Active Directory Takeover: Low-Priv to Domain Admin
How an AI security engineer chained DFSCoerce, NetNTLMv1, and DCSync to go from one low-privileged account to Domain Admin, live and fully anonymised.
Security research, product updates, CVE analysis, and offensive security insights from the Breachline Labs team.
How an AI security engineer chained DFSCoerce, NetNTLMv1, and DCSync to go from one low-privileged account to Domain Admin, live and fully anonymised.
Most AI browser tools script clicks and get flagged as bots. HumanBrowser gives Nebula a real Chromium it drives by sight, through an intercepting proxy.
TeamPCP poisoned Trivy, Checkmarx, and LiteLLM in a 2026 supply chain campaign (CVE-2026-33634). Who they are, what they hit, and how to stop them.
Anthropic's Claude Mythos post claimed 181 Firefox exploits and an overnight FreeBSD RCE. The model card's fine print tells a far more careful story.
XBOW raised $120M, Claude Mythos writes exploits overnight, yet curl's maintainer has never seen a valid AI bug report. What actually works versus theatre.
Vercel's April 2026 breach traces to one compromised third-party OAuth token from Context.ai. The full attack chain, the IOCs, and the lessons for your team.
Attackers backdoored Axios on npm on March 31, 2026, deploying cross-platform RATs in under 3 hours. Here's what happened and how to protect your builds.
Attackers compromised LiteLLM on PyPI on March 24, 2026, stealing credentials from thousands of AI deployments. Here's what happened and how to respond.
Security research, CVE analysis, and offensive security findings — delivered weekly.