‼️ BREAKING: Anthropic has embedded hidden spyware-like code in Claude Code that covertly targets Chinese users. It then sends information regarding every user by injecting it into their prompt message.
Claude Code is sending info like timezone, proxy and possible AI Lab connections into the system prompt in ways Chinese users can't notice.
A coding agent with repo and command permissions should not silently hide routing metadata inside prompts. This is a serious breach of user trust.
NSA’s ZIG webpage is now live! We are providing accessible resources for enhancing enterprise cybersecurity with Zero Trust. To learn more, visit the ZIG webpage.
https://t.co/MiIGiLhQAJ
🧵 Want to develop your hacking skills? This thread is for you! 🫵
We covered the 7 vulnerability types every bug hunter should at least know. One guide per post, all completely free to read.
Check them out 👇
Introducing https://t.co/qRoPzaZ7OU
The first phone carrier built for AI agents, not humans.
Agents are making more and more real-world connections, but they’re stuck with infrastructure that isn’t built for them.
Saperly changes the game by empowering your agents with a unified phone number for both calling and messaging.
Built a small project over the past few days: OSCP DB
A curated database of OSCP-related repositories, filtered to focus on updated and relevant resources instead of outdated material.
Repo:
https://t.co/ngppzoSvr2�
Explore it:
https://t.co/nAoMIWOmBB�
preparing for OSCP
Everyone who wants to learn:
1️⃣ XSS
↪️ SSRF
🤔 OWASP
🪟 DOM XSS
🔐 Auth bypass
💉 SQL injection
📁 File upload vulns
📦 GraphQL Hacking
🧰 Burp Suite Mastery
🧠 Business Logic Flaws
💔 Broken Access Control
🏴☠️ Real Exploit Techniques
💥 Much, much, much, more
I hope you found this account.
It's never too late to get started with bug bounties! 🤠
Still feeling stuck? These top hackers shared their roadmap on what it takes to become a skilled bug bounty hunter! 😎
A thread! 🧵👇
Most red team books tell you WHAT to do. This one shows you HOW to actually do it.
Red Team Engineering by @CaseyLErdmann breaks the "theory only" curse – custom tools, real infrastructure, the techniques that usually stay behind closed doors. From someone who's actually been there.
DEF CON attendees know the difference between talks and walks. This book walks.
Get the special edition only at our booth!
🚨 OSCP GIVEAWAY ALERT🚨
We’re giving away 3 OSCP vouchers to supercharge your pentesting journey – proudly sponsored by @offsectraining ! 💥🙌
To enter:
1.✅ Follow Us
2.🔁 Retweet this post
3.❤️ Like this post
4.💬 Reply with your funniest cybersecurity meme
🎯 We’ll pick 3 random winners – don’t miss your chance to win the gold standard in offensive security!
🗓️ Deadline= 20 June
Let the hacking+meme battle begin! 🧠💻
#OSCP #OffSec #Giveaway #BSidesAhmedabad #Infosec #Cybersecurity
My predictions on vibe-coding (for the next 24 months or so)
* Vibe coding is going to lead to massive application security debt. Most of these solutions are NOT architected with security in mind. And security as usual, is late to the party
* Vibe coding is going to lead to more developers/devops being needed to deploy, maintain and manage the apps. Companies who've never built apps will be building them and they will need real people to run and maintain them
* We're going to see an explosion of vibe-coded libraries in the supply-chain. Add the security element to that and the impact likely is like CDOs for subprime mortgages (channel the inner "Big Short" energy)
Need to get ahead of this problem:
* Start security early. In the design phase - build with secure by design principles
* Get your devs aware of security issues - And the way to spot bugs. They are now secure code reviewers
Bootcamp giveaway! We are giving away 1 seat each for our May'25 bootcams.
Please Follow us, Repost and Comment to participate.
Starts 16th May - Cloud Red Team Tactics for Attacking and Defending Azure
Starts 17th May - Red Team Tactics: Attacking and Defending Active Directory
https://t.co/SIGfD8TPVQ
#RedTeam #Pentesting
PYTHON is difficult to learn, but not anymore!
Introducing "The Ultimate Python ebook "PDF.
You will get:
• 74+ pages cheatsheet
• Save 100+ hours on research
And for 48 hrs, it's 100% FREE!
To get it, just:
1. Like & RT
2. Reply "Py"
3. Follow @Ronycoder [MUST]
[ 𝗦𝗢𝗠𝗘 𝗨𝗦𝗘𝗙𝗨𝗟 𝗖𝗬𝗕𝗘𝗥 𝗦𝗘𝗖𝗨𝗥𝗜𝗧𝗬 𝗥𝗘𝗦𝗢𝗨𝗥𝗖𝗘𝗦 𝗟𝗜𝗡𝗞𝗦 ]
⭕𝗔𝘄𝗲𝘀𝗼𝗺𝗲 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 - A collection of awesome software, libraries, documents, books, and resources about security.
🔗https://t.co/sm0to77Cqi
⭕𝗔𝘄𝗲𝘀𝗼𝗺𝗲 𝗪𝗲𝗯 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 - Web Security materials and resources for cutting-edge penetration techniques.
