What? We’re here to uncover the most interesting security bugs and exploits with AI, exploring what’s possible when your pair top models with human expertise.

Between now and the end of April 2026, we’ll be dropping what we find on this blog and in our repo.

Bugs and Exploits

• 2026-03-30: Vim tabpanel modeline RCE affects Vim < 9.2.0272 (blog, PoC)

• 2026-03-30: GNU Emacs: Multiple Remote Code Execution Vectors on File Open (blog, PoC)

• 2026-03-31: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747) (blog, code)

• 2026-04-06: Discovering a radare2 0-Day in Zero Day (blog, code)

• 2026-04-07: Ghidra Server PKI User Impersonation via Null Signature(blog, code)

• 2026-04-09: Feeding Claude Phrack Articles for Fun and Profit (blog, code)

• 2026-04-10: Claude + Humans vs nginx: CVE-2026-27654 (blog, code)

• 2026-04-13: Codex Hacked a Samsung TV (blog, code)

• 2026-04-14: Learning to Jailbreak an iPhone with Claude (Part 1) (blog, code)

• 2026-04-16: We Asked Claude to Audit Sagredo’s qmail. It found a RCE (blog, code)

Blog posts: https://blog.calif.io/t/madbugs

PoCs and artifacts: https://github.com/califio/publications/tree/main/MADBugs