@pallavidelgado @domdotis *ahem*

RT @sweis: Tour of WebAuthn by @agl__ :

RT @lukejahnke: I just published a new blog post sharing an improved Deserialization Gadget Chain for Ruby! It builds on the work of other…

RT @matthew_d_green: The way the European council has approached this feels increasingly anti-democratic. It keeps getting rejected for exc…

RT @KevinBankston: Everyone on the encryption and CALEA beat has been flagging this risk forever. Sometimes it really sucks being right.

RT @samwcyo: New writeup from @_specters_ and I: we're finally allowed to disclose a vulnerability reported to Kia which would've allowed a…

RT @ryancdotorg: My full write-up - I got control of a couple hundred megawatts of home batteries by doing a lot of math. A+++++ would tel…

RT @iangcarroll: In April, @samwcyo and I discovered a way to bypass airport security via SQL injection in a database of crewmembers. Unfor…

Chime is hiring our first red teaming role. JD to be posted soon but if you're a senior+ red teamer looking for a new gig, we'd love to have you break our systems. Chime has an excellent security culture and is probably the best job I've ever had DMs open 🙂 #infosec #jobs

RT @TalBeerySec: 1/ A world first reverse engineering analysis of AWS Session Tokens. Prior to our research these tokens were a complete bl…

RT @infosec_au: Our security researcher @hash_kitten found one of the most critical exploit chains in the history of @assetnote. Affecting…

RT @H4R3L: New blog! This time a high severity session takeover in Zoom worth $15,000. Read the story of how @sudhanshur705 , @BrunoModific…

RT @samwcyo: New writeup: "Hacking Millions of Modems (and Investigating Who Hacked My Modem)" Thanks for readin…

RT @rebane2001: just finished a new blogpost on how i exploited the V8 javascript engine at a CTF! it's a beginner friendly journey from a…

RT @dagrz: S3 bucket man knows buckets. Do you? This is a must read if you work with s3 bucket. I guarantee something in here will make you…

RT @matthew_d_green: Some folks are discussing what it means to be a “secure encrypted messaging app.” I think a lot of this discussion is…

RT @albinowax: XSS in PDF.js! I think this is going to cause some chaos both client-side and server-side... really nice finding by @CodeanI…

RT @ajxchapman: I recently found a decade old Server-Side Browser on a #BugBounty program. Exploiting it was a bit of a ride. I wrote up th…

RT @infosec_au: My colleague @hash_kitten and I discovered a full-read SSRF vulnerability in Next.js (CVE-2024-34351). We published our res…

RT @albinowax: Exploiting a YAML parser-differential for file-write/RCE on Gitlab... nice