May 5, 2026

This one is ours! CVE-2026-42511 was discovered by Joshua Rogers from our research team using @Aisle_Inc's AI system in FreeBSD, the same codebase Anthropic previously scanned with Mythos.

Remote code execution as root in FreeBSD's DHCP client, affecting all supported versions! https://t.co/XTsVaCqfTB

— Stanislav Fort (@stanislavfort) May 4, 2026

I wrote a blog post about the recent copy(dot)fail bug, trying to explain some general concepts that I think were glossed over in the official article by @theori_io.https://t.co/O58Lq78xIe

— r3tr074@nso.group (@r3tr074) May 4, 2026

aave: yo arbitrum, send back the $71m you get from the hacker, we need it

arbitrum: chill, we’re voting on it, you’ll have it in a few days. defi united, remember?

aave: bet. love that for us

(suddenly, american lawyers show up)
plaintiffs: stop right there. that $71m is ours… https://t.co/MdbGGdcjZR pic.twitter.com/tafx2XRDH3

— The Smart Ape 🔥 (@the_smart_ape) May 4, 2026

The RF world is insane.

Researchers recovered AES-128 keys from a Bluetooth chip by listening to its own antenna from 10 meters away.

Crypto-engine switching noise couples into the RF chain, rides the 2.4 GHz carrier, and leaks out as radio. pic.twitter.com/uWKIMBDsm4

— Owen Brake (@OwenBrakes) May 4, 2026

We found a zero-authorization vulnerability in an a16z-backed DoD startup that exposed the data of active U.S. military personnel.

We tried to report it. They ignored us for 150 days.

Here is how our open-source AI agent found the ultimate OPSEC nightmare 🧵👇 pic.twitter.com/A4UVE26ee0

— Strix (@strix_ai) May 4, 2026

Can finally share our exploit's heap-grooming technique for this tricky bug in MariaDB, showing how we turned a character-constrained overflow into full RCEhttps://t.co/3VsO1kzZCL https://t.co/ZMsnRVMR0T

— Tim Becker (@tjbecker) May 4, 2026

CVE-2026-32710: MariaDB JSON_SCHEMA_VALID heap buffer overflow leading to RCE | ZeroDay.cloud

A heap buffer overflow in MariaDB's JSON_SCHEMA_VALID() function allows authenticated users to escalate privileges and execute arbitrary OS commands. Discovered by Xint Code at ZeroDay.Cloud 2025.

Patching is necessary, but not sufficient. I think of *known* vulnerability management as the absolute bare minimum of a security program.

Today, it's important to realize that discovering and exploiting latent vulnerabilities is getting ~10-100x cheaper and more accessible. In… https://t.co/LviKqWfndZ

— Dino A. Dai Zovi (@dinodaizovi) May 4, 2026

A breakdown of what happened and how @grok got tricked to send debtreliefbot:native tokens

1-Preparation NFT gift unlocks tools
The attacker linked to ilhamrafli.base.eth gifted a Bankr Club Membership NFT to Grok’s on-chain wallet (0xb1058c959987e3513600eb5b4fd82aeee2a0e4f9,… https://t.co/2nQvFLIDv2

— Medbdy(🔆) (@Medbdytoblaser) May 4, 2026

A lot of the responses to this image have used it to argue that China had the technology to explore the world, chose not to, and thereby missed the great age of European expansion through cultural sclerosis or bureaucratic timidity. The argument has the comparative outcome right,… https://t.co/LyeXsleVAS

— Petruchio (@petruch10) May 4, 2026

You know what, if someone tricks an AI into sending them $200K with morse code via prompt injection, they deserve it.

enjoy the loot bro https://t.co/Sv0bDPjScw pic.twitter.com/2h9ntPMWww

— Wazz (@WazzCrypto) May 4, 2026

I'm launching https://t.co/IyYJh1aGMT.

I coined "Bugflation" to describe a shift in software security: software didn't suddenly become worse but the cost of finding old bugs is falling.

AI-assisted discovery is scaling. Bottleneck is now validation, patching and deployment. pic.twitter.com/UaaAi53YAQ

— Mounir IDRASSI (@idrassi) May 4, 2026

Bugflation — Tracking AI-Accelerated Vulnerability Discovery

Bugflation tracks the public evidence that AI-assisted systems are changing vulnerability discovery economics.

How Claude Code Actually Works
We read all 512K lines of Claude Code's accidentally exposed source. 82 docs, 15 diagrams, every subsystem mapped — from the hidden YOLO safety classifier to multi-agent swarms.https://t.co/H0MOfJeruq

— Swissky (@pentest_swissky) May 4, 2026

GitHub - thtskaran/claude-code-analysis: We read all 512K lines of Claude Code's accidentally exposed source. 82 docs, 15 diagrams, every subsystem mapped — from the hidden YOLO safety classifier to multi-agent swarms. · GitHub

We read all 512K lines of Claude Code's accidentally exposed source. 82 docs, 15 diagrams, every subsystem mapped — from the hidden YOLO safety classifier to multi-agent swarms. - thtskaran/cla...

thtskaran/claude-code-analysis (102 stars) We read all 512K lines of Claude Code's accidentally exposed source. 82 docs, 15 diagrams, every subsystem mapped — from the hidden YOLO safety classifier to multi-agent swarms.

source: Swissky (@pentest_swissky)

The secret's out.🤫

Introducing THE https://t.co/iULfuMrtEd COMMUNITY 👾

Inside:
• 0-day vuln deep dives from @xint_official, @stdoutput, @pspaul95 & more...
• Access to events & a network of world-class hackers
• CTFs with prizes

Join now :) pic.twitter.com/H67x4NMgAD

— Wiz (@wiz_io) May 4, 2026

ZeroDay.cloud | Vulnerability research community

Join ZeroDay.cloud, a cloud security and vulnerability research community. Compete in CTF challenges, discover zero-days, and climb the leaderboard.