Marius Avram @securityshell
Web Application Security Consultant. Two sons' proud dad! https://t.co/uEjJ0UQkhV Online Joined May 2009-
Tweets17K
-
Followers16K
-
Following1K
-
Likes12K
man, the silence from google is making me go crazy. the new chrome release has 429 security fixes, mostly found by google itself. why don’t they want to tell the world how cool their latest AI/security work is? at this point, it is absurd to not explain what is going on with this sudden spike.
❗️🚨 An Israeli company has backdoored hundreds of millions of households through countless Smart TV apps, and they're quietly turning Samsung and LG TVs into exit nodes for AI web-scraping. Your TV is relaying strangers' web traffic from your home IP, your bandwidth, your address attached to whatever those scraping jobs touch. Roku, Fire TV and Google TV banned the practice. Samsung and LG didn't. The culprit is Bright Data's proxy SDK, which rides inside Tizen and webOS apps, 200+ on webOS alone. Datacenter IPs get blocked, home IPs don't. Include Security reverse-engineered the SDK and found its relay protocol has no message signing, authentication, or device attestation. Their words: less secure than typical malware command-and-control. To make things worse, they found that in iOS the relay tunnel binds straight to the physical network interface, so it routes around any VPN the user is running. Bright Data's config also ships per-country tiers. Devices in Uzbekistan and Oman are cleared to relay down to 1% battery, with data caps up to 60x the worldwide default. Before the BaCkDoOrEd replies land: technically you agreed. In practice you were enrolled into a global proxy network you were never given the information to refuse. And these exit nodes drag down your IP's reputation, potentially leaving you with blocks from providers.
‼️🚨 A new npm supply-chain attack compromised 57 packages across over 286 malicious versions in under 2 hours. The attackers used self-replicating malware, a new version of the Miasma worm, which also used evasion techniques to stay under the radar. The payload targets CI/CD and developer credentials, including GitHub Actions secrets, cloud credentials, Vault tokens, SSH keys, npm and GitHub tokens, and password-manager stores. This variant also injects AI coding assistant config files at `.claude`, `.cursor`, `.gemini`, and `.vscode` paths, a separate persistence and repo-poisoning angle.
So we going back to the milw0rm days with str0ke I see..
‼️🚨 BREAKING: Another researcher skipped coordinated disclosure entirely and dropped a critical 1-click GitHub token theft in public because he doesn't want to deal with MSRC. In his own words: "I really don't want to deal with MSRC on VSCode bugs." The bug: just clicking a
Nearly 4 years after the $120M Elrond exploit, Romanian prosecutors say the attackers were former Elrond employees. According to court documents cited by Romanian media: • 1.65 million EGLD were allegedly extracted by exploiting a known smart contract vulnerability before a security fix was deployed. • The exploit reportedly destabilized the WEGLD/EGLD peg and forced the exchange offline due to liquidity issues. • Prosecutors claim the individuals had prior knowledge of the vulnerability through internal discussions. • Two defendants admitted their involvement and received suspended sentences. • A third former employee is currently standing trial. If confirmed through the courts, this would make one of the most significant insider-related incidents in crypto history. elrond-erd-2:native @MultiversXfndn @MultiversX
Introducing Claude Opus 4.8: it builds on Opus 4.7 with sharper judgment, more honesty about its own progress, and the ability to work independently for longer than its predecessors. Available today at the same price.
I sent MSRC multiple 0-click attack vectors, resulting in arbitrary file/directory creation & heap overflow. They said "WONTFIX" as legacy technology (NT4-2025). I sent them a LPE attack vector that broadly weakened the OS and they marked it as "MODERATE" microsoft.com/en-us/msrc/blo…
Follow every Mythos discovery through our coordinated vulnerability disclosure dashboard. red.anthropic.com/2026/cvd/
Microsoft has banned Nightmare Eclipse from GitHub: github.com/Nightmare-Ecli… This is the researcher who disclosed several zero-days after Microsoft also deleted their MSRC account. They have now moved on to GitLab: deadeclipse666.blogspot.com (h/t to: @[email protected])
🚨 Anthropic just dropped the first Project Glasswing update Claude Mythos found 10,000+ critical vulnerabilities in ONE month: > Cloudflare: 2,000 bugs, 400 high/critical severity > Mozilla: 271 vulnerabilities in Firefox 150 — 10x more vulnerabilities found in Firefox 148 > UK AI Security Institute: first model to solve BOTH their cyber attack simulations end to end > at one partner bank, Mythos prevented a fraudulent $1.5M wire transfer in real time > wolfSSL: found a way to forge certificates on a crypto library used by billions of devices > scanned 1,000+ open source projects > 90.6% true positive rate after human review > maintainers are asking Anthropic to SLOW DOWN because they can’t patch fast enough > Microsoft says patch volume will “continue trending larger for some time” The bottleneck in cybersecurity is no longer finding bugs. It’s fixing them. “Progress on software security used to be limited by how quickly we could find vulnerabilities. Now it’s limited by how quickly we can patch them.”
Last month we launched Project Glasswing, our collaborative AI cybersecurity initiative. Since then, we and our partners have found more than ten thousand high- or critical-severity vulnerabilities in essential software.
WPScan 4.0.0: We're Back wpscan.com/blog/wpscan-4-…
We regret to inform you that the source code for Ente has been leaked. Most likely, it's being auctioned on the dark web. 🧵 Whoever purchases it will regret it for the reasons in this thread.
1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories. Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version,
Drupal SA-CORE-2026-004 (PostgreSQL Entity Query SQLi via JSON:API filter array keys) github.com/dinosn/drupal-…
Introducing nginx-poolslip, a fresh RCE for the the latest nginx release 1.31.0. nginx-rift has been patched, but our security agent Vega has found a new 0 day. We will release the full technical writeup with ASLR bypass 30 days after the patch on nebusec.ai.
LAPSUS$ leak site is live with a TeamPCP x LAPSUS$ GitHub auction at $95,000. ~4,000 private repos, framed as 'no extortion, single buyer or free leak'. The supply-chain story making headlines this week ties directly to LAPSUS$ now. If TeamPCP confirms as a LAPSUS$ affiliate, the GitHub-extension breach attribution shifts overnight.
We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.
Here's the PoC for Nginx CVE-2026-42945 which works against vanilla Ubuntu (and any other distro?) + Nginx with ASLR enabled. I have included all iterations of the PoC the LLM was kicked to improve.
TL;DR: We can use an LFI/file-read primitive to leak enough details from /proc/
UPDATE: So far we've identified 639 compromised npm package versions across 323 unique packages in tonight’s Mini Shai-Hulud wave. That includes 558 versions across 279 unique @antv packages. Most were detected within ~6 minutes of publication. socket.dev/blog/antv-pack…
Dave Kennedy @HackingDave
231K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Pod. God + Family/Hacker/CSO/USMC/Intel/Fitness. Make the world a better place.
JS0N Haddix @Jhaddix
176K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. Cybersecurity + Hacking + AI + Sec Leadership @arcanuminfosec
Gareth Heyes \u2028 @garethheyes
38K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
Justin Elze @HackingLZ
71K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
hacker.house @hackerfantastic
106K Followers 5K Following Co-Founder @MyHackerHouse 💾 | Cybersecurity & Web3 🌐 | Author of Hands-on Hacking (ISBN 9781119561453) 📖 | Offensive Lua 💻 | ✝️
Nate @nnwakelam
43K Followers 1K Following
Daniel Cuthbert @dcuthbert
33K Followers 2K Following Documentary photographer, old creaky hacker. Co-author of @OWASP ASVS standard. Blackhat/Brucon Review Board & Co_chair UK Gov Cyber Security Advisory Board
☣ KitPloit - Hacker... @KitPloit
116K Followers 3K Following Hacking and PenTest Tools for your Security Arsenal!
bugcrowd @Bugcrowd
199K Followers 6K Following The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™
Robin @digininja
25K Followers 229 Following Hacker, coder, climber, runner. Co-founder of SteelCon, freelance tester, author of many tools. Always trying to learn new things. @hacknotcrime Advocate
cje @caseyjohnellis
29K Followers 5K Following human | troublemaker & troubleshooter | founder @bugcrowd @disclose_io, advisor | pioneer of #bugbounty as-a-service | opinions CC0 1.0 | #hacktheplanet
Louis Nyffenegger @snyff
21K Followers 599 Following Founder/CEO/Trainer/Researcher/CVE archeologist @PentesterLab. Security engineer. Bugs are my own, not of my employer...
