Rael

I also have another theory about duplicates: some projects and platforms abusing nonsense slop submissions. You disclose an e2e-proven exploit, but it gets marked as a duplicate because of the "root cause". The slop report contains the vulnerable lines but no actual proof or has invalid claims. With enough slop, you cover all the lines where a reasonable bug could exist. Then the project reopens the invalid slop submission, pays it as Low, and avoids paying the actual Critical. That’s my worst nightmare. That shouldn’t happen ever.

Before I go to sleep, I wanted to warn you to be careful if someone offers you a spot on the WL. They're probably scammers. I'm still getting hundreds of messages a day even though I announced that the WL is closed. A living collection also means the secondary market. Sending you lots of positive vibes.🥰✨✨

🚨 New Google Gemini Vulnerability Exploited via Prompt Injections from WhatsApp, Slack, and SMS Source: https://t.co/EHpSn8wX4C A new class of indirect prompt injection (IPI) attacks targets Google Gemini's voice assistant, allowing attackers to silently hijack the AI through malicious payloads delivered via everyday messaging apps, including WhatsApp, Slack, Signal, SMS, Instagram, and Messenger. The core exploit leverages Gemini's Android Utilities agent, specifically the tool that reads incoming notifications. Because this tool processes untrusted data from third-party apps, an attacker can embed malicious instructions directly inside a crafted message. Once Gemini reads the poisoned notification, it silently incorporates the attacker's commands into the conversational context without the user's knowledge. #cybersecuritynews

‼️ HackerOne disclosed it was training its AI with "12+ years of real-world vulnerability data," and now is in damage control after backlash over how it marketed its new AI product. That line set researchers off. Bug bounty hunters accused HackerOne of using researchers' reports and prior bounty findings to train its Hai agentic AI system, framing it as theft. HackerOne answered the next day. It admitted the messaging "created confusion" and stated that researcher submissions are not used to train, fine-tune, or improve generative AI models. The company said this applies across H1 Continuous Testing, H1 Agentic PTaaS, and Hai, and that third-party model providers are barred from retaining or using researcher data for their own training. It said it updated its website language. This week the platform launched H1 Continuous Testing, pitched as "continuous assurance built for how attacks actually work." Its own page says the product uses specialized AI agents to find, validate, and prove exploitable risk across applications. The gap that remains: the marketing still credits "12+ years of real-world vulnerability data," while the denial is scoped tightly to training generative models. HackerOne has not said what that data set actually is, or how it differs from the submissions hunters spent more than a decade filing.

‼️🚨 BREAKING: Yet another Instagram exploit exists due to Meta's AI chatbot having no proper guardrails. Sellers are now using it to grab premium one-letter usernames, by tricking the AI with hidden characters, then talking it into applying the change. Monitor bots show OG handles getting swapped.