Vulnerabilities

Flowchart of the WasmForge C# build pipeline. C# source from Rubeus, Seatbelt, and SharpDPAPI enters a build-time transformation stage, where csharp_patcher applies source transforms and routes BCL calls to WasmForge helpers, and pinvoke_scanner routes P/Invokes to C bridge sources, with residual stubs left for architectural holes. Output flows through dotnet publish, wasm-component-ld, a .wasm module, and the WasmForge host to a final signed PE.

GhostPack Necromancy: Reforging C# Tools with WasmForge

Michelle Rhodes | June 18, 2026 | C++, EDR evasion, GhostPack, NativeAOT, Offensive Security, Red Teaming, Rubeus, Seatbelt, Tools & Techniques, Vulnerability Research, WasmForge, WebAssembly

In the previous post we walked through WasmForge, our Go-to-WebAssembly loader that takes existing signatured Go tools and ships them as opsec-safe binaries. This approach doesn’t just apply to Go, however, as ...

Offensive Security Blog: Latest Trends in Hacking | Praetorian

FreeBSoD: Leveraging Language Models to Find and Exploit Kernel Bugs (Part 1 of 2)

Michelle Rhodes | June 17, 2026 | AI Security, Claude Code, CodeQL, CVE-2026-3038, Exploit Development, FreeBSD, KASAN, Kernel Security, Offensive Security, Tools & Techniques, Vulnerability Research, zero-day

Overview Earlier this year, a team at Praetorian was building Constantine, our automated 0-day discovery engine. I wanted to find techniques worth folding into it, so on the side I started poking ...

Offensive Security Blog: Latest Trends in Hacking | Praetorian

How Frontier AI Models Are Reshaping Cyber Defense

Matthew Rosenquist | June 16, 2026 | AI, Artificial Intelligence, Cybersecurity, Mythos, patching, Vulnerabilities

The latest developments in AI and cybersecurity, focusing on how frontier models like Mythos are changing the threat landscape by collapsing patch windows weeks to minutes, and what organizations need to do ...

Information Security Strategy

CVE-2026-35273: Active Exploitation of Oracle PeopleSoft Zero-Day Vulnerability

Nikita Waghole | June 16, 2026 | active exploitation, CVE-2026-35273, Oracle PeopleSoft, Oracle PeopleTools, Remote Code Execution, SSRF, Unauthenticated RC, Uncategorized, Zero-day Vulnerability

Oracle has disclosed CVE-2026-35273, a critical vulnerability in PeopleSoft Enterprise PeopleTools that has already been exploited by threat actors. The vulnerability allows unauthenticated attackers to remotely compromise vulnerable systems and. The post ...

Indusface

The Shift to Threat-Informed Prioritization: Operationalizing CISA BOD 26-04

Flashpoint | June 15, 2026 | cisa, CISA KEV, cyber threat intelligence, Vulnerabilities, vulnerability intelligence

In this post, we examine how CISA BOD 26-04 shifts the industry away from flat CVSS scoring and details how Flashpoint bridges the critical data gaps left by public vulnerability repositories The ...

Threat Intelligence Blog | Flashpoint

Claude Fable 5 and Mythos 5 “abruptly disabled” after US gov. ban

Malwarebytes | June 15, 2026 | AI, bugs, Fable 5, Mythos 5, SBN News, Vulnerabilities

Anthropic has been ordered by the US government to cut off its newest Claude Fable 5 and Mythos 5 models for fear of abuse ...

Malwarebytes

What to Do When You Receive a Bug Bounty Email

Deepak Gupta | June 15, 2026 | Best Practices, Cybersecurity, security, Vulnerability Management

A stranger emails saying they found a security hole in your site and would like a reward. Is it a genuine researcher, a low-effort "beg bounty," or extortion? Here is how to ...

Deepak Gupta's notebook

Mythos 5 Restricted by US Government for Being Too Dangerous

Matthew Rosenquist | June 13, 2026 | AI, Anthropic, Artificial Intelligence, Cybersecurity, Mythos, Vulnerabilities

For those of you who have been questioning the power and impact of Mythos, claiming the initial restricted use (Project Glasswing) was just a marketing ploy, I urge you to reconsider and ...

Information Security Strategy

Oracle Issues Emergency Guidance as PeopleSoft Flaw Linked to Widespread Data Theft

James Maguire | June 12, 2026 | CVE-2026-35273, Oracle, peoplesoft, security alert, vulnerability

A critical security vulnerability in Oracle’s PeopleSoft software has been linked to a large cyber campaign that may have affected more than 100 organizations, prompting urgent warnings from Oracle and cybersecurity investigators ...

Security Boulevard

What Are The 5 Steps of Vulnerability Management?

Puja Saikia | June 12, 2026 | AI-driven Vulnerability Management, AutoSecT, Vulnerability Management

The world has accepted the gift of artificial intelligence, and that includes both hackers and the organizations vulnerable to attacks. With the base being the same for both attackers and defenders, the ...

Kratikal Blogs

Vulnerabilities

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On