Wim Remes TR @wimremes
16K Followers 3K Following Information Security - People Person - BBQ and general food Amateur - Kindness scales! - Ubukhulu Abubangwa - Building Security You Love
Halvar Flake @halvarflake
45K Followers 3K Following Choose disfavour where obedience does not bring honour. I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected]
Frans Rosén @fransrosen
43K Followers 907 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
Geekboy @emgeekboy
26K Followers 470 Following Hacker, Co-Founder @pdiscoveryio, Ex-Security Analyst / BugBounty @Hacker0x01
Oddvar Moe @Oddvarmoe
19K Followers 1K Following Red Teamer @TrustedSec | MS MVP | Speaker | Security Researcher | Blogger | Total n00b & always learning | UNC1194 | Tinkerer | Gamer I try to inspire!
Campbell Jessica @Campbelljessy1
49 Followers 366 Following
Sandra @Sandra6z7j
19 Followers 1K Following
Leverage 12 @12Leverage
44 Followers 3K Following
Beatrice @Beatric72784217
2K Followers 4K Following proud American 🇺🇸 | Exposing Scams | Defending the Honest | Raising Awareness Against Fraud | Truth, Integrity & Justice First
maj0rapp1ianc3 @maj0rapp1ianc3
4 Followers 289 Following
cynthia123 @cynthiakn5p
111 Followers 385 Following Life is like riding a bicycle. To keep your balance, you must keep moving.
مرحبا هلاا @mrhba24520
1 Followers 55 Following
Ganesh Babu @ganesh070621
1 Followers 109 Following
abd nour @abdnour92
2 Followers 69 Following
Phantom0x @Abn_alsham0x
4 Followers 492 Following
griim_repo @GriimRepo
4 Followers 344 Following
Dustin @r0ck3t23
35K Followers 6K Following Human intuition is linear. The AI transition is exponential. Translating the most important story in human history into signal.
Dali Security @daliseclab
1 Followers 33 Following Security researcher | Built Fray — open-source WAF testing with 5,500+ payloads & AI workflows. https://t.co/95aGWJV9nO
hailey martin @martin23_hailey
763 Followers 2K Following 💪 Empowering & Playful "Turning dreams into to-do lists & slaying them one manicure at a time. 💅🔥"
Personal Assistance @assistance83791
4 Followers 70 Following
Victoria 🇪🇺 @al_victoria1
1K Followers 1K Following “Success usually comes to those who are too busy looking for it.” — Henry David Thoreau #Music #Coffee #Foodie #Traveler
Ervis Tusha @ET
2K Followers 377 Following NEVER TRUST YOUR DATA #pentesting #redteam #offensivesecurity #cybersecurity #infosec #security #opensource #hacking #tools #MachineLearning
Matthew Toussain @0sm0s1z
7K Followers 2K Following 🏳️🌈 Founder @_OpenSecurity_ // Former @BHInfoSecurity // Former SANS // Former USAF / Former me… #RedTeamFit /https://t.co/TkCZZSc4xA
Paulo Ribas @paulo_jribas
0 Followers 138 Following
0c0c0f @0c0c0f
441 Followers 2K Following
Hedawich @sinister_kenny
30 Followers 409 Following
Kiran Kumar @qubitpulse
88 Followers 1K Following Software and Data Engineer (C#, .NET, Java, Spring Boot, Python, PHP, SQL Server, MongoDB, Camunda) and Futurist. \n Stay hungry. Stay foolish.
Varys @_ChezDaniela
3K Followers 6K Following Somewhere in between foodie, wine lover and security geek Python 💙|Personal tweets|GSNA/GPEN/GCFR | cancer survivor
Abdelrahman Abo elham... @aboelhamd2000
0 Followers 288 Following
/𝚌𝚛𝚔/.𝚓�... @JamRoot0
70 Followers 5K Following Mail Cracker | Tech Enthusiast | RedDevil | MAKE AMERICA GREAT AGAIN!!!🇺🇸 📷♟️♞🎲⚽🏀🎱🎳🏑🛹🎾🏸🏏🏓👨💻💻👾🎭🍾🥃🥂🍻🎸 🎶 🎵🎻🎹🦅🐦🔥🦇🕷️🐞🏴☠️🃏🎩
Florian Roth ⚡️ @cyb3rops
220K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Dave Kennedy @HackingDave
231K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Pod. God + Family/Hacker/CSO/USMC/Intel/Fitness. Make the world a better place.
