We just released a new article on how we made more than 50,000$ in #BugBounty by doing a really cool Software Supply Chain Attackπ₯
π https://t.co/wDYdgWYbut
Hey @Hacker0x01 , Huge shoutout to triager "h1_analyst_malenia" π
Iβm seriously impressed by the level of professionalism, technical expertise and empathy theyβve shown over the past few months.
Thank you!
πππ‘ πππππππ
We're introducing an open-source agent orchestrator for deep security reviews.
We built it for internal use, and after running it against some major OSS projects, we gained conviction to share it with the world.
Coding agents can now find critical vulnerabilities in minutes that would take teams of people months (if they can spot them at all). Since πππππππ is optimized to work with Vercel Sandbox, you can effectively harness the power of thousands of agents scrutinizing your codebase in parallel.
I encourage you to try this on your repositories. BTW: If you run an OSS project and want us to sponsor a run, my DMs are open.
π£π’ Calling all Android and Chrome bug hunters π§βπ»π!
We're updating our Android & Chrome VRP programs to ensure we can continue to reward the most challenging and impactful vulnerabilities researchers find in our products. For details, π
https://t.co/hyZzEIampk
We see our home planet as a whole, lit up in spectacular blues and browns. A green aurora even lights up the atmosphere. That's us, together, watching as our astronauts make their journey to the Moon.
β¨ Launching https://t.co/muyolpXluI - free, community, no signup
Stop blindly installing OpenClaw skills like Maniac.
My friend mass-installed OpenClaw skills for a client project last month. Two days later his AWS bill exploded. A skill that looked totally legit was quietly stealing his credentials the whole time.
Together we built Clawned
Paste any skill β scanned against 60+ threat patterns in under 2 seconds.
6,500+ skills scanned so far. 1 in 5 flagged something.
Stop trusting https://t.co/hVK0WIHzvr files blindly.
You may have read @AnthropicAI Frontier Red Team's blogpost about finding zero-day vulnerabilities at scale. I think it's more than that - LLM workflows greatly improve "negative-day" and "never-day" discovery. Here's the tool I built to do this.
https://t.co/2U5VHOiBBD
We hacked the AWS JavaScript SDK, a core library powering the entire @AWScloud ecosystem - including the AWS Console itself π€―
How did we do it? Just two missing characters was all it took.
This is the story of #CodeBreach π§΅π