cybrz

about 1 month ago

Collision! Although successful on stage, Emanuele Barbeno, Cyrill Bannwart, Yves Bieri, Lukasz D., Urs Mueller (@compasssecurity) of Compass Security targeted Anthropic Claude Code, hitting a one-vulnerability collision with a previous attempt and earning $20,000 and 2 Master of Pwn points. #Pwn2Own #P2OBerlin

thezdi's tweet photo. Collision! Although successful on stage, Emanuele Barbeno, Cyrill Bannwart, Yves Bieri, Lukasz D., Urs Mueller (@compasssecurity) of Compass Security targeted Anthropic Claude Code, hitting a one-vulnerability collision with a previous attempt and earning $20,000 and 2 Master of Pwn points. #Pwn2Own #P2OBerlin

2

47

5

1

5K

cybrz retweeted

about 1 month ago

Very nicely done! Emanuele Barbeno, Cyrill Bannwart, Yves Bieri, Lukasz D., Urs Mueller (@compasssecurity) of Compass Security were able to exploit Anthropic Claude Code! They're off to the disclosure room to explain how they did it. #Pwn2Own #P2OBerlin

2

19

3

2

5K

cybrz retweeted

Cyber Security Conference #SCS26 / "Shadow IT" / October 20, 2026 / Bern / Cyber Talent Competition / #ECSC2026

about 1 month ago

Confirmed! Cyrill Bannwart, Emanuele Barbeno, Yves Bieri, Lukasz D., Urs Mueller (@compasssecurity) of Compass Security exploited Cursor in the second round, earning $15,000 and 3 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin

thezdi's tweet photo. Confirmed! Cyrill Bannwart, Emanuele Barbeno, Yves Bieri, Lukasz D., Urs Mueller (@compasssecurity) of Compass Security exploited Cursor in the second round, earning $15,000 and 3 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin https://t.co/iAM7YJELvz

0

38

3

0

4K

Who to follow

swisscyberstorm

@swisscyberstorm

Husband and father, boardgame player, amateur photographer... and red teamer for a living. ⚠️This is a personal account and isn't related to my employer⚠️

cybrz retweeted

about 1 month ago

That's a wrap on Day 2 of #Pwn2Own Berlin! Day Two added $385,750 and 15 unique 0-days, bringing event totals to $908,750 for 39 unique vulnerabilities. DEVCORE leads Master of Pwn with 40.5 points — but the fun ain't over yet, we've got one more day to go. See you tomorrow! #P2OBerlin

thezdi's tweet photo. That's a wrap on Day 2 of #Pwn2Own Berlin! Day Two added $385,750 and 15 unique 0-days, bringing event totals to $908,750 for 39 unique vulnerabilities. DEVCORE leads Master of Pwn with 40.5 points — but the fun ain't over yet, we've got one more day to go. See you tomorrow! #P2OBerlin

2

164

25

15

13K

cybrz retweeted

about 1 month ago

Big W!! 💪 Emanuele Barbeno, Cyrill Bannwart, Yves Bieri, Lukasz D., Urs Mueller (@compasssecurity) of Compass Security were able to exploit OpenAI Codex! Off to the disclosure room to spill the tea. #Pwn2Own #P2OBerlin

0

15

4

1

3K

cybrz retweeted

about 1 month ago

Compass vulnerability research identified code execution paths affecting AI coding assistants including @claudeai , @cursor_ai and @OpenAI #Codex. The findings will be demonstrated live at @thezdi Initiative #Pwn2Own Berlin 2026, May 14 to 16. #AIsecurity #LLM

compasssecurity's tweet photo. Compass vulnerability research identified code execution paths affecting AI coding assistants including @claudeai , @cursor_ai and @OpenAI #Codex. The findings will be demonstrated live at @thezdi Initiative #Pwn2Own Berlin 2026, May 14 to 16. #AIsecurity #LLM https://t.co/pZT5cbXxz7

0

11

4

1

952

cybrz @cybrz

5 months ago

People know I am all crazy about electricity and electronics. So, I am specially excited about the wall charger exploit and I must admit I am very tempted to try my luck on European models. Unfortunately, there is no vacation in sight yet 🤪. This is a huge achievement! Congratz!

5 months ago

2-for-2! 🏆 Huge shoutout to @yves_bieri and Lukasz for clean exploits on the Alpine iLX-F511 and Grizzl-E Smart 40A systems with the Charging Connector Protocol/Signal Manipulation add-on. Couldn’t be prouder of the team for executing perfectly today. Congrats! #Pwn2Own

0

12

1

0

2K

0

2

0

35

cybrz @cybrz

5 months ago

@compasssecurity 🍀 for the draw. 🇨🇭#BringEnHei !!!

