@theyhack.bsky.social
infosec | security research: https://theyhack.me/cve/ Opinions are mine.
If iOS was a car, notifications would pop up in front of your brake pedal and steering wheel.
22.02.2026 18:04 β π 0 π 0 π¬ 0 π 0New blog post out on an authenticated SQLi I found and reported in FreePBX a couple months ago:
theyhack.me/CVE-2025-677...
π―
28.01.2026 16:46 β π 1 π 0 π¬ 0 π 0My team confirmed that recently disclosed Arista NGFW vulnerabilities are fully exploitable! RCE is possible with victim interaction. More details coming soon to our blog: bishopfox.com/blog
04.12.2025 11:48 β π 2 π 2 π¬ 0 π 0
We now have a (draft) @metasploit-r7.bsky.social exploit module for the recent Fortinet FortiWeb vulns, chaining CVE-2025-64446 (auth bypass) + CVE-2025-58034 (command injection) to achieve unauthenticated RCE with root privileges: github.com/rapid7/metas...
21.11.2025 13:29 β π 20 π 10 π¬ 1 π 0Blog post for CVE-2025-64328 FreePBX Authenticated Command Injection has been released. It includes a nuclei template for detection.
theyhack.me/CVE-2025-643...
I have a close friend who spent the last 15 years as an ETL developer and whose department was recently laid off (jobs were outsourced). If anyone has or knows of any openings, this guy is intelligent, personable, and overall a great person, and I'd love to put you in touch.
Reposts appreciated!
π£THREAD: Itβs surprising to me that so many people were surprised to learn that Signal runs partly on AWS (something we can do because we use encryption to make sure no one but youβnot AWS, not Signal, not anyoneβcan access your comms).
Itβs also concerning. 1/
π’ Confirmed! Sina Kheirkhah and McCaulay Hudson of Summoning Team used a pair of bugs to exploit of the Synology ActiveProtect Appliance DP320. That rounds their day off with another $50,000 and 5 more Master of Pwn points. (And clean that screen!) #Pwn2Own
21.10.2025 16:21 β π 2 π 1 π¬ 0 π 0I released the details of CVE-2025-34227, an authenticated command injection vulnerability I discovered and reported in Nagios XI.
theyhack.me/CVE-2025-342...
has anyone ever actually got any useful information from a company's "service status" page? I don't think I've ever once went to the page and found something degraded/offline when I was experiencing an issue, only to find someone on reddit/hackernews posted the same issue...
04.10.2025 14:50 β π 1 π 0 π¬ 0 π 0Another day, another Remote Code Execution (and its 3 friends).
Pre-auth path traversal, hard-coded crypto key allowing cookie forgery, arbitrary file write, and PII disclosure in TRUfusion Enterprise (CVE-2025-27222 to CVE-2025-27225) #security
www.rcesecurity.com/2025/09/when...
a5784ebd34c7f5117f7c846d1b31bcbdb1061b609327753613b49c341c1ab30b
07.09.2025 03:52 β π 0 π 0 π¬ 0 π 0CVE-2024-13986 has been assigned to two vulnerabilities in Nagios XI I found and reported last year that result in Remote Code Exection:
nvd.nist.gov/vuln/detail/...
Blog post and exploit I released on them here:
theyhack.me/Nagios-XI-Au...
Yup.
24.07.2025 14:49 β π 36 π 7 π¬ 0 π 4
10.07.2025 16:59 β π 0 π 0 π¬ 0 π 0
lol fr. I always see stuff like this in products and think of how hard companies try to make so much of tech seem like it's magic, and not just some HTTP request, probably to a spring boot API...
02.06.2025 17:28 β π 1 π 0 π¬ 0 π 0At worst, EΜΆxΜΆcΜΆeΜΆl regex is the second best tool for the job.
27.05.2025 17:48 β π 0 π 0 π¬ 0 π 0my favorite part of our med system is how a provider gets acquired/changes systems, and now I need to register on some new "portal" that was cloned from a random dashboard on github and rebranded, and then totally put all of my personal info in this one now.
20.05.2025 21:55 β π 0 π 0 π¬ 0 π 0news.ycombinator.com/item?id=4401...
IANA anything to do with this field, but there is some decent discussion on this study here.
That was a really fun read!
Heads up, I _think_ there are a couple typos in this line
> Just like that, we've seemingly replicated CVE-2025-4427 - but as always, we cant't help but wonder about t why this vulnerability works this way.
That one line issue with XXE, I seem to remember coming across something when I had the same issue where a Java version change causes newlines to throw an exception vs older java would just send them. I _think_ it was version 11, but google is not cooperating today.
12.05.2025 13:16 β π 0 π 0 π¬ 0 π 0I'm convinced some applications' defense is simply to load as many external resources as possible to deter attackers from looking through requests in burp.
02.05.2025 16:14 β π 0 π 0 π¬ 0 π 0
New details on the ByBit/Safe{Wallet} breach, and uhhh wow, some really silly blunders on the DPRK side. They still succeeded which is the most upsetting part of all of this. Let's bully some threat actor tradecraft! Aπ§΅
x.com/safe/status/...
jinja2.exceptions.UndefinedError: 'randstr' is undefined π π
04.03.2025 22:06 β π 1 π 0 π¬ 0 π 0It would be cool if with nuclei, you could select all templates that use a specific path. IE, if I could specify `~/nuclei-templates/http/exposed-panels/` and then run every template that is `{{baseURL}}` or every template that is `/admin` IE maximize matchers to requests ratio...
28.02.2025 21:51 β π 0 π 0 π¬ 0 π 0Yep.
Then I accidentally click one of the columns like `host` and it changes without me realizing it, then I go insane thinking burp is broken π
I kinda wish you could lock that somehow...
My role was just eliminated.
03.02.2025 22:04 β π 30 π 4 π¬ 16 π 1
Exciting news! Iβve been accepted to speak at #RSAC 2025! Iβll be presenting βCritiquing Cloud Criminals: Ready for Smarter Cloud Attacks?β. Weβll critique the tradecraft and techniques of real world threat actors! Itβs like a Gordon Ramsay cooking show, minus the accent and swearing! See you in SF!
28.01.2025 21:14 β π 13 π 1 π¬ 1 π 0client side 2fa π
24.01.2025 16:53 β π 0 π 0 π¬ 0 π 0
