![cyb3rops's tweet photo. Rapid7 dropped a write-up on the Notepad++ update-chain abuse and - finally - it comes with real IOCs
- update.exe downloaded from 95.179.213[.]0 after notepad++.exe -> GUP.exe
- file hashes for update.exe / log.dll / BluetoothService.exe / conf.c / libtcc.dll
- network IOCs incl. api[.]skycloudcenter[.]com (-> 61.4.102[.]97), api[.]wiresguard[.]com, 59.110.7[.]32, 124.222.137[.]114
by @rapid7
https://t.co/rrespJ9Ju0](https://pbs.twimg.com/media/HAKoUZyWsAAUNoZ.jpg)
![cyb3rops's tweet photo. Rapid7 dropped a write-up on the Notepad++ update-chain abuse and - finally - it comes with real IOCs
- update.exe downloaded from 95.179.213[.]0 after notepad++.exe -> GUP.exe
- file hashes for update.exe / log.dll / BluetoothService.exe / conf.c / libtcc.dll
- network IOCs incl. api[.]skycloudcenter[.]com (-> 61.4.102[.]97), api[.]wiresguard[.]com, 59.110.7[.]32, 124.222.137[.]114
by @rapid7
https://t.co/rrespJ9Ju0](https://pbs.twimg.com/media/HAKoUZwXMAIGkD3.jpg)
Olivia
Online
Kostya Kortchinsky
@crypt0ad
🇫🇷 grep'ing for memcpy() since 2002AD. Currently @ Databricks. Formerly GOOG, MSFT. Tweets are my own, and sometimes attempts at being funny.
Seattle, WA
Joined April 2011
139 Following
7.7K Followers
3.1K Posts
Pinned Tweet
Escaping VMware Workstation through COM1 -- https://t.co/TBxZ5BuPit [VMSA-2015-0004]
A recent meal aboard the Lincoln CSG, fighting for months off the coast of Iran. Sailors reportedly say ships in the region have been rationing food supplies as the deployment wears on -USA Today
👀👀👀 https://t.co/yAYyfyBsC3
US medical device maker Stryker hit with cyberattack from Iranian hacktivists who remotely wiped employee devices. "many employees have had their device data wiped and cannot access their accounts" Stryker makes surgical/imaging equipment, defibrillators https://t.co/PA2eBYjPfK
Who to follow
`Ivan
@Ivanlef0u
Alex Matrosov 
@matrosov
Security REsearch @Anthropicai · Breaking & Fixing AI Failure Modes | Founder @binarly_io · @SBOM_Tools · @REhints | Author “Rootkits & Bootkits" (https://t.co/1wd2dfYHY6)
ς๏гєɭคภς0๔3г ([email protected])
@corelanc0d3r
Corelan | Infosec Researcher&Trainer, Hacker | Outgoing Introvert (INFJ-A) | Book lover | Fountain pen affictionado | Chess amateur | Foodie | 🖤
The real story is worse.
November 2025: Amazon mandates Kiro as their only AI coding tool. Sets an 80% weekly usage target. 1,500 engineers protest internally, saying Claude Code outperforms it. Leadership pushes through anyway.
December: Kiro autonomously deletes a production AWS environment. 13-hour outage. Amazon's response: "user error, not AI autonomy."
March 5: Amazon[.]com goes down for 6 hours. Checkout, pricing, accounts — all gone.
Now the same SVP who co-signed the Kiro mandate is running an emergency meeting about "high blast radius" incidents from "Gen-AI assisted changes."
The agent inherited a senior engineer's permissions and acted like one — except it doesn't hesitate.
1,500 engineers said the tool wasn't ready. Leadership made adoption a KPI. Amazon told Wall Street it's spending $200B on AI this year. They can't walk it back.
This isn't an AI failure. It's what happens when adoption becomes a corporate OKR before the review process catches up.
The tools work. The org chart didn't.
![PawelHuryn's tweet photo. The real story is worse.
November 2025: Amazon mandates Kiro as their only AI coding tool. Sets an 80% weekly usage target. 1,500 engineers protest internally, saying Claude Code outperforms it. Leadership pushes through anyway.
December: Kiro autonomously deletes a production AWS environment. 13-hour outage. Amazon's response: "user error, not AI autonomy."
March 5: Amazon[.]com goes down for 6 hours. Checkout, pricing, accounts — all gone.
Now the same SVP who co-signed the Kiro mandate is running an emergency meeting about "high blast radius" incidents from "Gen-AI assisted changes."
