news
Burst Statistics WordPress Auth Bypass (CVE-2026-8181)
Sploitus-indexed flaw in is_mainwp_authenticated() lets unauthenticated attackers impersonate admins with any Basic Auth password.
- wordpress
- auth-bypass
- cve
- plugin
- privilege-escalation
SIGNALS
Third-party vulnerability intel indexed from public sources — Sploitus, Project Nightcrawler, Church of Malware, vx-underground, Hacker News, and others — for security research inquiry. OFFSITE.DARK does not discover or weaponize exploits; we index, analyze, attribute sources, and ask whether they have research value.
news
Cisco CUCM SSRF to RCE Chain (CVE-2026-20230)
Sploitus-indexed PoC analysis chains unauthenticated WebDialer SSRF through Axis internals to arbitrary file write and RCE.
- cisco
- cucm
- ssrf
- rce
- cve
- voip
- telecom
news
Claude Desktop Cowork VM Integrity Bypass (CVE-2026-7574)
Sploitus-indexed local flaw: Cowork trusts rootfs.img existence/version without hash or signature, enabling VM persistence.
- anthropic
- claude
- local
- persistence
- cve
- vm
news
Krayin CRM TinyMCE Upload RCE (CVE-2026-38526)
Sploitus-indexed authenticated PoC uploads PHP via /admin/tinymce/upload to public storage for www-data execution.
- krayin
- crm
- rce
- cve
- file-upload
- laravel
news
SP Page Builder Joomla Unauthenticated RCE (CVE-2026-48908)
Pre-auth ZIP upload to com_sppagebuilder iconfont path enables .PHP execution via .htaccess bypass; CVSS 10.0 on Sploitus.
- joomla
- rce
- cve
- cms
- file-upload
- joomshaper
news
BIND 9 Resolver Unbounded Loop DoS (CVE-2026-5950)
Unchecked resend loop in BIND 9 bad-server handling enables remote resource exhaustion; defensive notes indexed on Sploitus.
- bind
- dns
- dos
- cve
- isc
news
ek0ms savi0r Publishes REAPER GitHub Secret Scanner
ek0ms savi0r publishes REAPER on Church of Malware git — Go-based GitHub hidden secret scanner.
- tools
- github
- secrets
- offensive
news
GitLab WebAuthn 2FA Bypass (CVE-2026-2745)
Authentication bypass in GitLab WebAuthn 2FA due to inconsistent input validation; indexed on Sploitus Exploits of the week.
- gitlab
- webauthn
- auth-bypass
- cve
- 2fa
news
JupyterHub CSRF XSRF Bypass (CVE-2026-40864)
Sec-Fetch-Mode: no-cors misclassified as same-origin bypasses XSRF on /hub/spawn and /hub/accept-share; PoC indexed on Sploitus.
- jupyterhub
- csrf
- xsrf
- cve
- jupyter
news
kit-exploits-prv — Sploitus PoC Collection Roundup
Sploitus Exploits of the week entry kit-exploits-prv indexes a curated private PoC collection for authorized security testing.
- sploitus
- poc
- exploit-kit
- research
news
10k GitHub Repos Found Distributing Trojan Malware
Researcher identifies ~10,000 GitHub repos cloning legitimate projects and pushing trojanized README zip archives.
- malware
- supply-chain
- github
news
Nginx HTTP/3 QUIC Zero-Day (CVE-2026-42530)
Remote code execution in NGINX Open Source 1.31.0–1.31.1 when HTTP/3 QUIC is enabled; patched in 1.31.2.
- nginx
- zero-day
- rce
- cve
- quic
news
Popa Botnet Linked to NetNut Proxy Provider
Popa Android TV box botnet (~1.5–2.5M daily IPs) linked to publicly-traded Israeli firm Alarum/NetNut.
- botnet
- iot
- proxy
- android
news
mastercodeon Publishes Peercord P2P Chat on Church of Malware Git
mastercodeon publishes Peercord on Church of Malware git — decentralized Discord-like social platform.
- tools
- p2p
- infra
- decentralized
news
FortiBleed Leaks VPN Credentials for 73k Devices
FortiBleed data leak exposes Fortinet VPN credentials for approximately 73,000 devices.
- fortinet
- vpn
- breach
- credentials
- info-disclosure
news
Mastra NPM Scope Compromise Targets Crypto Wallets
140+ @mastra packages hijacked via dormant maintainer account; typosquat easy-day-js drops cross-platform stealer.
- npm
- supply-chain
- stealer
- lazarus
news
Malicious Steam Workshop Wallpapers Steal Accounts
Kaspersky finds dozens of trojanized Wallpaper Engine app wallpapers on Steam Workshop with tens of thousands of downloads.
- malware
- stealer
- gaming
- steam
news
152 Chrome Wallpaper Extensions Hide Ad Fraud
Network of 152 Chrome live wallpaper extensions faked web traffic and AdSense clicks; 105,000+ combined installs.
- malware
- chrome
- ad-fraud
- extensions
news
Mirai Variant Targets IoT Telnet
Modified Mirai strain scanning telnet with updated credentials and DGA C2.
- mirai
- iot
- botnet
- telnet
news
shell-quote quote() Newline Command Injection (CVE-2026-9277)
Sploitus-indexed PoC shows object-token newline in shell-quote quote() becomes POSIX command separator; fix in 1.8.4.
- npm
- nodejs
- command-injection
- cve
- supply-chain
news
Bookly WordPress Stored XSS via Cookie (CVE-2026-5513)
Unauthenticated stored XSS in Bookly ≤27.2 via bookly-customer-full-name cookie; scanner PoC indexed on Sploitus.
