Hacking

6 CVEs and $750: Automating ReDoS Vulnerability Discovery with AI

2026-04-27

#hacking #huggingface #transformers #CVE #CVE-2025-3263 #CVE-2025-3264 #CVE-2025-3933 #CVE-2025-5197 #CVE-2025-6051 #CVE-2025-6638 #machine-learning #RegEx #DoS #ReDoS #bug-bounty #huntr

How I used ChatGPT to build a ReDoS vulnerability scanner in just an hour, found 6 vulnerabilities in HuggingFace’s Transformers, got paid $750, and earned 6 CVEs.

[Read more]

TensorFlow CVE-2021-37678 – YAML Deserialization RCE

2025-12-03

#hacking #google #tensorflow #keras #CVE #CVE-2021-37678 #machine-learning #RCE #Deserialization

A look into how I discovered an RCE in TensorFlow/Keras caused by unsafe YAML deserialization, how it worked, and what I learned from it.

[Read more]

Mobile Hacking: #1 - Setting Up An Android Pentesting Environment

2025-11-10

#hacking #mobile #android #emulator #avd #root #magisk #frida

I often forget how to do this. So I’m posting it here so that I can come back when I need it (content poverty laughs from the corner).

Prerequisites:

Android Studio (or just the SDK tools if you’re a nerd)
Android Virtual Device (I don’t like Genymotion)
Python
Conda or any other environment manager (optional but recommended)

If the SDK binaries are not in your PATH environment variable, paste the following in your .bashrc or equivalent.

[Read more]

Posts for: #Hacking

6 CVEs and $750: Automating ReDoS Vulnerability Discovery with AI

TensorFlow CVE-2021-37678 – YAML Deserialization RCE

Mobile Hacking: #1 - Setting Up An Android Pentesting Environment