Puneet Thapliyal
@puneetx
Followers
852
Following
4K
Media
106
Statuses
1K
Chief Information Security Officer | Health Care | Startup Advisor | Venture Partner. Advocate for online data privacy rights.
Cupertino, CA
Joined May 2007
ChromeAlone - A Cobalt Strike Like Tool That Turns Chrome into C2 Platform
gbhackers.com
ChromeAlone — a Chromium-based browser Command & Control (C2) framework capable of replacing traditional offensive security implants like Cobalt Strike.
0
0
0
Generate videos in just a few seconds. Try Grok Imagine, free for a limited time.
1K
3K
11K
RT @trailofbits: We engineered an attack against @GitHubCopilot to add a hidden backdoor via a malicious GitHub issue. See if you would’ve….
blog.trailofbits.com
Prompt injection pervades discussions about security for LLMs and AI agents. But there is little public information on how to write powerful, discreet, and reliable prompt injection exploits. In this...
0
19
0
Code Execution Through Deception: Gemini AI CLI Hijack
tracebit.com
Tracebit discovered a silent attack on Gemini CLI where, through a toxic combination of prompt injection, misleading UX and missing validation, inspecting untrusted code consistently leads to...
0
0
3
158-year-old company forced to close after ransomware attack precipitated by a single guessed password — 700 jobs lost after hackers demand unpayable sum
tomshardware.com
An employee’s weak password was the company’s Achilles' heel.
0
0
1
Google BigSleep - A summer of security: empowering cyber defenders with AI @google
blog.google
Here’s what we’re announcing at cybersecurity conferences like Black Hat USA and DEF CON 33.
1
0
0
Supabase MCP can leak your entire SQL database #prompt-injection
generalanalysis.com
Stress testing enterprise AI systems to find failure modes.
0
0
2
CVE-2025-32711 - Microsoft - M365 Copilot Information Disclosure Vulnerability via Prompt Injection
0
1
1
Malicious insiders in Coinbase customer support overseas team have leaked customer identity data to scammers. Criminal charges are being pressed.
coinbase.com
Tl;dr: Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks.
0
0
0
How are cyber criminals rolling in 2025? | Vin01’s Blog
vin01.github.io
Speaking of earning a living, would you expect them to pay for web hosting/ cloud providers?
0
0
0
A Look Into the Secrets of MCP: The New Secret Leak Source
blog.gitguardian.com
MCP rapidly enhances AI capabilities but introduces security challenges through its distributed architecture. Especially, the distributed nature of MCP requires a lot of NHIs and their secrets. Our...
0
0
1
Building Private Processing for AI tools on WhatsApp
engineering.fb.com
We are inspired by the possibilities of AI to help people be more creative, productive, and stay closely connected on WhatsApp, so we set out to build a new technology that allows our users around …
0
0
0
Time well spent at the BSides security conference in SF today, and Yash volunteered 🙂 #bsidessf #security #conference
1
0
5
DCV bypass and issue fake certificates for any MX hostname
bugzilla.mozilla.org
RESOLVED (rebeccak) in CA Program - CA Certificate Compliance. Last updated 2025-07-02.
0
0
2
