"Founder-mentality means not caring who gets the credit." @naval

"The measure of wisdom is how calm you are when facing any given situation." @naval

We've started getting audit quote requests for "vibe coded" AI-generated smart contracts. I can confidently say that this trend is a positive for our industry which will keep us gainfully employed for many years to come! Please send us all your vibe coded contracts for audit!

Arbitrary File Write CVE-2024-0402 in GitLab (Exploit)

the research paper is out: Next.js and the corrupt middleware: the authorizing artifact result of a collaboration with @inzo____ that led to CVE-2025-29927 (9.1-critical) https://t.co/GZkbnr6o9H enjoy the read!

Foundational cybersecurity starts with foundational IT...

Small correction: iPhone users were vulnerable to phishing attacks for years, not months. Apple Passwords had been using insecure HTTP by default since the feature to detect compromised passwords was introduced in iOS 14. The dedicated Passwords app in iOS 18 was essentially a

finally passed the OSWE thanks @offsectraining for this journey this was hard one

Buffer overflows in the 90s

Me: *tries to relax* My brain:

"Free education is abundant, all over the internet. It’s the desire to learn that’s scarce." @naval

real

︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎

We've just released Shadow Repeater, for AI-enhanced manual testing. Simply use Burp Repeater as you normally would, and behind the scenes Shadow Repeater will learn from your attacks, try payload permutations, and report any discoveries via Organizer.

Looks like someone got a 0day burned ?

Safari 1day RCE exploit (1day practice) https://t.co/iEEjo9J4YH

“Microsoft Teams incoming call*

https://t.co/Mtx0IADS04

Someone just exploited https://t.co/hSm8iKVvZs with a Pwn Request and added their payloads to the main branch… @stripe

https://t.co/mI8wK2mdQo