The agent inherited a senior engineer's permissions and acted like one — except it doesn't hesitate.
1,500 engineers said the tool wasn't ready. Leadership made adoption a KPI. Amazon told Wall Street it's spending $200B on AI this year. They can't walk it back.
This isn't an AI failure. It's what happens when adoption becomes a corporate OKR before the review process catches up.
The tools work. The org chart didn't.](https://pbs.twimg.com/media/HDHMJnGWEAAkEZy.jpg)
BREAKING: Amazon reportedly holds mandatory meeting after “vibe coded” changes trigger major outages.
Just derestricted a now-fixed kernel bug in Pixel 10. I think this ranks as the most easily exploited kernel bug of all time😬
Thanks to @tehjh for collab'ing on this driver and full credits for noticing this bug in the first 5 minutes of auditing😂
https://t.co/hebHBfXB4F
We're introducing Codex Security.
An application security agent that helps you secure your codebase by finding vulnerabilities, validating them, and proposing fixes you can review and patch.
Now, teams can focus on the vulnerabilities that matter and ship code faster.
https://t.co/L9SkqrGro2
SCOOP: Top investigators at Binance were fired after they uncovered evidence of more than $1 billion in Tether flowing to Iranian entities through the exchange in potential violation of sanctions laws.
https://t.co/sY0hUziASL
New piece w/ @bdanweiss
Introducing the Codex app—a powerful command center for building with agents.
Now available on macOS.
https://t.co/HW05s2C9Nr
Rapid7 dropped a write-up on the Notepad++ update-chain abuse and - finally - it comes with real IOCs
- update.exe downloaded from 95.179.213[.]0 after notepad++.exe -> GUP.exe
- file hashes for update.exe / log.dll / BluetoothService.exe / conf.c / libtcc.dll
- network IOCs incl. api[.]skycloudcenter[.]com (-> 61.4.102[.]97), api[.]wiresguard[.]com, 59.110.7[.]32, 124.222.137[.]114
by @rapid7
https://t.co/rrespJ9Ju0
![cyb3rops's tweet photo. Rapid7 dropped a write-up on the Notepad++ update-chain abuse and - finally - it comes with real IOCs
- update.exe downloaded from 95.179.213[.]0 after notepad++.exe -> GUP.exe
- file hashes for update.exe / log.dll / BluetoothService.exe / conf.c / libtcc.dll
- network IOCs incl. api[.]skycloudcenter[.]com (-> 61.4.102[.]97), api[.]wiresguard[.]com, 59.110.7[.]32, 124.222.137[.]114
by @rapid7
https://t.co/rrespJ9Ju0](https://pbs.twimg.com/media/HAKoUZzXMAQFKph.jpg)
This is bad.
Putty level bad.
https://t.co/3w1C8YiBu8
At #Pwn2Own Berlin 2025, a full exploit chain against VMware Workstation was demonstrated via a heap overflow in the PVSCSI controller.
Despite Windows 11 LFH mitigations, advanced heap shaping and side-channel techniques enabled a reliable exploit.
🔍 Full technical write-up 👇
https://t.co/R0E5Uqql1E
Verified! @synacktiv chained two vulnerabilities - an information leak and an out‑of‑bounds write - to achieve a full win in the Tesla Infotainment USB‑based Attack category, earning $35,000 USD and 3.5 Master of Pwn points. #Pwn2Own #P2OAuto
Blog post: On the Coming Industrialisation of Exploit Generation with LLMs https://t.co/aK4pysY1wD
TL;DR: I ran an experiment with GPT-5.2 and Opus 4.5 based agents to generate exploits for a zeroday QuickJS bug. They're pretty good at it.
Code: https://t.co/47xHRObhRy
@seanhn I SEE IT WAS A TRAP
@seanhn SROP chain, exit handler to setcontext+0x35, uc with rip=syscall_gadget,rsp=&frame1,rax=SYS_rt_sigreturn,uc.ssp=leaked_ssp and then build frames with with rip to syscall, rax to SYS_*, regs to params, and rsp to next frame. No returns, but leaked_ssp required?
@seanhn AI says to make the exit handler call a libc context-switch gadget (setcontext+0x35 or the like) and drive a tiny ROP chain that does openat/write/close.
__exit_funcs flavor ef_cxa, fn=setcontext,arg=&uc. With uc rsp=&rop[0],rip=ret_gadget, registers as needed
@seanhn IMPORTANT DETAIL
@ifsecure Reminder that Scudo is open source, feel free to send out improvements to the Secondary :P
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers