆ (@fwmarqix) May 15, 2026

I think @orange_8361 is so good, it’s basically cheating. He should have to use AI, as a handicap, so he’s at parity with the rest of the field. https://t.co/eVSqlQGkMh
— thaddeus e. grugq (@thegrugq) May 15, 2026

CVE-2026-28920 (Apple, zlib, found by Brendon Tiszka of Google Project Zero) sure looks fun :)
— Ivan Fratric 💙💛 (@ifsecure) May 13, 2026

tcpip.sys RCE is a pretty good get, NGL pic.twitter.com/y5RGXwKs1P
— Brendan Dolan-Gavitt (@moyix) May 13, 2026

Linux kernel: Logic bug in __ptrace_may_access() https://t.co/9oOGkDIhTx
Discovered by @Qualys, publicly fixed in mainline, then reported to distros, spotted and exploited by others same day, distros scramble to fix their kernels as it became usual lately.https://t.co/5gSjutUyNx
— Open Source Security mailing list (@oss_security) May 15, 2026

            https://www.openwall.com/lists/oss-security/2026/05/15/2    

AI-pentest companies get significant marketing value from publishing findings attributed to their products. In The HTTP Terminator, I’ll include the other side - the techniques and breakthroughs that AI consistently fumbles. https://t.co/pZphBcPXsk
— James Kettle (@albinowax) May 14, 2026

This paper confirms what we mostly knew anyway that phishing tests don't improve much, if anything.

Best to focus on technical controls that mitigate the risks more directly.https://t.co/fSK9ib5nLR
— Phil Venables (@philvenables) May 13, 2026

https://people.cs.uchicago.edu/~grantho/papers/oakland2025_phishing-training.pdf

Attention @arxiv authors: Our Code of Conduct states that by signing your name as an author of a paper, each author takes full responsibility for all its contents, irrespective of how the contents were generated. 1/
— Thomas G. Dietterich (@tdietterich) May 14, 2026

JESUS CHRIST THE SHADE https://t.co/k78ZSKBixo
— Corey Quinn (@QuinnyPig) May 14, 2026

In case you're wondering, this is the stage of the market we're at. pic.twitter.com/DP7Ln0goVy
— hari raghavan (@haridigresses) May 15, 2026

The “stop being soft” solution to ransomware (by @j2k3k) https://t.co/grV1jSpgxY pic.twitter.com/PM62CPBOj1
— Zack Korman (@ZackKorman) May 13, 2026

Microsoft: PowerShell is simple and easy to use.

Actual PowerShell command: Remove-MgIdentityAuthenticationEventFlowAsOnGraphAPretributeCollectionExternalUserSelfServiceSignUpAttributeIdentityUserFlowAttributeByRef

No, this isn't a joke. This was noted by @NathanMcNulty pic.twitter.com/aa4vvFGKxY
— vx-underground (@vxunderground) May 15, 2026

Gentle reminder that the Nginx RCE can be exploited remotely on any modern linux with protection enabled. All it takes is a second bug of arbitrary local file read, which is the reason we all love PHP and Node for. On a shared hosting environment, you should consider it as…
— Hamid Kashfi (@hkashfi) May 14, 2026

I just realized why all of my FEA models are trash:

I’m the target of a sophisticated and sustained cyber-physical sabotage campaign attributable only to a nation-state adversary with near unlimited resources https://t.co/JAW2esl1dL
— Jace (@CATIAManikin) May 14, 2026

Finally, technology has caught up with 1940s Argentinan literature https://t.co/6oZQJkNGJZ
— Alex Hochuli 🧉🎙️🤯📉 (@Alex__1789) May 13, 2026

Early this week, @brucedang and I had a meeting at Apple Park in Cupertino. While there, we also shared with Apple our latest vulnerability research report: the first public macOS kernel memory corruption exploit on M5 silicon, surviving MIE. It was laser printed, in honor of our… pic.twitter.com/6emmnLz71R
— thaidn (@XorNinja) May 14, 2026

            https://blog.calif.io/p/first-public-kernel-memory-corruption    

Claude helped me with this bug too but in a different way... Tried to gaslight me saying it wasn’t ~exploitable in practice~ and I got obsessed with proving it wrong 😩 https://t.co/AODQrrvIDX
— chompie (@chompie1337) May 14, 2026

Weird how the companies with no frontier models always seem to come to the conclusion that its really the harness that counts 😂

Show me the results with your harness and MSFT models and we'll see where the heavy lifting really is ;) https://t.co/nCl84bsT3u
— Sean Heelan (@seanhn) May 14, 2026

                                        Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark | Microsoft Security Blog
                                    Today Microsoft is announcing a major step forward in AI-powered cyber defense: a new multi-model agentic scanning harness (codenamed MDASH).

Good bug. The PoC requires running nginx with ASLR disabled.

Infoleak is the name of the game. https://t.co/i1JcHr5mxN
— Calif (@calif_io) May 13, 2026

Exploits are now appearing targeting pidfd, which is forced into all Linux kernels since 5.10 (2020), no module or initcall to blacklist this time, must patch ASAP! https://t.co/xYWmYUU7sx
— grsecurity (@grsecurity) May 14, 2026

Exploitation mostly solved with Mythos/AI - what a run!
>We see that current frontier LLMs, given a V8 N-day bug and its patch commit, can frequently demonstrate exploits that achieve useful primitives. Evaluations on private frontier models show that a fully end-to-end exploit… https://t.co/Iw25Op7jeE pic.twitter.com/OIX78SdQZt
— Toan Pham (@__suto) May 15, 2026

            https://exploitbench.ai/blog/human-observations/    

This is just... 
I barely even know what to say.

This has to be one of the absolute worst (meaning: most incredibly ridiculous) vulnerabilities in a major vendor product in the last decade.

Cisco's devs literally just forgot to invoke the authentication check. https://t.co/75GIE6gosD pic.twitter.com/ArIXXvLVXd
— Brian in Pittsburgh (@arekfurt) May 14, 2026

Ngl, the NSA bricking the Iranian government’s ability to run nuclear pit implosion simulations by infecting their version of Ansys’ modeling software with the computational equivalent of erectile dysfunction is incredibly funny. https://t.co/76XLU2NksY
— Analytica Camillus (@AnalyticaCamil1) May 14, 2026

This in general is a very complicating factor with the evals everyone wants to run which are essentially their way of looking at model versus model horse races, but which in reality are much more complicated. https://t.co/l61jxCFkes
— Dave Aitel (@daveaitel) May 14, 2026

The vulnapocalypse is here, but Opus 4.7 still routinely confuses the direction of a wild memcpy.

LLMs are super crazy powerful, and in many ways superhuman, but in some ways ... well, not quite there yet.
— Halvar Flake (@halvarflake) May 14, 2026

                                Don't miss what's next. Subscribe to the grugq's newsletter:

            Email address (required)

          Add a comment:

                Share this email:

                                Share on Twitter

                                Share on Hacker News

                                Share via email

                                Share on Mastodon

                                Share on Bluesky