0

2

0

27

cybrz retweeted

5 months ago

Here we are again! Finally on the ground for #Pwn2Own Automotive in Tokyo. 🏎️💻 Our team is ready, and we’re just waiting for the Tuesday draw to see when we’re up. Big week ahead! Stay tuned! 🛠️🔥

compasssecurity's tweet photo. Here we are again! Finally on the ground for #Pwn2Own Automotive in Tokyo. 🏎️💻 Our team is ready, and we’re just waiting for the Tuesday draw to see when we’re up. Big week ahead! Stay tuned! 🛠️🔥 https://t.co/VoHMkZAElF

1

12

1

0

744

cybrz @cybrz

6 months ago

There will be… Switzerland's highest max. bounty EVER

6 months ago

Thank you #BugHunters for your relentless curiosity and clean reports that keep our customers #BugBountyProgram sharp. Soon to announce: Switzerland's highest max. #bounty EVER, new programs and budget refills. Stay tuned! For now: shutdown, enjoy the festive season and recharge

compasssecurity's tweet photo. Thank you #BugHunters for your relentless curiosity and clean reports that keep our customers #BugBountyProgram sharp.

Soon to announce: Switzerland's highest max. #bounty EVER, new programs and budget refills. Stay tuned! For now: shutdown, enjoy the festive season and recharge https://t.co/b8rQrcfD3s

0

1

0

358

0

18

cybrz retweeted

6 months ago

Thank you #BugHunters for your relentless curiosity and clean reports that keep our customers #BugBountyProgram sharp. Soon to announce: Switzerland's highest max. #bounty EVER, new programs and budget refills. Stay tuned! For now: shutdown, enjoy the festive season and recharge

0

1

0

358

cybrz retweeted

8 months ago

🎉Success. Our #Pwn2own team combined #zeroday bugs to remotely #exploit @home_assistant green which earned them $20'000 and 4 pts. Congratz to @bcyrill Emanuele, Lukasz @muukong and @yves_bieri. Respect to @stephenfewer (@rapid7) and @_mccaulay (@SummoningTeam) for their wins.

compasssecurity's tweet photo. 🎉Success. Our #Pwn2own team combined #zeroday bugs to remotely #exploit @home_assistant green which earned them $20'000 and 4 pts. Congratz to @bcyrill Emanuele, Lukasz @muukong and @yves_bieri.

Respect to @stephenfewer (@rapid7) and @_mccaulay (@SummoningTeam) for their wins. https://t.co/Yp1kEpFjF9

0

44

4

1

2K

cybrz retweeted

8 months ago

🧭 Navigation complete! @compasssecurity just charted a course straight into @home_assistant Green at #Pwn2Own. They head off to the disclosure room to spill how they did it. #P2OIreland

0

9

1

0

3K

cybrz retweeted

8 months ago

. #Pentest of gRPC-Web apps is tricky due to the binary format. We are releasing bRPC-Web, a @PortSwigger @Burp_Suite extension developed by our @muukong that makes #gRPC-Web traffic readable and editable, even in the absence of #protobuf schema files. https://t.co/xSYHr3yvWU

compasssecurity's tweet photo. . #Pentest of gRPC-Web apps is tricky due to the binary format. We are releasing bRPC-Web, a @PortSwigger @Burp_Suite extension developed by our @muukong that makes #gRPC-Web traffic readable and editable, even in the absence of #protobuf schema files. https://t.co/xSYHr3yvWU https://t.co/lRQPZC6H3A

0

121

22

63

6K

cybrz retweeted

8 months ago

@thezdi #Pwn2own schedule is out. Compass folks have been drawn 3rd to exploit the @home_assistant Green for $40,000. 🤞for a #bounty today Tuesday Oct 21st, 5pm (Swiss time). #ethicalhacking cc @hass_devs Schedule: https://t.co/rQAoPTTd5Y

0

3

1

0

171

cybrz retweeted

Dirk-jan @_dirkjan

9 months ago

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: https://t.co/jD6EaGtsn3

138

3K

902

1K

475K

cybrz retweeted

9 months ago

Episode 5 of our Kerberos deep dive is live. Constrained delegation isn’t bulletproof. See how attackers exploit it, and how to defend with monitoring & best practices. https://t.co/wIqDBT5gnH #Kerberos #ActiveDirectory

0

4

3

1

539

cybrz retweeted

10 months ago

Calling all bug hunters! schulNetz by Centerboard AG is now in scope! Help protect over 100k users in schools. Are you ready to make the grade and earn bounties? Program: https://t.co/peIfkXFTCd #bugbounty

compasssecurity's tweet photo. Calling all bug hunters! schulNetz by Centerboard AG is now in scope! Help protect over 100k users in schools. Are you ready to make the grade and earn bounties? Program: https://t.co/peIfkXFTCd #bugbounty https://t.co/y9UOrX3Xtz

1

3

2

1

549

cybrz retweeted