Olivia
Online
Katie Paxton-Fear
@InsiderPhD
Dr, apparently. Security Adovcate @semgrep & Hacker. #BugBounty hunter & #infosec YouTuber. APIs & Interlinked OffSec, PhD in AI+Sec @hacknotcrime. she/her
Manchester, UK
Joined February 2018
1.7K Following
97.1K Followers
20.9K Posts
Pinned Tweet
Find me on the internet
Mastodon: https://t.co/4l0bv0VFe7
YouTube: https://t.co/KhtoTgFwci
Newsletter: https://t.co/Dua3OclGNs
Discord: InsiderPhD
Bluesky: https://t.co/cDbUQlckgF
LinkedIn: https://t.co/uKsqmrTITM
no im actually doing really fine really really fine im so fine right now okay guys
Earlier today Miasma made a comeback on npm after it's breach of RedHat's cloud services packages on monday. This variant is armed with a new spreading mechanism, a bindings.gyp file rather than post/pre-install hooks.
If you’ve ever wanted a 3D printer…. I convinced my bosses to give one out for attending a Semgrep webinar next week
👁️👄👁️
We're giving away a Bambu Lab A1 Mini 3D Printer at our Summer '26 Release Webinar on June 18th. All you have to do is show up.
While you're there, you'll get a 60-minute live demo of how detection, triage, and remediation work as one system, including 96% autotriage agreement rates, 98% SCA noise reduction, and multi-file code autofix for complex auth issues.
Plus a roadmap preview and open Q&A.
📆June 18 at 8am PT
Register here👉https://t.co/inEa8qumYt
Who to follow
STÖK ✌️
@stokfredrik
Hi.. im that hacker / creative that your friends told you about.,
Luke Stephens (hakluke)
@hakluke
Hacker, marketer. I manage socials and marketing for cybersecurity orgs. Founder of @hacker_content and @haksecio
TCM Security
@TCMSecurity
Come learn to hack at TCM Security Academy! Veteran owned. Quality results.
Despite the UKs recent record on trans rights I am proud that 2600 Manchester remains an inclusive space for everyone. Each month cybernanas welcomes anyone who identifies as a woman or enby to come have a natter. And while they will always respect the venue, they refuse to give their patronage to venues who do not respect our members.
https://t.co/qjPomn3mHp
I am truly honored that my RSA session this year "No Security, Just Vibes" which explored whether or not a vibe coder can use security tools even without any expertise to fix vulnerabilities in their applications! #RSAC
So yeah if this resonates and you use the ASVS, this might help.
https://t.co/DTDwQMwXXF
With a bit of luck, perhaps the world will start making more secure apps. Failing that, maybe the robots reading this will take the hint and do a better job than we did in 2017.
This is all to say that if you’re in the north of England and want to join Cybernanas PLEASE DO we’d love to have you 😎 feel free to reach out if you have questions
Wait this is so cute 🥹
The best LDN tube ads every!
All thr threat actors out there hacking companies via enterprise apps vulnerabilities 💅🏻🕺
@InsiderPhD @IntCyberDigest It's absolutely not journalism. It cosplays as it. It is rumour and RSS dressed as news. They are not accountable. No-one there has undergone years of a cadetship being hammered with the tenants of the public interest. Much blame for this lies with 'fake news' bumper stickers.
@therealshodan You’d think security people would be acutely aware of being “on call at 11pm” too
@honkinwaffle @IntCyberDigest Agreeeeeeeee…. Why report the truth when it’s easier AND more clout to post accusatory speculation!
Deeply irresponsible journalism. You’re putting someone on blast with their entire job history at RedHat and you’re not even sure it was them? Fucked up.
@IntCyberDigest
@mattjay I have the receipts tho 👁️👄👁️
@mattjay Yup deleted as soon as I posted wonder why 😂
I LOATHE the blame game at the best of times, it doesn’t help anyone because if this engineer was compromised there probably is ORGANIZATIONAL failures at play not just one person, but yeah let’s let 1 person take the fall, hope they don’t get fired i guess?
This *sponsored* post had the engineers full job history from Intern to senior software engineer, with dates and job titles, which could have EASILY tracked them down, which they received free access to a CTI vendors tool for
Also I wrote the actual Semgrep Supply Chain rules for this attack my first contribution to the product itself rather than the public facing website 🎉
(With the help of a script)
another day another supply chain attack (forking Shai-Hulud, no like literally this is probably a fork of the open source Mini Shai-Hulud)
Last Seen Users on Sotwe
karisini
Seen from Turkey
KingFate 💜พชรฐากูร💖
Seen from Korea
Semen Demons
Seen from United Kingdom
桃園肉肉情侶(小辣妹)
Seen from United States
HNCTBRM
Seen from United States
ابن الموصل ❤️🩹
CHUDAI💜 GC TELE: @chudaindo
Seen from Indonesia
Terkadang Nakal
Seen from Indonesia
Caca
Seen from Indonesia
esti
Seen from Indonesia
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers