![[packet storm]](/logos/linegray.webp)
About
Files
News
Vote
Help
Changes
API
Advertise
Contact
Store
Join
Login
Changelog
Date: 2026/04/21 (1776754800)
Had a couple real egg on face moments. The bookmarking flow for researchers had some remnant code that still disclosed email addresses without inheritance from the user profiles if mapped. This was a real edge case and after mining all of the logs on file, fortunately no data was disclosed outside of staff and the trusted researcher who found the issue. Additionally, an evaluation in the chat functionality caused a conversation to not show up in your index unless both parties had said something, resulting in one sided conversations not being easy to find. Again, a weird edge case but it has been addressed.
Date: 2026/04/20 (1776668400)
This AI slop has to stop. Here's the type of slop we are seeing almost daily. Learn and comprehend technology before you make claims as to what should be versus what is. Otherwise, you will just be blackholed.
Check out today's most hilarious "vulnerability":
I am writing this email in connection with potential vulnerabilities found on your website. I work as a security researcher and keep track of vulnerabilities in websites. Sadly, your website has some alarming vulnerabilities that would prove detrimental if exploited correctly.
*Vulnerability type:* *WAF Bypass*
*Infected subdomain: *packetstorm.news/
*Summary:*
Due to a lack of secure design, I was able to find the origin IPs
The IPs I found belong to :
https://packetstorm.news/
*Steps to reproduce:*
Simply visit.
https://64.71.185.196
*Impact:*
I guess if anyone tries to access through direct Ip it should show a FORBIDDEN ERROR but here due to misconfiguration from your side the website is accessible from direct IP. To exploit this it’ll only take a powerful DOS tool to disrupt your website or bypass any type of RATE LIMITATIONS. You can just use a powerful DOS tool on this IP, you will see how it is affected.
This attack vector can be extremely bad because with the IP found an attacker could attack the servers by DDoS or other attacks without being stopped by any firewall.
If you have any questions, please feel free to contact me. I'll be more than happy to assist you.
I look forward to hearing from you soon.
Date: 2026/04/17 (1776409200)
Everyone seems concerned about the AIpocalypse. Sure, Mythos may be powerful, but if it cuts down on the slop we get, let's do it. Please stop submitting fake issues that demonstrate you don't understand how our flows work. It wastes time.
Date: 2026/04/15 (1776236400)
A staggeringly large amount of aesthetic changes and flow updates were pushed today. Testing has been extensive but there can always be bugs. Please let us know if you hit any.
Date: 2026/04/08 (1775631600)
Dozens of interesting whitepapers on AI/LLMs have been added recently. Have a read, it's worthwhile and interesting research.
Date: 2026/03/30 (1774854000)
Updates are averaging around a hundred a day. This can cause large lists of specific advisories if you go through the generic feed. Pro Tip - Make use of tags for the types of files you seek or the search.
Date: 2026/03/18 (1773817200)
Public facing changes, other than news and file updates, will be minimal for at least the next couple weeks as various other projects are being worked on.
Date: 2026/03/04 (1772611200)
We're losing a lot of good hackers these days. Too many. Please remember to take time to touch grass and enjoy every element of life while you can. Time is very limited.
Date: 2026/02/23 (1771833600)
Lots of bots and people automating scraping were blocked this weekend while monitoring, including a /12 from China. Reach out if you feel you were accidentally blocked and want to become unblocked.
Date: 2026/02/21 (1771660800)
Today, quite a few fixes were pushed that addressed underlying aesthetic issues. There was also a bit of a facelift to the site with some flows changing. We will be doing additional testing throughout the weekend but please let us know if anything is broken for you.
Date: 2026/02/15 (1771142400)
Fixing quite a few bugs these days. More to come soon.
Date: 2026/01/28 (1769587200)
Submissions and items that need to be communicated have spiked in recent months. I suspect much of it is from AI assisted help (seems so). This has caused a backlog on development efforts as hours in the day are minimal. Apologies for the delay in our latest feature that has been communicated to some entities. We have vast improvements coming and hope to get them live in the coming month.
Date: 2025/12/18 (1766044800)
Updates are now hitting around 100-150 entries a day. Development has been delayed, but a new feature planned for this month should be released next month along with massive site clean ups. More to come!
Date: 2025/11/26 (1764144000)
Things always get busy the week of Thanksgiving. I suspect it's due to free time on people's hands. If responses are slow, that's why. We've gone from a daily update average of 20 daily entries to 50-100 daily entries this year with the improvements, but with it comes a time cost.
Date: 2025/11/09 (1762675200)
Large scale changes have been implemented. Load testing will occur today and updates will resume post load testing.
Date: 2025/11/06 (1762416000)
Some legacy nuances caused a backend dependency to fail in really odd places. Clean up and repair has begun on a massive scale but for now, it's delaying updates until later today.
Date: 2025/11/05 (1762329600)
Some emergency changes had to be made to ensure consistency across some dependencies and those in turn caused more dependency fall out. Some functions, like search, may be offline today as we troubleshoot. Update 2PM PST - things should be addressed but if you see some broken rendering or the like, please shoot a mail to staff@ thanks!
Date: 2025/11/02 (1762066800)
A major change was implemented on how we're blocking bot traffic. There may be edge cases where you might get caught up in it and if so, we'd love to know those use cases and will try to address them if possible. The site scraping is out of control and we're possibly going to force logins going forward to mitigate the abuse.
Date: 2025/10/29 (1761721200)
Profile images that were uploaded weren't getting properly unlinked upon account deletion. The images themselves were named with random values, so enumeration attacks wouldn't find them post account deletion, but if you had prior knowledge of the URL for someone's image, you could still see them. This affected 14 accounts (but as we've deleted the user data, it's just tied to arbitrary integers for us post user data deletion) and the related images have all been purged. The unlinking issue is fixed. Thanks to Arjun for the find!
Date: 2025/10/27 (1761548400)
I'm starting to feel like the maintainer of curl over here. Please only send in vulnerability reports that have been validated, have an actual security implication (not just a setting on/off that we may have a use for but could be dangerous if used wrong), and an indication that you comprehend what you are reporting and why it is an issue. It's getting silly (and excessively time consuming).