‼️ BREAKING: Anthropic has embedded hidden spyware-like code in Claude Code that covertly targets Chinese users. It then sends information regarding every user by injecting it into their prompt message.
Claude Code is sending info like timezone, proxy and possible AI Lab connections into the system prompt in ways Chinese users can't notice.
A coding agent with repo and command permissions should not silently hide routing metadata inside prompts. This is a serious breach of user trust.
Android 17 root
Full chain browser-to-kernel exploit with two 0-day vulnerabilities affecting Firefox before v151.0.2 (CVE-2026-10702)
Click on the link -> root Android
Discovered by @nebusecurity
PoC not available.
Info: https://t.co/1dmlWIsuyR
Pappu meets Pappu!
Rahul: what are the chances of becoming IAS?
Girl: 1 out of 100, means 0.01%
FYI, 1 out of 100 is 1%, not 0.01%
These students will clear IAS?
‼️🚨 BREAKING: 320,000 Fortinet firewall devices have been targeted in a campaign that has been dubbed 'FortiBleed'. Attackers were able to confirm 75,000 working credentials against the admin and SSL VPN interfaces.
The victims include really big names like Samsung, Oracle, Spotify, Sony, and more.
The data was first surfaced by researcher Volodymyr "Bob" Diachenko and analyzed by Hudson Rock and SOCRadar. The operation runs as a self-feeding loop. Attackers scan the internet for exposed Fortinet devices, then test each one against a curated list of passwords leaked from earlier Fortinet breaches and infostealer logs. Every successful login gets recorded into a verified database. They then turn each compromised box into a listening post, sniffing the traffic passing through the firewall to harvest fresh credentials, which go straight back into the scanner.
The scale is large. The group ran an estimated 1.16 billion credential attempts against more than 320,000 FortiGate targets, plus 2.1 billion brute-force tries against 160,000 MSSQL servers. In the deeper intrusions they intercept SSL VPN authentication hashes, crack them on a dedicated 45-GPU cluster, and move into internal Active Directory.
Diachenko confirmed full network compromises in Japan, Taiwan, Vietnam, Iraq, and Turkey, including a Turkish NATO defense contractor that had classified defense documents stolen.
If you run Fortinet, act now: rotate every VPN and admin credential, enforce MFA on all external gateways, restrict management access to approved sources, segment internal networks, and audit gateway logs for unusual logins. Hudson Rock has a free domain lookup at https://t.co/KLv2YiMtpm.
Data surfaced via the Hunt Intelligence, Inc. feed.
🚨 Password manager Bitwarden CLI v2026.4.0 was compromised in the ongoing Checkmarx supply chain campaign.
Attackers abused a GitHub Action in Bitwarden's CI/CD pipeline to ship malicious code.
Hey @Hacker0x01 super disappointed. Reported a critical bug on a private program: full access to 73 storage containers, (RCE) entire company's candidate PII downloadable. Triaged valid. Fixed by the team (confirmed). Then 2 months later closed as N/A "third-party SDK issue."
If the key is served from your domain, leaking your users' PII, and your team fixes it how is that N/A?
Filed mediation but 6–7 months is a long wait. Can someone from the team take a look? Bug is genuinely worth your time.
🚨 Handala Exposed: I have the names, connections, and photos of key participants.
Following the recent hack of the FBI Director, I have identified 14 direct participants of the Handala group - including hackers, operators, and a coordinator-curator (in addition to Ali Bermoudeh, Morteza Aftabifar, Yahya Hosseini Panjaki, Mousa Bermoudeh).
I have a full dossier on these participants, including real names, connections, and even photos of several of them.
I am ready to provide these materials in full.
But there is a condition.
@FBI, you are required to publicly issue official charges against the key participants of Conti Ransomware and LockBit, the materials for which I already made publicly available many months ago:
- Kvitko
- Kurashov
- Bondarenko
- Sergey Khitrov
- Kamensky
- Dementyev (LockBit leader)
The materials were complete and fully documented. During this time, there has not been a single public indictment, a single official statement, or any visible procedural action on these cases.
Here is all the evidence:
https://t.co/rZdEmYOaft
https://t.co/jQXeCV3m9Q
https://t.co/PFyow7D81L
https://t.co/l8ePGUKWCp
https://t.co/s3IHkuJoiZ
https://t.co/ZhaxBhhkGR
https://t.co/7IzU3Zw9Jf
https://t.co/Ys6y9nJ6SZ
https://t.co/GzKejmgNhD
https://t.co/bo8Vmp7XIe
https://t.co/tuUx0zg1BQ
https://t.co/ohbyMBt1Qc
https://t.co/reErnQYjdR
https://t.co/fsvD62umqF
https://t.co/u5vVlwH0As
I demand that you fulfill your direct obligations to American taxpayers, who fund the work of the FBI.
A year of inaction despite ready evidence is no longer a question of resources or priorities. It is a question of competence and principled approach to work.
I have been publishing exposes for over a year. I am capable of tracking the most hidden hackers in the world, my materials have repeatedly proven accurate.
Now it is time to show that the justice system is able to respond to verified facts.
I await an official response.
#Conti #LockBit #Handala #FBI
Bug bounty hunters & hackers I need your help.
What AI security tools are you guys actually using right now to find vulnerabilities?
Which ones are legit and not just hype?
Tag your favorite AI security companies/tools 👇
If something looks promising, I’ll try to:
• Get free access (if possible 😄)
• Or buy and test it myself
• Then drop a full honest review - how it works, how to use it, and whether it actually helps in getting bounties.
Let’s cut through the noise and find what really works.
I’m not rich enough to test EVERYTHING… so choose wisely 😂
#BugBounty #CyberSecurity #EthicalHacking #InfoSec #AI #AIsecurity #Pentesting #Hacking #SecurityTools #Vulnerability #RedTeam #BugBountyHunter #InfosecCommunity
🚨 Electrical engineers are going to hate this.
Someone just turned React into a circuit board factory. Write code. Get a real PCB manufactured and delivered to your door.
It's called tscircuit. React for Electronics.
No Altium. No $10,000/year licenses. No 6-month learning curve.
You write React components. But instead of <div> and <button>, you write <resistor>, <chip>, and <capacitor>. The same way you build a website. That's how you build a circuit board now.
Here's what this thing actually does:
→ Design real circuit boards using TypeScript and React
→ Edit code in your IDE, watch the circuit update in real time
→ Auto-generates schematics, PCB layouts, and 3D previews from your code
→ Automatic part selection and bill of materials generation
→ Built-in autorouting algorithm for PCB traces
→ Export to Gerber files and send directly to a manufacturer
→ Online playground. Design circuits in your browser right now.
Here's the wildest part:
The creator wrote 40 lines of TypeScript. From that he got a full PCB, a schematic, and a 3D preview. Then he exported it, sent it to a manufacturer, and got a real working circuit board delivered.
40 lines of code. A real physical product.
This is free. Write React. Get hardware.
$20K+ in bounties already paid to contributors. 8 years in the making.
100% Open Source. MIT License.
‼️Cambodia aims to shut down ALL online scam centers there by the end of April and they're very serious about this.
Just last night they arrested 49 scammers, confiscated 687 phones, and countless SIM cards.
What's withholding other countries from doing the same?