@theyhack.bsky.social
infosec | security research: https://theyhack.me/cve/
Opinions are mine.
Opinions are mine.
Reposted
My team confirmed that recently disclosed Arista NGFW vulnerabilities are fully exploitable! RCE is possible with victim interaction. More details coming soon to our blog: bishopfox.com/blog
December 4, 2025 at 11:48 AM
My team confirmed that recently disclosed Arista NGFW vulnerabilities are fully exploitable! RCE is possible with victim interaction. More details coming soon to our blog: bishopfox.com/blog
Reposted
We now have a (draft) @metasploit-r7.bsky.social exploit module for the recent Fortinet FortiWeb vulns, chaining CVE-2025-64446 (auth bypass) + CVE-2025-58034 (command injection) to achieve unauthenticated RCE with root privileges: github.com/rapid7/metas...
November 21, 2025 at 1:29 PM
We now have a (draft) @metasploit-r7.bsky.social exploit module for the recent Fortinet FortiWeb vulns, chaining CVE-2025-64446 (auth bypass) + CVE-2025-58034 (command injection) to achieve unauthenticated RCE with root privileges: github.com/rapid7/metas...
Blog post for CVE-2025-64328 FreePBX Authenticated Command Injection has been released. It includes a nuclei template for detection.
theyhack.me/CVE-2025-643...
theyhack.me/CVE-2025-643...
CVE-2025-64328 FreePBX Authenticated Command Injection
Overview
theyhack.me
November 9, 2025 at 12:29 AM
Blog post for CVE-2025-64328 FreePBX Authenticated Command Injection has been released. It includes a nuclei template for detection.
theyhack.me/CVE-2025-643...
theyhack.me/CVE-2025-643...
Reposted
I have a close friend who spent the last 15 years as an ETL developer and whose department was recently laid off (jobs were outsourced). If anyone has or knows of any openings, this guy is intelligent, personable, and overall a great person, and I'd love to put you in touch.
Reposts appreciated!
Reposts appreciated!
August 12, 2025 at 1:55 AM
I have a close friend who spent the last 15 years as an ETL developer and whose department was recently laid off (jobs were outsourced). If anyone has or knows of any openings, this guy is intelligent, personable, and overall a great person, and I'd love to put you in touch.
Reposts appreciated!
Reposts appreciated!
Reposted
📣THREAD: It’s surprising to me that so many people were surprised to learn that Signal runs partly on AWS (something we can do because we use encryption to make sure no one but you–not AWS, not Signal, not anyone–can access your comms).
It’s also concerning. 1/
It’s also concerning. 1/
PSA: we're aware that Signal is down for some people. This appears to be related to a major AWS outage. Stand by.
October 27, 2025 at 10:38 AM
📣THREAD: It’s surprising to me that so many people were surprised to learn that Signal runs partly on AWS (something we can do because we use encryption to make sure no one but you–not AWS, not Signal, not anyone–can access your comms).
It’s also concerning. 1/
It’s also concerning. 1/
Reposted
📢 Confirmed! Sina Kheirkhah and McCaulay Hudson of Summoning Team used a pair of bugs to exploit of the Synology ActiveProtect Appliance DP320. That rounds their day off with another $50,000 and 5 more Master of Pwn points. (And clean that screen!) #Pwn2Own
October 21, 2025 at 4:21 PM
📢 Confirmed! Sina Kheirkhah and McCaulay Hudson of Summoning Team used a pair of bugs to exploit of the Synology ActiveProtect Appliance DP320. That rounds their day off with another $50,000 and 5 more Master of Pwn points. (And clean that screen!) #Pwn2Own
I released the details of CVE-2025-34227, an authenticated command injection vulnerability I discovered and reported in Nagios XI.
theyhack.me/CVE-2025-342...
theyhack.me/CVE-2025-342...
CVE-2025-34227 - Nagios XI Authenticated Command Injection in Configuration Wizard MySQL and PostgreSQL monitoring services leads to Remote Code Execution
Overview
theyhack.me
October 15, 2025 at 3:49 AM
I released the details of CVE-2025-34227, an authenticated command injection vulnerability I discovered and reported in Nagios XI.
theyhack.me/CVE-2025-342...
theyhack.me/CVE-2025-342...
has anyone ever actually got any useful information from a company's "service status" page? I don't think I've ever once went to the page and found something degraded/offline when I was experiencing an issue, only to find someone on reddit/hackernews posted the same issue...
October 4, 2025 at 2:50 PM
has anyone ever actually got any useful information from a company's "service status" page? I don't think I've ever once went to the page and found something degraded/offline when I was experiencing an issue, only to find someone on reddit/hackernews posted the same issue...
Reposted
Another day, another Remote Code Execution (and its 3 friends).
Pre-auth path traversal, hard-coded crypto key allowing cookie forgery, arbitrary file write, and PII disclosure in TRUfusion Enterprise (CVE-2025-27222 to CVE-2025-27225) #security
www.rcesecurity.com/2025/09/when...
Pre-auth path traversal, hard-coded crypto key allowing cookie forgery, arbitrary file write, and PII disclosure in TRUfusion Enterprise (CVE-2025-27222 to CVE-2025-27225) #security
www.rcesecurity.com/2025/09/when...
When Audits Fail: Four Critical Pre-Auth Vulnerabilities in TRUfusion Enterprise | RCE Security
www.rcesecurity.com
September 30, 2025 at 3:43 PM
Another day, another Remote Code Execution (and its 3 friends).