- wordpress
- bookly
- xss
- cve
- plugin
news
Apache HTTP/2 Bomb DoS (CVE-2026-49975)
Single-connection HPACK bomb plus flow-control stall can exhaust gigabytes of RAM; public PoC indexed on Sploitus.
- apache
- http2
- dos
- cve
- hpack
news
Avada Builder WordPress Unauthenticated RCE (CVE-2026-6279)
Sploitus-indexed PoC abuses fusion_get_widget_markup AJAX with leaked nonce to call_user_func arbitrary PHP functions.
- wordpress
- avada
- rce
- cve
- php
- fusion-builder
news
PeopleSoft SSRF PoC Enables Unauthenticated RCE (CVE-2026-35273)
Sploitus-indexed PoC chains SSRF via PSIGW HttpListeningConnector into cloud credential theft and remote code execution.
- peoplesoft
- ssrf
- rce
- cve
- oracle
- cloud
news
GreatXML: WinRE Defender Offline Scan BitLocker Bypass
MSNightmare PoC plants unattend.xml and Recovery artifacts on the WinRE partition — Shift+Restart into Defender offline-scan state spawns a shell with BitLocker volume access; no CVE, contested reproduction.
- microsoft
- bitlocker
- zero-day
- windows
- winre
- defender
- physical-access
- bypass
- unattend
news
JCE Joomla Unauthenticated RCE (CVE-2026-48907)
Sploitus-indexed PoCs chain unauthenticated JCE profile import to PHP execution in Joomla tmp/; CVSS 10.0.
- joomla
- jce
- rce
- cve
- cms
- file-upload
news
Patch Tuesday: 3 Zero-Days Addressed
June Patch Tuesday addresses 67 CVEs including 3 actively exploited zero-days.
- windows
- patches
- zero-day
news
RoguePlanet: Defender Quarantine Pipeline LPE Zero-Day
MSNightmare PoC races Defender's quarantine pipeline via NTFS junctions and oplocks to reach NT AUTHORITY\SYSTEM — no CVE, no patch, reproduced on fully patched Win11.
- microsoft
- defender
- zero-day
- privilege-escalation
- windows
- toctou
- lpe
- local
news
MiniPlasma: Cloud Files Driver Regression LPE (CVE-2020-17103)
Nightmare-Eclipse weaponizes James Forshaw's 2020 cldflt!HsmOsBlockPlaceholderAccess bug — original Project Zero PoC works unchanged on fully patched Win11; race to SYSTEM shell.
- microsoft
- windows
- cve
- privilege-escalation
- cldflt
- lpe
- local
- zero-day
- regression
news
WP Maps Pro Unauthenticated Admin Creation (CVE-2026-8732)
Sploitus mass-scanner PoCs abuse wpgmp_temp_access_ajax with public fc-call-nonce to create administrator accounts.
- wordpress
- privilege-escalation
- cve
- plugin
- auth-bypass
news
NGINX Rift Heap Overflow RCE (CVE-2026-42945)
18-year-old rewrite-module desync enables pre-auth RCE; depthfirst PoC indexed on Sploitus with Docker lab and exploit modes.
- nginx
- rce
- cve
- rewrite
- depthfirst
news
YellowKey: WinRE BitLocker Security Bypass (CVE-2026-45585)
Nightmare-Eclipse PoC replays FsTx transactions in WinRE via USB/EFI staging — CTRL during recovery reboot spawns shell with BitLocker volume access; patched June 2026.
- microsoft
- bitlocker
- cve
- windows
- winre
- physical-access
- bypass
news
GreenPlasma: CTFMON Arbitrary Section LPE (CVE-2026-45586)
Nightmare-Eclipse PoC races Winlogon desktop switch to redirect CTF.AsmListCache section creation via Object Manager symlinks — stripped PoC, full SYSTEM chain left as CTF challenge.
- microsoft
- windows
- cve
- privilege-escalation
- ctfmon
- lpe
- local
- zero-day
news
UnDefend: Defender Update-Pipeline DoS (CVE-2026-45498)
Nightmare-Eclipse standard-user PoC locks Defender signature/engine files — passive mode blocks updates, aggressive mode can disable the engine on platform updates; CISA KEV.
- microsoft
- defender
- cve
- denial-of-service
- windows
- edr
- local
news
RedSun: Defender Cloud-Tag Remediation LPE (CVE-2026-41091)
Nightmare-Eclipse PoC abuses Defender's cloud-tagged file restore path to write TieringEngineService.exe into System32 as SYSTEM — CISA KEV, patched May 2026 OOB.
- microsoft
- defender
- cve
- privilege-escalation
- windows
- toctou
- lpe
- local
- zero-day
news
BlueHammer: Defender Signature-Update TOCTOU LPE (CVE-2026-33825)
Nightmare-Eclipse PoC races MpSigStub.exe signature updates via oplocks and NTFS junctions to duplicate SAM/SYSTEM hives as SYSTEM — CISA KEV, patched April 2026.
- microsoft
- defender
- cve
- privilege-escalation
- windows
- toctou
- lpe
- local
- zero-day
news
React2Shell RCE in React Server Components (CVE-2025-55182)
Critical CVSS 10.0 RCE in react-server-dom-webpack affects React 19 and Next.js App Router; public PoC scanner indexed on Sploitus.
- react
- nextjs
- rce
- cve
- deserialization