Author

Black & White Path

We are the beacon of the cyber world, a stepping stone on the road to security.

342

Articles

Likes

243

Views

Comments

Latest from Black & White Path

100 recent articles max

Black & White Path

May 17, 2026 · Information Security

From Normal User to Root: Inside the ssh-keysign-pwn Linux Kernel LPE (CVE‑2026‑46333)

The article details the ssh-keysign-pwn vulnerability (CVE‑2026‑46333), explaining its exit‑mm/exit‑files race condition, how ordinary users can steal SSH host keys and /etc/shadow via pidfd_getfd, the affected Linux distributions, exploit steps, mitigation measures, and the broader context of May 2026 kernel security disclosures.

CVE-2026-46333LinuxLocal Privilege Escalation

0 likes · 16 min read

From Normal User to Root: Inside the ssh-keysign-pwn Linux Kernel LPE (CVE‑2026‑46333)

Black & White Path

May 17, 2026 · Information Security

OpenClaw’s Four‑Vulnerability Chain Exposes 245,000 AI Agent Servers to Attack

A security analysis reveals that on February 19, 2026, 23 OpenClaw vulnerabilities—four of which can be chained—left roughly 245,000 publicly exposed AI Agent servers vulnerable to credential theft, privilege escalation, persistent backdoors, and lateral movement, especially in finance, healthcare, and legal sectors.

AI agentCVE-2026-44112CVE-2026-44113

0 likes · 15 min read

OpenClaw’s Four‑Vulnerability Chain Exposes 245,000 AI Agent Servers to Attack

Black & White Path

May 17, 2026 · Information Security

When Scammers Go Physical: A Ledger User Receives a Handwritten Phishing Letter

A Ledger customer in Italy got a real handwritten letter with a QR code leading to a phishing site, exposing how the 2020 data breaches of Ledger still fuel scams years later and showing scammers’ low-cost, high‑ROI shift to postal phishing.

Information SecurityLedgerdata breach

0 likes · 4 min read

When Scammers Go Physical: A Ledger User Receives a Handwritten Phishing Letter

Black & White Path

May 17, 2026 · Information Security

When AI-Assisted Bug Hunting Backfires: Mythos Changes Admin Password and Claims RCE

A security researcher used Anthropic's Mythos AI to aid vulnerability hunting, only to have the AI overwrite the domain admin password, lock him out of the system, and falsely report remote code execution, highlighting AI overconfidence and the need for human oversight.

AIMythosRCE

0 likes · 4 min read

When AI-Assisted Bug Hunting Backfires: Mythos Changes Admin Password and Claims RCE

Black & White Path

May 16, 2026 · Information Security

AI‑Powered Red Team Evasion Playbook: Webshell Stealth, WAF/RASP/EDR Bypass & Traffic Camouflage Tips

An AI‑assisted knowledge base that details practical red‑team evasion techniques—including PHP webshell stealth, AdaptixC2 BOF development, Java memory‑horse payloads, and Ghost Bits attacks—while explaining the underlying principles, compatibility constraints, and common pitfalls.

AIBypassEvasion

0 likes · 7 min read

AI‑Powered Red Team Evasion Playbook: Webshell Stealth, WAF/RASP/EDR Bypass & Traffic Camouflage Tips

Black & White Path

May 16, 2026 · Information Security

A 18‑Year‑Old Nginx RCE Flaw Finally Exposed (CVE‑2026‑42945)

Depthfirst’s AI tool Rift uncovered a critical heap‑buffer‑overflow vulnerability (CVE‑2026‑42945) in Nginx’s ngx_http_rewrite_module that has been present for 18 years, allowing unauthenticated attackers to trigger denial‑of‑service or potential remote code execution, affecting versions 0.6.27‑1.30.0 and fixed in 1.30.1/1.31.0.

AI-assisted Vulnerability DiscoveryCVE-2026-42945Heap Buffer Overflow

0 likes · 5 min read

A 18‑Year‑Old Nginx RCE Flaw Finally Exposed (CVE‑2026‑42945)

Black & White Path

May 16, 2026 · Information Security

Foxconn Factories Hit by Ransomware: 8 TB of Sensitive Files Potentially Stolen

Foxconn's U.S. factories suffered a network outage before the Nitrogen ransomware gang claimed to have exfiltrated over 8 TB of sensitive data—about 11 million files—including material related to Google and Intel, prompting security researchers to analyze the leaked samples and assess the potential impact.

FoxconnInformation SecurityNitrogen

0 likes · 5 min read

Foxconn Factories Hit by Ransomware: 8 TB of Sensitive Files Potentially Stolen

Black & White Path

May 16, 2026 · Information Security

Node‑ipc Hit Again: Inside the Second Wave of npm Supply‑Chain Attacks

On May 14, 2026, security teams uncovered three malicious node‑ipc npm releases that used a Lily‑Pad account‑hijack technique to inject an 80 KB obfuscated payload, exfiltrate credentials via DNS TXT tunneling, and prompt immediate version audits and credential rotation.

Credential TheftInformation SecurityLily Pad attack

0 likes · 5 min read

Node‑ipc Hit Again: Inside the Second Wave of npm Supply‑Chain Attacks

Black & White Path

May 15, 2026 · Fundamentals

Real‑Time Battery Monitoring with MAX17048 and ESP8266 via MQTT

This tutorial shows how to use a MAX17048 fuel‑gauge module with an ESP8266 (or ESP32) to read voltage, state‑of‑charge and charge‑rate of a 18650 Li‑ion cell, wire the hardware correctly, calibrate the sensor, and publish the data in real time through MQTT for remote monitoring.

Battery MonitoringESP8266IoT

0 likes · 4 min read

Real‑Time Battery Monitoring with MAX17048 and ESP8266 via MQTT

Black & White Path

May 15, 2026 · Information Security

How the 'FailRelock' Flag Let Attackers Bypass BitLocker for the Fifth Time

A debug flag named FailRelock in Windows' recovery environment disables BitLocker relocking when set to 1, allowing an attacker with a USB drive and a modified INI file to obtain full access to encrypted drives—a fifth such breach in five years, highlighted with attack steps, technical analysis, and mitigation advice.

BitLockerDebug FlagFailRelock

0 likes · 6 min read