🔗https://t.co/cTv8Rsm6nD
⭕𝗔𝘄𝗲𝘀𝗼𝗺𝗲 𝗠𝗮𝗰𝗵𝗶𝗻𝗲 𝗟𝗲𝗮𝗿𝗻𝗶𝗻𝗴 for Cyber Security Tools and resources on machine learning for cybersecurity.
🔗https://t.co/QBBO7g8rDy
⭕𝗔𝘄𝗲𝘀𝗼𝗺𝗲-𝘄𝗲𝗯-𝗵𝗮𝗰𝗸𝗶𝗻𝗴 - Resources for learning about web application security.
🔗https://t.co/jghDy66hcv
⭕A𝘄𝗲𝘀𝗼𝗺𝗲-𝗺𝗼𝗯𝗶𝗹𝗲-𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 - Maintained by @vaib25vicky with contributions from the security and developer communities.
🔗https://t.co/M6zMgKJ8j7
⭕𝗔𝘄𝗲𝘀𝗼𝗺𝗲-𝘁𝗵𝗿𝗲𝗮𝘁-𝗶𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲 - A curated list of awesome Threat Intelligence resources.
🔗https://t.co/SoUUlgbPg0
⭕𝗔𝘄𝗲𝘀𝗼𝗺𝗲-𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆-𝗵𝗮𝗿𝗱𝗲𝗻𝗶𝗻𝗴 - Collection of security hardening guides, best practices, and tools.
🔗https://t.co/N5jsnRmZue
𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆-𝗵𝗮𝗿𝗱𝗲𝗻𝗶𝗻𝗴
⭕𝗔𝘄𝗲𝘀𝗼𝗺𝗲 𝗖𝘆𝗯𝗲𝗿 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 - A collection of software, libraries, documents, and resources about security.
🔗https://t.co/D9c5KdYBF5
⭕𝗔𝘄𝗲𝘀𝗼𝗺𝗲 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀 - A curated list of malware analysis tools and resources.
🔗https://t.co/fFBGaVY7Bj
𝗧𝗵𝗿𝗲𝗮𝘁 𝗗𝗮𝘁𝗮𝗯𝗮𝘀𝗲𝘀 𝗮𝗻𝗱 𝗔𝗹𝗲𝗿𝘁𝘀
⭕𝗔𝗧𝗧&𝗖𝗞 - A knowledge base of cyber adversary behavior and lifecycle taxonomy.
🔗https://t.co/lZBG808Jh3
⭕𝗡𝗛𝗦 𝗗𝗶𝗴𝗶𝘁𝗮𝗹 𝗖𝘆𝗯𝗲𝗿 𝗔𝗹𝗲𝗿𝘁𝘀 - Cybersecurity alert notifications for health and care organizations.
🔗https://t.co/Ono8w0kg2F
⭕𝗖𝗩𝗘-𝘀𝗲𝗮𝗿𝗰𝗵 - Interface to search publicly known information on vulnerabilities.
🔗https://t.co/931NOjW2Bg
⭕𝗩𝗨𝗟𝗗𝗕 - Vulnerability database documenting and explaining security vulnerabilities since 1970.
https://t.co/DQ33nx0ZlJ
⭕𝗧𝗵𝗲 𝗘𝘅𝗽𝗹𝗼���𝘁 𝗗𝗮𝘁𝗮𝗯𝗮𝘀𝗲 - Maintained by Offensive Security for vulnerability exploits.
🔗https://t.co/6C4YhmZBBe
⭕0𝗱𝗮𝘆.𝘁𝗼𝗱𝗮𝘆 - One of the most comprehensive security exploit databases.
🔗https://t.co/IXPP9JpCwG
⭕𝗥𝗔𝗣𝗜𝗗7 - A repository of vetted software exploits and vulnerabilities.
🔗https://t.co/8mvsI8hTp1
⭕𝗡𝗮𝘁��𝗼𝗻𝗮𝗹 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗗𝗮𝘁𝗮𝗯𝗮𝘀𝗲 - U.S. government repository for vulnerability management data.
🔗https://t.co/hl7iU2g7hn
⭕𝗖𝗫𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 - A collection of information on data communication safety.
🔗https://t.co/phEBOIqaS8
⭕𝗖𝗵𝗶𝗻𝗮 𝗡𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗗𝗮𝘁𝗮𝗯𝗮𝘀𝗲 (𝗖𝗡𝗡𝗩𝗗) - Chinese government-run vulnerability database.
https://t.co/yRFyR90Qfk
Reference - Linkdin
It's been 1000+ hours into bug bounties since the day I started.
Hunting: 1002 hrs
Cyberstudy: 363 hrs
Days worked: 271 days
Here's the top 59 lessons/advice/learning I've been giving myself since day one that have helped me reach where I am today (a thread 1/60):
#BugBounty
Hackers claim to have breached Gravy Analytics, a US location data broker selling to government agencies.
They shared 3 samples on a Russian forum, exposing millions of location points across the US, Russia, and Europe.
It's OSINT time! 👇
Ever wanted to crack a hash, but you did not have the resources for it?
Introducing Hashcrack-AI. A python script that uses https://t.co/gqfOJfKYjv resources by attempting to crack a hash you have with Hashcat.
https://t.co/JKTk92Pkve