Pre-auth path traversal, hard-coded crypto key allowing cookie forgery, arbitrary file write, and PII disclosure in TRUfusion Enterprise (CVE-2025-27222 to CVE-2025-27225) #security
www.rcesecurity.com/2025/09/when...
Pre-auth path traversal, hard-coded crypto key allowing cookie forgery, arbitrary file write, and PII disclosure in TRUfusion Enterprise (CVE-2025-27222 to CVE-2025-27225) #security
www.rcesecurity.com/2025/09/when...
a5784ebd34c7f5117f7c846d1b31bcbdb1061b609327753613b49c341c1ab30b
September 7, 2025 at 3:52 AM
a5784ebd34c7f5117f7c846d1b31bcbdb1061b609327753613b49c341c1ab30b
CVE-2024-13986 has been assigned to two vulnerabilities in Nagios XI I found and reported last year that result in Remote Code Exection:
nvd.nist.gov/vuln/detail/...
Blog post and exploit I released on them here:
theyhack.me/Nagios-XI-Au...
nvd.nist.gov/vuln/detail/...
Blog post and exploit I released on them here:
theyhack.me/Nagios-XI-Au...
NVD - CVE-2024-13986
nvd.nist.gov
August 29, 2025 at 5:13 PM
CVE-2024-13986 has been assigned to two vulnerabilities in Nagios XI I found and reported last year that result in Remote Code Exection:
nvd.nist.gov/vuln/detail/...
Blog post and exploit I released on them here:
theyhack.me/Nagios-XI-Au...
nvd.nist.gov/vuln/detail/...
Blog post and exploit I released on them here:
theyhack.me/Nagios-XI-Au...
Reposted
At worst, E̶x̶c̶e̶l regex is the second best tool for the job.
May 27, 2025 at 5:48 PM
At worst, E̶x̶c̶e̶l regex is the second best tool for the job.
my favorite part of our med system is how a provider gets acquired/changes systems, and now I need to register on some new "portal" that was cloned from a random dashboard on github and rebranded, and then totally put all of my personal info in this one now.
May 20, 2025 at 9:55 PM
my favorite part of our med system is how a provider gets acquired/changes systems, and now I need to register on some new "portal" that was cloned from a random dashboard on github and rebranded, and then totally put all of my personal info in this one now.
I'm convinced some applications' defense is simply to load as many external resources as possible to deter attackers from looking through requests in burp.
May 2, 2025 at 4:14 PM
I'm convinced some applications' defense is simply to load as many external resources as possible to deter attackers from looking through requests in burp.
Reposted
New details on the ByBit/Safe{Wallet} breach, and uhhh wow, some really silly blunders on the DPRK side. They still succeeded which is the most upsetting part of all of this. Let's bully some threat actor tradecraft! A🧵
x.com/safe/status/...
x.com/safe/status/...
Safe.eth on X: "Investigation Updates and Community Call to Action" / X
Investigation Updates and Community Call to Action
x.com
March 6, 2025 at 5:21 PM
New details on the ByBit/Safe{Wallet} breach, and uhhh wow, some really silly blunders on the DPRK side. They still succeeded which is the most upsetting part of all of this. Let's bully some threat actor tradecraft! A🧵
x.com/safe/status/...
x.com/safe/status/...
It would be cool if with nuclei, you could select all templates that use a specific path. IE, if I could specify `~/nuclei-templates/http/exposed-panels/` and then run every template that is `{{baseURL}}` or every template that is `/admin` IE maximize matchers to requests ratio...
February 28, 2025 at 9:51 PM
It would be cool if with nuclei, you could select all templates that use a specific path. IE, if I could specify `~/nuclei-templates/http/exposed-panels/` and then run every template that is `{{baseURL}}` or every template that is `/admin` IE maximize matchers to requests ratio...
Reposted
My role was just eliminated.
February 3, 2025 at 10:04 PM
My role was just eliminated.
Reposted
Exciting news! I’ve been accepted to speak at #RSAC 2025! I’ll be presenting “Critiquing Cloud Criminals: Ready for Smarter Cloud Attacks?”. We’ll critique the tradecraft and techniques of real world threat actors! It’s like a Gordon Ramsay cooking show, minus the accent and swearing! See you in SF!
January 28, 2025 at 9:14 PM
Exciting news! I’ve been accepted to speak at #RSAC 2025! I’ll be presenting “Critiquing Cloud Criminals: Ready for Smarter Cloud Attacks?”. We’ll critique the tradecraft and techniques of real world threat actors! It’s like a Gordon Ramsay cooking show, minus the accent and swearing! See you in SF!
I suppose this will be my first post on here 😅
I found a fun path traversal in Nagios XI a couple months ago. Blog post is here: theyhack.me/Nagios-XI-Au...
I found a fun path traversal in Nagios XI a couple months ago. Blog post is here: theyhack.me/Nagios-XI-Au...
Nagios XI Authenticated Arbitrary File Upload + Path Traversal leads to Remote Code Execution
Overview I recently noticed quite a few folks recently looked at Nagios XI. Some even pulled the obfuscated stuff apart which I thought was really awesome! I still need to wrap my head around that and...
theyhack.me
January 23, 2025 at 4:07 PM
I suppose this will be my first post on here 😅
I found a fun path traversal in Nagios XI a couple months ago. Blog post is here: theyhack.me/Nagios-XI-Au...
I found a fun path traversal in Nagios XI a couple months ago. Blog post is here: theyhack.me/Nagios-XI-Au...