ivx 👾💀

https://t.co/n6VYvNzJsl so the bug bounty community freaked out a few weeks ago when hackerone had a single slide that talked about using AI agents for testing based off our reports. bugcrowd's new strategy sounds even more brazen, sly and egregious. submit reports -> your "signals" (aka creative thought process and work) feed into their AI agents -> AI agents find bugs without you (unclear incentive structure). that's if the technology even works though lol. these days I have trouble even adding collaborators in reports without the app erroring out. the messaging is so much more slick too. "connect those signals" - does that mean they are training on our reports? at least whoever did this PR release was careful to not blatantly say that they are training on our reports. but lol what does connecting those signals actually mean at the end of the day? extremely unclear if they train on our reports. this requires actual transparency from both platforms, not just marketing, and messaging tactics that you use when you're trying to convince you're not a wolf in a sheeps clothing.

A French engineer who lives quietly in Paris has spent 30 years writing software that the entire internet now runs on without knowing his name. He wrote the code that streams every YouTube video, every Netflix show, every TikTok clip. He wrote the code that runs the virtual servers underneath AWS, Google Cloud, and Microsoft Azure. He calculated more digits of pi than anyone in history. He has no Twitter. He has no marketing. He just keeps shipping. His name is Fabrice Bellard. Here is the story, because almost nobody outside the systems programming world knows what one man has built. Fabrice was born in 1972 in Grenoble, France. He studied at École Polytechnique, the top French engineering school. He never went to Silicon Valley. He never built a startup empire. He just wrote code. In 2000 he started a project called FFmpeg, an open-source multimedia framework for encoding, decoding, and streaming video. He was 28. The project did one thing nobody else had done well. It handled every video and audio format that existed, in one library, on every operating system. He led it himself for years. Today FFmpeg is the invisible engine of the internet. YouTube uses it. Netflix uses it. VLC uses it. Chrome and Firefox use parts of it. Every Android phone, every iPhone, every smart TV, every video editing tool you have ever touched runs FFmpeg somewhere underneath. If you have watched a video on a screen in the last 20 years, Fabrice's code processed it. He was not done. In 2003 he started QEMU, a machine emulator and virtualizer. He wrote it solo until version 0.7.1 in 2005. QEMU lets you run any operating system on any other operating system. It became the foundation of modern virtualization. KVM, the Linux kernel hypervisor, runs on top of QEMU. Every major cloud provider, AWS, Google Cloud, Microsoft Azure, IBM Cloud, runs virtual machines on infrastructure built around it. The Quick Emulator is the most cited piece of cloud infrastructure code on Earth. He kept going. In 2001 he won the International Obfuscated C Code Contest with a small C compiler that grew into TCC, the Tiny C Compiler. TCC can compile and boot a Linux kernel from source in under 15 seconds. In 2004 he calculated the most digits of pi ever computed at the time, using a personal desktop computer and an algorithm he derived himself called Bellard's formula. In 2011 he wrote a complete PC emulator in pure JavaScript that runs Linux in your browser, a project called JSLinux that engineers still cannot believe is real. In 2019 he released QuickJS, a small but complete JavaScript engine that fits where V8 cannot. In 2021 he released NNCP, a neural network based lossless data compressor that immediately took the lead on the Large Text Compression Benchmark. Then he turned his attention to large language models. He built TextSynth Server, a web server with a REST API for running LLMs locally. He released ts_zip and ts_sms, compression utilities that use language models to compress text and short messages at ratios traditional algorithms cannot reach. He released TSAC, a very low bitrate audio compression system. In December 2025 he released Micro QuickJS, a new JavaScript engine for microcontrollers, separate from QuickJS, designed for environments with almost no memory. Fabrice co-founded a telecom company called Amarisoft in 2012, where he serves as CTO. Amarisoft builds 4G and 5G base station software used by carriers and labs around the world. He has been running it for over a decade while continuing to ship personal projects from his own home page at bellard dot org He has no Twitter. He has no Instagram. He gives almost no interviews. His personal website is a flat list of projects with no styling, no fonts, no marketing copy. Just titles and links. A quiet French engineer who never moved to Silicon Valley wrote the code that quietly runs the internet. He is still shipping.

I am so incredibly tired of hearing about AI Everytime I look up anything cybersecurity related it's all a big ass fuck off circus discussing AI It's not even like, an explanation on AI, or some sort of deep dive, or nuanced perspective. It's all superficial and more akin to a sales pitch than an actual discussion topic. O gracious Lord, if Thou hearest me, pray let this great uproar be stilled.

every public Notion page is leaking the email addresses of everyone who edited it. zero authentication. no cookies. no tokens. one POST request returns full names, emails, and profile photos for every editor on the page. your company wiki is public? every employee's email is exposed. right now. reported in 2022. still works in 2026. like what is the point of even having a BBP thread

"HackerOne Agentic PTaaS pairs specially trained AI agents"... specially trained on a decade worth of work from the largest pool of bug hunters on the planet.... without their consent... Maybe its time to find out how class action suits work and see if we have any ability to prevent them from using our work?

😨 From JSInterface bug to 1-click RCE and a 5-figure bounty... A while ago, our teammate Lyes found a vulnerability in an Android app that eventually earned a 5 figure bug bounty payout. Finding and validating the full chain manually took ~4 days, which later sparked a simple question. 👇 How much time would this take using https://t.co/gnrTJTK6bX? In the blog post, Lyes walks through both perspectives. First, the exploit chain as it was pieced together manually. Then, how the same risky surface surfaced again when retraced with Djini, but in significantly less time. 👉 Full write-up: https://t.co/51EJylEspE

🚨 https://t.co/kilUqGwEGK IS LIVE! NEW website. NEW interface. And NEW crazy subscriptions with complementary MHL courses included! AI agents now help you: ⚡ static + dynamic testing, automated ⚡ fuzz native interfaces & JNI ⚡ auto-collect evidence + reports - incl. screenshots ⚡ logically click through flows for you ⚡ explore real app behavior (iOS & Android) - Visual Intelligence Want to win FREE access? Comment on our LinkedIn launch post 👇 https://t.co/o9pEUKN634

🚨𝗡𝗲𝘄 𝗠𝗼𝗱𝘂𝗹𝗲 𝗖𝗼𝗺𝗶𝗻𝗴: 𝗦𝗰𝘂𝗱𝗼 𝗛𝗘𝗔𝗣 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗮𝘁𝗶𝗼𝗻 Scudo replaced the heap. Hardening went up. Old patterns stopped working. A Scudo Exploitation module is dropping in the coming weeks for Android Userland Fuzzing & Exploitation. Already enrolled? Lifetime access applies. Enroll now, get access at drop 👇 https://t.co/rh5rYdlbB4