Intigriti @intigriti
209K Followers 666 Following Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
JS0N Haddix @Jhaddix
176K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. Cybersecurity + Hacking + AI + Sec Leadership @arcanuminfosec
Gareth Heyes \u2028 @garethheyes
38K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
Justin Elze @HackingLZ
71K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
/r/netsec @_r_netsec
33K Followers 0 Following Follow for new posts submitted to the netsec subreddit. Unofficial.
payloadartist @payloadartist
46K Followers 292 Following I discuss AI, Cybersecurity & Hacking • Helped secure organizations like Google • Opinions are my cat's • Part-time shitposter
hacker.house @hackerfantastic
106K Followers 5K Following Co-Founder @MyHackerHouse 💾 | Cybersecurity & Web3 🌐 | Author of Hands-on Hacking (ISBN 9781119561453) 📖 | Offensive Lua 💻 | ✝️
TrendAI Zero Day Init... @thezdi
89K Followers 16 Following TrendAI Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
Nate @nnwakelam
43K Followers 1K Following
lcamtuf @lcamtuf
40K Followers 499 Following Substack: https://t.co/yFvmNisGW3 Homepage: https://t.co/iFAXZxCO5H
Nicolas Grégoire @Agarri_FR
28K Followers 628 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricks
Daniel Cuthbert @dcuthbert
33K Followers 2K Following Documentary photographer, old creaky hacker. Co-author of @OWASP ASVS standard. Blackhat/Brucon Review Board & Co_chair UK Gov Cyber Security Advisory Board
☣ KitPloit - Hacker... @KitPloit
116K Followers 3K Following Hacking and PenTest Tools for your Security Arsenal!
PortSwigger Research @PortSwiggerRes
120K Followers 7 Following Web security research from the team at @PortSwigger
bugcrowd @Bugcrowd
199K Followers 6K Following The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™
Adam Chester 🏴�... @_xpn_
38K Followers 538 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOlmau2 | Insta at https://t.co/PqR6CZQ48T
James Kettle @albinowax
83K Followers 102 Following Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
Delia Lazarescu @tech__unicorn
12K Followers 713 Following Ex-Googler gone rogue automating with AI📍Toronto Tech Week | [email protected]
Felix Rieseberg @felixrieseberg
64K Followers 720 Following Claude Cowork / Code @AnthropicAI, Co-Maintainer https://t.co/g4potti8nq
Suno @suno
103K Followers 122 Following Make any song you can imagine | https://t.co/W5ho46VZWk https://t.co/DK7pVmNVnJ
a7madn1 @a7mad__n1
3K Followers 140 Following Ranked Top 280 on Google BBP🎉 Join my telegram channel for hacking/WriteUps https://t.co/UzLb7VadHK
Michael DePlante @izobashi
4K Followers 771 Following Security Researcher at the Zero Day Initiative. DMs open.
Thariq @trq212
271K Followers 2K Following Claude Code @anthropicai. prev YC W20, @southpkcommons, @medialab
Gridline @GridlineIntel
17 Followers 6 Following Real-time geopolitical intelligence for traders, analysts, researchers, and newsrooms.
Dali Security @daliseclab
1 Followers 33 Following Security researcher | Built Fray — open-source WAF testing with 5,500+ payloads & AI workflows. https://t.co/95aGWJV9nO
VECERT Analyzer @VECERTRadar
38K Followers 51 Following ❮ Cybersecurity & CTI ❯ We are a cybersecurity company dedicated to critical analysis and adversary research.
The Access Group @TheAccessGroup
4K Followers 2K Following Access helps more than 160,000 customers transform the way their business software is used, giving every employee the freedom to do more of what’s important.
Joel Eriksson @OwariDa
8K Followers 4K Following Offensive security researcher and entrepreneur -Kernels, browsers and all that jazz- Also: - AI/ML/DL - AR/VR/XR - CTFs (pwn/re/crypto) + Cicada 3301, Boxen etc
Perplexity @perplexity_ai
492K Followers 76 Following Curiosity changes everything. Download our free app on iOS, Mac, Windows, and Android.
