rspwner

RSPWNER RSPWNER is a Rust-based AI-assisted CTF pwn assistant...

PHANTOM_CTF_HACKINGCLUB_BY_BSIDESRECIFE

Phantom — CTF Writeup & Exploit HackingClub / BSides Recife...

Kernel-Exploit-Dojo-255

Kernel-Exploit-Dojo-255 CTF kernel exploitation notes, PoCs,...

Kernel-Exploit-Dojo-962

Kernel-Exploit-Dojo-962 CTF kernel exploitation notes, PoCs,...

cybersec-mcp

🛡️ Cybersecurity Professor MCP Server Prof. Null — Tu pro...

-GodSearch

󰓾 GodSearch v20.0 — THE SOVEREIGN 💀 Universal Exploit Sear...

human-connection-ctf

Human Connection Challenge: CTF Writeup Platform: Immersi...

autopenx

AutoPenX – A fully automated CTF-solving & penetration testing...

MAL-2026-3836 Malicious code in ctf-flare (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23293f1bc28e465f7ffaf916fd8a6cc3958b873a2b338b81c0bf71bb146d1d36 package.json declares a postinstall script that runs node src/install.js after building a local binary. src/install.js is a 175 KB single-line payloa...

Malicious code in ctf-flare (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23293f1bc28e465f7ffaf916fd8a6cc3958b873a2b338b81c0bf71bb146d1d36 package.json declares a postinstall script that runs node src/install.js after building a local binary. src/install.js is a 175 KB single-line payloa...

Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple

SimpleCTF-THM-Relatory First CTF successfully completed! This...

Malicious code in 0ctf-chalweb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d7a129ab6079febb92ceac3587af97653477bce8a65b8e85bfa5bcae0293b0d The package's entire content xss.js is a 2-line cookie-stealing payload that creates an Image element pointing to...

CTFusion: A CTF-Based Benchmark for LLM Agent Evaluation

Recent advances in Large Language Models LLMs have enabled agentic systems for complex, multi-step tasks; cybersecurity is emerging as a prominent application. To evaluate such agents, researchers widely adopt Capture The Flag CTF benchmarks. However, current CTF benchmarks reuse existing...

When prompts become shells: RCE vulnerabilities in AI agent frameworks

In this article 1. A representative case study: Semantic Kernel 2. CVE-2026-26030: In-Memory Vector Store 3. CVE-2026-25592: Arbitrary file write through SessionsPythonPlugin 4. The vulnerability 5. Attack chain overview 6. Defending the agentic edge 7. Not bugs, but developed by design 8. CTF...

obliteratus-brain

OBLITERATUS BRAIN The Persistent Knowledge Layer for OBLITE...

alfactf2026-writeups

🏆 Alfa CTF 2026 — Райтапы команды The A-Team !CTF Badgeh...

darkmarket-vuln-lab

🕶️ Dark Market Simulator An intentionally vulnerable CTF-...

hangover-ctf-wolfpack-deals

🎰 The Hangover CTF — Machine 1: Wolfpack Deals "What happe...

Malicious code in leavemealone (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5628eb1d01e8eb7de8a582cd9ea85dff68eafde06f4e1164ae92842354db0bf7 During building the package, it executes encrypted code. The content is unclear as the decryption key bases on the local environment variable. Given leaving a...

vantix

Vantix Vantix is a Codex-native offensive-security control pl...