RME-DisCo @ UNIZAR [www.reversea.me]

Exploiting a PHP Object Injection in Profile Builder Pro in the era of AI #PHPObjectInjection #ProfileBuilderPro #WordPressSecurity #RemoteCodeExecution #AIAssistedExploit https://blog.sicuranext.com/exploiting-a-php-object-injection-in-profile-builder-pro-in-the-era-of-ai/

Cybersecurity AI: A Game-Theoretic AI for Guiding Attack and Defense #CybersecurityAI #GameTheoretic #AttackDefense #LLMGuidance #StrategicAI https://arxiv.org/abs/2601.05887

One-click RCE on OpenClaw in under 2 hours with an Autonomous Hacking Agent https://ethiack.com/news/blog/one-click-rce-openclaw

ZK credential sharing #ShareMyLogin #ZeroKnowledge #CredentialSharing #SecureSharing #PrivacyTech https://sharemylogin.com/

General Graboids: Worms and Remote Code Execution in Command & Conquer #CommandAndConquer #GameVulnerabilities #RemoteCodeExecution #P2PWorm #SecurityResearch https://www.atredis.com/blog/2026/1/26/generals

CVE-2025-40551: Another Solarwinds Web Help Desk Deserialization Issue #SolarWindsWHD #RCEVulnerability #DeserializationIssue #PatchBypass #CVE202540551 https://horizon3.ai/attack-research/cve-2025-40551-another-solarwinds-web-help-desk-deserialization-issue/

Blind Boolean-Based Prompt Injection https://medium.com/@danielhammon1/blind-boolean-based-prompt-injection-62a3bfc38101

Corrupting the Hive Mind: Persistence Through Forgotten Windows Internals #Swarmer #WindowsPersistence #EDREvasion #OfflineRegistry #MandatoryProfiles https://www.praetorian.com/blog/corrupting-the-hive-mind-persistence-through-forgotten-windows-internals/

Bypassing Windows Administrator Protection #WindowsSecurity #AdministratorProtection #UACBypass #ProjectZero #KernelVulnerability https://projectzero.google/2026/26/windows-administrator-protection.html

Certificate Transparency as Communication Channel #CertificateTransparency #HiddenData #CovertChannel #RSAKeys #ImmutableLogs https://latedeployment.github.io/posts/certificate-transparency-as-communication-channel/

ISC BIND vulnerability discovered and disclosed by Marlink Cyber #MarlinkCyber #ISCBIND #DenialOfService #DNS #SecurityPatch https://marlink.com/resources/knowledge-hub/isc-bind-vulnerability-discovered-and-disclosed-by-marlink-cyber/

Malware Analysis, Phishing, and Email Scams #PhishingScam #PNBMetLife #FinancialFraud #CredentialHarvesting #TelegramBots https://malwr-analysis.com/2026/01/21/fake-pnb-metlife-payment-gateway-page-stealing-customer-details-and-redirecting-victims-to-upi-payments/

When The Gateway Becomes The Doorway: Pre-Auth RCE in API Management . #APIGateway #PreAuthRCE #JavaDeserialization #BugBounty #SecurityResearch https://principlebreach.com/lab/when-the-gateway-becomes-the-doorway-pre-auth-rce-in-api-management

Billion-Dollar Bait & Switch: Exploiting a Race Condition in Blockchain Infrastructure #BlockchainVulnerability #RaceCondition #BaitAndSwitchExploit #EthereumSecurity #ArbitrageHeist https://mavlevin.com/2026/01/18/flashbots-mev-relay-race-condition-vulnerability

Successful Errors: New Code Injection and SSTI Techniques #SSTIResearch #CodeInjection #ErrorBasedTechniques #BlindExploitation #SSTImapTool https://github.com/vladko312/Research_Successful_Errors

vibe coding has a 12x cost problem. maintainers are done. #VibeCoding #MaintainerBurnout #SyntheticVulnerabilities #CostAsymmetry #AICodeQuality https://webmatrices.com/post/vibe-coding-has-a-12x-cost-problem-maintainers-are-done

Cloudflare Zero-day: Accessing Any Host Globally #CloudflareZeroDay #CybersecurityResearch #FearsOffSecurity #GlobalHostAccess #DigitalProtection https://fearsoff.org/research/cloudflare-acme

After the Takedown: Excavating Abuse Infrastructure with DNS Sinkholes #DNSSinkholes #AbuseInfrastructure #PassiveDNS #TakedownAnalysis #Badbox20 https://disclosing.observer/2026/01/14/excavating-abuse-infrastructure-dns-sinkholes.html

Account Takeover in Facebook mobile app due to usage of cryptographically unsecure random number generator and XSS in Facebook JS SDK #FacebookAccountTakeover #InsecureRandomNumber #DOMXSS #MobileAppVulnerability #IframeExploitation https://ysamm.com/uncategorized/2026/01/17/math-random-facebook-sdk.html

How I Used an Agent to Hunt Vulns #Blazelight #TerminalUI #WebNavigation #GuestPrompt #DigitalPortfolio https://blazelight.dev/blog/agent-vuln-hunting.mdx