jcran
@jcran
Followers
8K
Following
13K
Media
346
Statuses
15K
knowledge seeker
Austin, TX
Joined May 2007
new @velocidex artifact and write-up detailing CVE-2025-14847 and how to detect #MongoBleed from @eric_capuano π€π₯π¦ https://t.co/je4XU0j7Fp
blog.ecapuano.com
Detecting CVE-2025-14847 Exploitation with Velociraptor
0
40
136
Heads up - active exploitation of Cisco Secure Email Gateway / Cisco Secure Email and Web Manager appliances with the Spam Quarantine feature exposed to the internet. https://t.co/2PWrNGHcvN
sec.cloudapps.cisco.com
On December 10, Cisco became aware of a new cyberattack campaign targeting a limited subset of appliances with certain ports open to the internet that are running Cisco AsyncOS Software for Cisco...
0
0
0
Pushed a new update to https://t.co/9CqANckHK0 -- it now scans for the RCE payload via reflection. Use the --waf-bypass flag to bypass WAFs, works well for Cloudflare/AWS. Other WAFs might need tinkering with the payload, depending on whether they don't have a max context limit.
github.com
High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478) - assetnote/react2shell-scanner
13
128
624
An unauthenticated RCE PoC for the React vuln (CVE-2025-55182) is now public. Confirmed to work on my test setup (Next.js 16.0.6 with React 19.2.0).
8
77
638
successful agent engineering is just repeating "bitter lesson will kill this some day but hey this works for now lets do it" again and again until agi
26
26
455
Sharing an interesting recent conversation on AI's impact on the economy. AI has been compared to various historical precedents: electricity, industrial revolution, etc., I think the strongest analogy is that of AI as a new computing paradigm (Software 2.0) because both are
554
2K
13K
The details on the CVSS 9.9 request smuggling in Kestrel are finally out! Great find by @praetorianlabs. https://t.co/ej5QVIbm04
praetorian.com
Introduction Earlier this year, I earned a $10,000 bounty from Microsoft after discovering a critical HTTP request smuggling vulnerability in ASP.NET Coreβs Kestrel server (CVE-2025-55315). The...
2
69
275
ultimately, what happens when individual devs can build software at the complexity level of (today's) leading software companies
0
0
1
testing is getting easier and better, and with testing comes visibility to underlying issues, but... if i have to bet, we're headed for more and more exploitable logic bugs in the future
1
0
2
this is not /necessarily/ a bad thing, complex software can handle more complex cases, but with complexity comes insecurity
1
0
0
almost everyone is underestimating just how complex software systems are becoming. llms may have enabled 3x productivity, but also, 10x complexity
1
0
2
So everyone else reads "Attackers were in our network for at least 12 months." as "We only keep logs for 12 months, so who knows how long they were in there." too, right?. π
20
53
535
The idea that every technological innovation cycle should produce exactly one bubble is ludicrous. Astrology pretending to be economics.
1
1
12
MATH
My letter to @WSJ: "Each H-1B visa holder reduces the budget deficit by more than $800,000 in net present value over his lifetime....if the $100,000 application fee...reduces the number of visas...the policy will cost Washington revenue and shrink the size of the economy."
0
0
2