   ██████╗  ██████╗  ██████╗ ████████╗███████╗██╗  ██╗███████╗██╗     ██╗     
   ██╔══██╗██╔═══██╗██╔═══██╗╚══██╔══╝██╔════╝██║  ██║██╔════╝██║     ██║     
   ██████╔╝██║   ██║██║   ██║   ██║   ███████╗███████║█████╗  ██║     ██║     
   ██╔══██╗██║   ██║██║   ██║   ██║   ╚════██║██╔══██║██╔══╝  ██║     ██║     
   ██║  ██║╚██████╔╝╚██████╔╝   ██║   ███████║██║  ██║███████╗███████╗███████╗
   ╚═╝  ╚═╝ ╚═════╝  ╚═════╝    ╚═╝   ╚══════╝╚═╝  ╚═╝╚══════╝╚══════╝╚══════╝

Welcome to RootShell

Hardcore cybersecurity deep dives & breaking security news

238

Posts

125

Studies

113

News

📚 ~/study - Cyber Deep Dives

125 postsView all →

studyJun 13, 202615 min read

Intermediate Guide to Google Dork Operators: site:, inurl:, intitle:, intext:

Learn how to wield Google’s advanced search operators-site:, inurl:, intitle:, intext:-to uncover hidden files, exposed directories, and leaked credentials. The guide blends theory, Boolean logic, practical scripts, and mitigation tactics for seasoned security professionals.

google-dorkingdork-operatorsosintweb-recon

studyJun 12, 202615 min read

GraphQL Field-Level Authorization Bypass - A Hands-On Guide

Learn how missing or mis-configured field-level access controls let attackers read or modify data they shouldn't. The guide covers reconnaissance, crafting malicious queries, and validating bypasses with common tools.

graphqlauthorizationbypasssecurity

studyJun 11, 202615 min read

Second-Order SQL Injection: Detection, Exploitation & Defense

Learn how second-order SQL injection works, how to spot hidden payloads in data stores, automate detection, and apply robust mitigations. Real-world examples and hands-on scripts make the concepts actionable.

sqlisecond-orderweb-securitydetection

studyJun 10, 202615 min read

Local File Disclosure via XXE: Crafting SYSTEM Entity Payloads

Learn how to build SYSTEM entity payloads for XXE attacks, from DTD basics to OS path tricks, parser hardening, and hands-on testing with Burp and custom scripts.

xxelocal-file-disclosurexml-injectionweb-security

studyJun 2, 202615 min read

HTTP/2 Protocol Overview & Frame Structure - Introductory Guide

Learn the fundamentals of HTTP/2, its connection preface, frame types, multiplexing, flow control, HPACK compression and how it differs from HTTP/1.1 - especially for request smuggling scenarios.

http2protocolsecurityrequest-smuggling

studyJun 1, 202615 min read

Advanced QUIC Request Smuggling & Multi-Stream Exploitation

Learn how QUIC’s multiplexed streams can be abused for request smuggling, the underlying protocol quirks, practical exploitation steps, defensive controls, and hands-on labs.

quichttp-3request-smugglingmulti-stream-exploitation

📡 ~/news - Security News

113 postsView all →

newsMay 15, 20268 min read

AI-Generated Zero-Day 2FA Bypass Threatens Open-Source Sysadmin Tools

Google uncovered a zero-day 2FA bypass that appears to have been created by an AI system. The flaw targets a widely-used open-source web-based administration platform, prompting a rapid coordinated patch to avert mass exploitation.

AI securityzero-day2FA bypassGoogle

newsMay 11, 20268 min read

Dirty Frag (CVE-2026-43284): Critical Linux Kernel Zero-Day Grants Root With No Patch

A kernel-level bug in the Linux cryptographic API, dubbed Dirty Frag (CVE-2026-43284), lets unauthenticated attackers gain root privileges. No vendor patch exists yet; only temporary mitigations are available, and active exploitation is imminent.

linuxzero-daykernelsecurity

newsMay 10, 20268 min read

Ivanti EPMM Zero-Day (CVE-2026-6973) Exploited in Targeted Attacks - What You Need to Know

Ivanti disclosed a high-severity, authenticated input-validation flaw (CVE-2026-6973) in Endpoint Manager Mobile that is already being leveraged in targeted attacks. CISA added the vulnerability to its KEV catalog, demanding remediation by May 10 for federal agencies.

IvantiEPMMZero-DayCVE-2026-6973

newsMay 8, 20268 min read

Palo Alto Networks PAN-OS Zero-Day (CVE-2026-0300) Exploited in the Wild - Critical RCE Threat

A critical buffer-overflow (CVE-2026-0300) in PAN-OS User-ID Authentication (Captive) Portal enables unauthenticated remote code execution with root privileges. State-sponsored actors have been exploiting internet-exposed PA-Series and VM-Series firewalls for almost a month, and patches are slated for May 13.

PAN-OSZero-DayRCEFirewall

newsMay 7, 20268 min read

Critical MOVEit Automation Auth Bypass (CVE-2026-4670) Threatens Thousands of Deployments

Progress Software disclosed a critical authentication-bypass flaw (CVE-2026-4670) in MOVEit Automation, affecting versions prior to 2025.1.5, 2025.0.9 and 2024.1.8. Over 1,400 internet-exposed instances-incl. U.S. state and local agencies-remain unpatched, prompting urgent upgrades and mitigations.

CVE-2026-4670MOVEit AutomationAuthentication BypassCybersecurity

newsMay 5, 20268 min read

CISA Flags Critical Linux LPE ‘Copy Fail’ (CVE-2026-31431) as Actively Exploited

The U.S. CISA added CVE-2026-31431, known as “Copy Fail”, to its KEV catalog after confirming active exploitation. The flaw gives any local user a trivial path to root on Linux kernels from 2017 onward, affecting servers, desktops, and containers.

CVE-2026-31431LinuxPrivilege EscalationCISA KEV

contact

Feel free to reach out for collaboration, security consulting, or just to say hello.

[email protected]

Welcome to RootShell

📚 ~/study - Cyber Deep Dives

📡 ~/news - Security News

Support RootShell

What your sponsorship helps with:

contact