Just popped on @msftsecresponse Q4 Security Researcher Leaderboard!

The automated coding setup I'm currently trying out is a phone with Google's android, connecting to a dev VM using Google's remote desktop services, and coding through Google's Antigravity IDE which uses Google's gemini-3-pro LLM I guess Google just owns me now

If you're wondering how I get those colorized ping outputs. I use grc (Generic Colourizer). It works with so many tools straight out of the box (df, lsblk, free, ps and more). You can quickly install it with your package manager, for example: $ sudo dnf install grc Add these

nextjs almost became ssh alternative

tuistory: the playwright for terminal user interfaces

Let me introduce you to my most novel and oldest technique to verify if sites behind CDN are hosted in Inside Iran or not. Works most of the time. I call it the BOOBS CHECK. curl -i https://domain/boobs.jpg If your response is a 403 with 10.10.34.x IP in body, you're landing

Look at recents fixed v8 found by BigSleep I guess AI was plugged into the v8 sandbox fuzzer, very powerful bug that used in recent v8ctf entries! https://t.co/hLWKseWNPZ https://t.co/qkt4Tz4R5A

Our fuzzer generated entirely by Vibing just found it first ( confirmed! ) 0day in Firefox. CVE and details soon!

Soulagement immense ! Cécile Kohler et Jacques Paris, détenus depuis trois ans en Iran, sont sortis de la prison d'Evin et sont en route pour l’Ambassade de France à Téhéran. Je me félicite de cette première étape. Le dialogue se poursuit

🔔 New research from Lexfo on pre- & post-authentication vulnerabilities in WSO2 products — uncovering bypasses, RCE, SSRF, CSRF, and account-takeover risks. See our detail article → https://t.co/1jNmsIhdZl #cybersecurity #infosec #offensivesecurity #pentest #WSO2

We just published the WSO2 research I led over last year!

My expanded take on how to get started in vulnerability research https://t.co/XBLfj1vuwG

@cursor_ai Using the semantic search tool directly is much faster than using a regular prompt to make the LLM call it for you

@cursor_ai Suprisingly, it seems the Claude Opus model can be used with the cli agent without enabling "MAX" mode anywhere, when it is required when using the base Cursor IDE

@cursor_ai Some of the uncovered commands:

The new @cursor_ai CLI agent has a few hidden functions, which can enabled by editing the node.js source code, among them there is the semantic search tool, which I find quite nice for exploring a big, unfamiliar codebase.

🚀 Huge thanks to @cfreal_ for the threading PR. Lightyear is now faster than ever! We truly appreciate continued contributions. If you haven’t yet, give lightyear a try and see the difference yourself! #opensource #lightyear #performance #php #pentest #infosec #cybersecurity

My research on CVE-2025-49113 is out. https://t.co/kuLczCSv6V. Happy reading! #CVE #roundcube #poc @FearsOff

Don't use structured output mode for reasoning tasks. We’re open sourcing Osmosis-Structure-0.6B: an extremely small model that can turn any unstructured data into any format (e.g. JSON schema). Use it with any model - download and blog below!

instructions uncleared just rooted my friends

🚨 New unauthenticated #RCE module for vBulletin 5.1.0-6.0.3 landed in Metasploit! No CVE assigned, but credit to Egidio Romano (EgiX) for the original write-up: https://t.co/qxmvpU6l43 🔗 PR: https://t.co/j1G7wp2L9Z