Posts tagged with "research"

When Your VPN Opens Your Private Network to the Public

How AI-assisted reverse engineering of stripped PAN-OS binaries led to finding a JWT algorithm confusion vulnerability in GlobalProtect's Cloud Authentication Service, enabling full VPN auth bypass with just a username.

r rootxharsh
・ May 20, 2026

research
RCE in VSCode Copilot Chat

Copilot agent mode is vulnerable to a prompt injection attack. If a repository maintainer clicks 'code with agent mode' on an issue, it will open a new codespace and copilot will automatically run the issue's description.

a ahacker1
・ May 13, 2026

research ai-security
$170k in Bypasses: The Vercel React2Shell Challenge

Working with Vercel Team to Keep the Internet Secure from React2Shell

g ginoah
M Mohan
・ May 4, 2026

research browser-security
Why Mythos doesn't matter (for us)

Benchmarking Hacktron's scanning pipeline shows that for most applications, smaller models run repeatedly can outperform larger frontier models on cost-to-recall.

l liveoverflow
・ April 29, 2026

research benchmark news
I Let Claude Opus Write a Chrome Exploit: The Next Model (Mythos?) Won't Need My Help?

I pointed Claude Opus at Discord's bundled Chrome (version 138, nine major versions behind upstream) and asked it to build a full V8 exploit chain. The V8 OOB we used was from Chrome 146, the same version Anthropic's own Claude Desktop is running. A week of back and forth, 2.3 billion tokens, $2,283 in API costs, and about ~20 hours of me unsticking it from dead ends. It popped calc.

M Mohan
・ April 15, 2026

research
Pre-Auth RCE in OpenAM via jato.clientSession (CVE-2026-33439)

Hacktron AI discovers a critical pre-authentication RCE in OpenAM through a forgotten deserialization parameter that the original CVE-2021-35464 fix missed.

i iamnoooob
h hacktron
・ April 7, 2026

research
vinext: Vibe-Hacking Cloudflare's Vibe-Coded Next.js Replacement

Cloudflare built a Next.js replacement in a week with AI for $1100. We pointed Hacktron at it to find what the tests missed.

M Mohan
h hacktron
r rootxharsh
・ February 27, 2026

research
Turning Cluely Into Malware

How we found a vulnerability in Cluely's Electron app that let any website silently capture screenshots, record audio, and exfiltrate everything - all because of a missing will-navigate handler.

M Mohan
・ February 14, 2026

research electron-security
RCE in Google's AI code editor Antigravity - $10000 Bounty

Hacktron AI Research Team discovered a critical RCE in Google’s Antigravity IDE that lets attackers take over your system just by opening a malicious website.

s sudi
・ February 8, 2026

research browser-security
CVE-2026-1731: Pre-Auth RCE in BeyondTrust Remote Support & PRA

Hacktron AI's agents identified a critical pre-authentication remote code execution (RCE) vulnerability in BeyondTrust Remote Support (RS) and older versions of Privileged Remote Access (PRA). This has been assigned CVE-2026-1731 with a CVSS 9.9 critical score.

r rootxharsh
M Mohan
・ February 6, 2026

research
Pwning OpenAI Atlas Through Exposed Browser Internals

A critical ChatGPT Atlas Browser vulnerability: XSS on an OpenAI subdomain let attackers hijack tabs, leak browsing URLs, and steal OAuth tokens.

M Mohan
s sudi
・ December 2, 2025

research browser-security
Securing Perplexity’s AI Browser from a One-Click UXSS

How Hacktron AI Research team identified and prevented a critical UXSS vulnerability in Perplexity's AI Browser - Comet.

