Tag: Vulnerability Research
-
Hiding in Plain Sight: How Claude AI Exposed a 13-Year-Old RCE Flaw in Apache ActiveMQ
A vulnerability of over a decade’s standing has been unearthed within a preeminent messaging server, facilitating unauthorized command execution—often without the requirement of administrative credentials. The security lapse, designated CVE-2026-34197, resides in Apache ActiveMQ Classic and permits remote code execution via the management interface. An adversary can compel the server to retrieve an external configuration…
-
The Deflector Shield: Inside Project Glasswing’s $100M Race to Fix the Internet with AI
The titans of the technology sector have moved to fortify their defenses in a nascent phase of cyber warfare, where the pursuit of software vulnerabilities has transitioned from human analysts to formidable AI models. In a preemptive strike, Amazon Web Services, Anthropic, Apple, Google, Microsoft, NVIDIA, and several strategic partners have inaugurated “Project Glasswing”—an initiative…
-
The Two-Week Sprint: How Anthropic’s Claude Opus 4.6 Unmasked 22 Critical Firefox Vulnerabilities
Anthropic has heralded the culmination of its collaborative endeavor with Mozilla, wherein the artificial intelligence architecture Claude Opus 4.6 was instrumental in unearthing 22 nascent vulnerabilities within the Firefox browser. This narrative is profoundly remarkable not merely due to the sheer volume of discoveries, but because a contingent of these structural defects was isolated within…
-
The invisible Splinter: How a Hidden Node.js Flaw Bypasses 160 Million Weekly Security Guards
Within the Node.js ecosystem, a vulnerability has been unearthed pertaining to the foundational logic of the HTTP client, empowering threat actors to circumvent preexisting defenses against request splitting. Martino Spagnolo, operating under the moniker r3verii, promulgated a comprehensive analysis following the Node.js core team’s refusal to classify the issue as a transgression of their threat…
-
The Patch Hunter: Automating 1-Day Exploits with DiffRays and IDA Pro
DiffRays is a research-oriented tool for binary patch diffing, designed to aid in vulnerability research, exploit development, and reverse engineering. It leverages IDA Pro and the IDA Domain API to extract pseudocode of functions and perform structured diffing between patched and unpatched binaries. Features Patch Diffing: Compare functions across different binary versions to identify code changes. IDA Pro Integration: Uses IDA…
-
PolarDNS Tool Enables Security Research by Generating Malformed and Non-Compliant DNS Responses
PolarDNS is a specialized authoritative DNS server written in Python 3.x, originally developed as a tool for security testing of DNS recursive resolvers from the server-side. It allows the operator to produce custom DNS responses, making it suitable for in-depth DNS protocol testing purposes. PolarDNS can be used for testing of: DNS resolvers (server-side) DNS…
-
From Hobbyists to State Pipeline: China Centralizes Vulnerability Research and Bans Foreign Hacking Contests
Over the past two decades, China’s vulnerability research industry has evolved from a disorganized network of enthusiasts into a highly structured ecosystem deeply intertwined with state interests. In the early 2000s, it was a fragmented scene built on free databases and low-cost exploits; by the mid-2010s, however, it had transformed into a cohesive system comprising…
-
HackerOne Payouts Hit $81 Million: AI Vulnerability Reports Soar by Over 200%
The vulnerability rewards platform HackerOne has announced that over the past twelve months, white-hat hackers around the world have earned a total of $81 million in payouts — a 13% increase compared to the previous year. Today, HackerOne operates more than 1,950 bug bounty programs and provides services in vulnerability disclosure, penetration testing, and code…
-
Beyond the Cookie Jar: Uncovering Privacy Flaws in Google’s New Ad Tech
The book From Day Zero to Zero Day, published by No Starch Press, has been released, offering a comprehensive introduction to the fundamentals of vulnerability research. The author presented it at DEF CON 33 and the Crypto & Privacy Village conference, where he highlighted flaws in the implementation of Google’s Privacy Sandbox—a project intended to…
-
Phrack at 40: The Legendary Hacker Zine Celebrates Four Decades of Security and Subversion
The legendary hacker journal Phrack has turned forty, marking the occasion with its anniversary 72nd issue, published on August 19, 2025. Founded in the mid-1980s, this iconic publication is regarded as one of the oldest and most influential electronic magazines on hacker culture and computer security. In its traditional manifesto, the editorial board emphasizes that…
-
NCSC Launches Initiative to Boost UK Cyber Defenses with External Experts
The United Kingdom’s National Cyber Security Centre (NCSC) has unveiled a new program titled the Vulnerability Research Initiative (VRI), aimed at deepening collaboration with independent experts in vulnerability discovery. This initiative seeks to bolster the nation’s capabilities in identifying and analyzing security flaws across digital systems and critical infrastructure. Until now, the Centre’s internal specialists…
-
Jxscout: Unleash JavaScript’s Hidden Vulnerabilities with This Powerful Analysis Tool
jxscout is a tool designed to help security researchers analyze and find vulnerabilities in JavaScript code. It works with your favorite proxy (Burp or Caido), capturing requests and saving optimized versions locally for easy analysis in your preferred code editor. Key Features Asset Organization: Automatically saves and organizes relevant static assets (HTML, JavaScript) into an intuitive…