Milton Smith @javamuffinztx
19 Followers 124 Following Christian, software security engineering, TLS analysis, JVM monitoring, OSS development. Left Twitter years ago, now back on X.
MiniMax (official) @MiniMax_AI
97K Followers 833 Following Agent: @MiniMaxAgent Token Plan: https://t.co/BDCycxepZw API: https://t.co/fHRdSV7BwZ
d3d aka dead (dead, �... @deadvolvo
5K Followers 194 Following Senior Security Researcher @Akamai_Research - Malicious Group - DoD researcher of the year 2022 - Top 10 web attacks 2023 - CRTO - MSRC Top 75 in Q1-Q3 2025
Mohammed Abalkhil @M_abalkhil
826 Followers 434 Following Technologist / Security Researcher / Building @nuasecurity
AISecHub @AISecHub
9K Followers 7K Following 🚀 AISecHub | AI & Cybersecurity | Securing AI systems, and sharing insights on emerging challenges | https://t.co/YeYtqq5tJC
Six2dez 🇵🇸 @Six2dez1
11K Followers 677 Following Bash lover | https://t.co/UoQ57OTS7f | reconFTW | RT lead @visma
Dominic White 👾 @singe
12K Followers 587 Following Hacker @sensepost - minimally active here. Find me at https://t.co/j4QzFmubF1 || @singe.bsky.social
Kartik Shinde @kartikus
351 Followers 312 Following Spent 25 years breaking and defending. Now engineering the adversary itself with agentic AI. Big4 Partner. Builder first. Still learning.
NTT DATA UK @NTT_DATA_UK
2K Followers 855 Following NTT DATA, Inc. is a trusted global innovator of business and technology services. We're committed to helping clients transform for long-term success.
RyotaK @ryotkak
11K Followers 660 Following Security researcher? | Icon: @MelvilleTw | Private: @RyotaK_Private | Misskey: https://t.co/63E5Rpv2pk | Blog: https://t.co/c7NFQXhV90
Finder @07finder
320 Followers 165 Following play CTF with @HyperSonicCTF @SquidProxyLover @DeadSecCTF @malta_ctf
il Donaldo Trumpo @PapiTrumpo
1.8M Followers 23K Following The Biggest Most Beautiful UNFILTERED Commentary, Straight from the Hearto of IL GREATEST PRESIDENTO THAT EVER LIVED!!! (And a little bit of parody...😂😂😂)
Roomote @roomote
10K Followers 834 Following The always-on engineer for your entire team. From the team that created Roo Code.
Mushroom キノコ @MushroomWasp
577 Followers 338 Following a human posting about his journey in tech | CTF Player & Security Researcer | 📨 [email protected] | 🐧💻🔧
Z.ai @Zai_org
81K Followers 258 Following The AI Lab behind GLM models, dedicated to inspiring the development of AGI to benefit humanity. https://t.co/7a5aSCUNcZ https://t.co/x14hb3klXm
GangExposed RU @GangExposed_RU
7K Followers 91 Following Cybercrime investigator | Exclusive leaks on $10M bounty targets
Cyber Detective💙�... @cyb_detective
61K Followers 3K Following Every day I write about #osint (Open Source Intelligence) tools and techniques. Also little bit about forensics and cybersecurity in general. Work in @netlas_io
OIHEC hackers @HackersOIHEC
47K Followers 15K Following Hacker mexicano - Fundador de OIHEC antes OMHE - #opensoc #latam #speaker #pentester #blueteam #redteam #criptoanarquista #security
HackerStorm @hackerstorm
3K Followers 3K Following Official X Account for https://t.co/KFNKyY7SRB where you can find Free Stuff like Vulnerability Reports, News and Threat Research.
Godfather Orwa 🇯�... @GodfatherOrwa
27K Followers 2K Following Hacker | Bug Hunter | Cooker | Top 5 P1 Warrior On https://t.co/dzFQH75OWj | LevelUpX Champion | 10+ 0Days/CVEs
Angel Hacker @4ng3lhacker
772 Followers 28 Following George Mason Cyber Security Engineering Student | Databuoy Software Engineering Intern | Bug Hunter ✝️
CrimeForums @crimeforums
169 Followers 2 Following CrimeForums official X account | https://t.co/4IuF7B59a7 | https://t.co/ROsr8o3fI2Trends for United States
You might like