M Mohan
s sudi
・ November 24, 2025

research browser-security
Auditing JDBC Drivers at Scale with Hacktron CLI

How we used Hacktron CLI to audit JDBC drivers at scale, mapping dangerous sinks to user input and turning file primitives into real-world RCEs and bug bounties.

r rootxharsh
・ November 21, 2025

research
SupaPwn: Hacking Our Way into Lovable's Office and Helping Secure Supabase

We hacked our way into Lovable's office by demoing SupaPwn — a chain that could potentially enable region-wide tenant takeover: event-trigger privilege window, DB superuser, host RCE, SUID escalation, exposed configs, orchestration takeover

M Mohan
r rootxharsh
z zayne
l liveoverflow
・ November 17, 2025

research
Introducing Hacktron AI: An autonomous penetration test of Gumroad

At Hacktron, we're building collaborative AI agents that act as autonomous security researchers. Learn more about our approach and our AI-driven pentest on Gumroad.

z zayne
M Mohan
・ August 14, 2025

research news
Executing arbitrary Python code from a comment

How a Python comment can turn a file into a ZIP polyglot, tricking the interpreter into running code. Insights from a UIUCTF 2025 challenge and Python's ZIP parsing quirks.

z zayne
・ July 28, 2025

research
Hacktron finds pre-auth RCE in Dassault Delmia Apriso

For years, this vulnerability hid in plain sight — missed by multiple audits and even used in production by Apple. In just ten minutes, Hacktron exposed a full pre‐auth RCE path.

r rootxharsh
・ June 3, 2025

research
Hacktron finds another pre-auth RCE variant in Ivanti EPMM

Hacktron AI uncovers a new pre-authenticated RCE variant in Ivanti EPMM by identifying a fresh EL injection sink.

r rootxharsh
・ May 16, 2025

research
CVE-2022-23597: Remote code execution on Element Desktop

We achieved full RCE on Element Desktop by chaining iframe injection, Electron misconfigs, and a V8 exploit to bypass sandboxing and access Node.js APIs from a subframe.

M Mohan
T TheGrandPew
・ August 13, 2022

research electrovolt
Remote code execution on Discord Desktop

How a chain of XSS, CSP bypass, and Electron misconfigs led to full remote code execution on Discord Desktop. We walk through the technical details, steps, and lessons learned.

M Mohan
・ July 29, 2022

research electrovolt
CVE-2021-43908: Remote code execution in VSCode restricted mode

How we achieved remote code execution in Visual Studio Code's Restricted Mode by chaining origin leaks, CSP bypasses, and webview message handler flaws.

M Mohan
T TheGrandPew
・ June 29, 2022

research electrovolt

When Your VPN Opens Your Private Network to the Public

RCE in VSCode Copilot Chat

$170k in Bypasses: The Vercel React2Shell Challenge

Why Mythos doesn't matter (for us)

I Let Claude Opus Write a Chrome Exploit: The Next Model (Mythos?) Won't Need My Help?

Pre-Auth RCE in OpenAM via jato.clientSession (CVE-2026-33439)

vinext: Vibe-Hacking Cloudflare's Vibe-Coded Next.js Replacement

Turning Cluely Into Malware

RCE in Google's AI code editor Antigravity - $10000 Bounty

CVE-2026-1731: Pre-Auth RCE in BeyondTrust Remote Support & PRA

Pwning OpenAI Atlas Through Exposed Browser Internals

Securing Perplexity’s AI Browser from a One-Click UXSS

Auditing JDBC Drivers at Scale with Hacktron CLI

SupaPwn: Hacking Our Way into Lovable's Office and Helping Secure Supabase

Introducing Hacktron AI: An autonomous penetration test of Gumroad

Executing arbitrary Python code from a comment

Hacktron finds pre-auth RCE in Dassault Delmia Apriso

Hacktron finds another pre-auth RCE variant in Ivanti EPMM

CVE-2022-23597: Remote code execution on Element Desktop

Remote code execution on Discord Desktop

CVE-2021-43908: Remote code execution in VSCode restricted mode

PRODUCT

RESEARCH

CONNECT

SOCIAL

DIAGNOSTICS