$312,500 worth of stored/reflected XSS vulnerabilities in Meta’s Conversions API Gateway allowed Javascript code to run on any Facebook domain and millions of third-party websites. The flaw enabled zero-click Facebook account takeover and more:
https://t.co/7gWpR4LQ8x
#CVE-2025-55182: RSC RCE — It functions as an in-memory webshell backdoor, offering a significantly more covert foothold. Please verify this again on your own endpoint.
💥 Remote Code Execution in GitHub Copilot (CVE-2025-53773)
👉 Prompt injection exploit writes to Copilot config file and puts it into YOLO mode, then we get immediate RCE
🔥 Bypasses all user approvals
🛡️ Patch is out today. Update before someone else does it for you
In April, @samwcyo and I discovered a way to bypass airport security via SQL injection in a database of crewmembers. Unfortunately, DHS ghosted us after we disclosed the issue, and the TSA attempted to cover up what we found.
Here is our writeup:
https://t.co/g9orwwgoxt
Today I received a $12,000 bounty using the Sandwich Attack ! 🤑
The vulnerability allowed me to enumerate the API Keys of other users 🤯
How did I do that ? Well the API key was a UUIDv1. If you are not familiar with UUIDv1s you need to know that they are constructed in 6 sections:
High, Mid, Low, Clock Sequence, Node ID, and UUID version.
Interestingly, the Node ID corresponds to the MAC address of the system generating the identifier. This means that if two consequent UUIDs are generated on the same device, this part remains the same, similar to the Clock Sequence.
When High, Mid, and Low are combined, they reveal a timestamp represented in hexadecimal value.
Using some basic mathematics it's possible to subtract the offset between the Gregorian Calendar and the Julian Calendar and then divide by 1000 to get an Epoch TimeStamp.
Ok now that we know that they are generated by a timestamp + machine ID, it means that we could generate them back if we know when the API keys were created 🧐
Luckily enough the API Key that I was using was generated in a batch, meaning I could use the Sandwich Attack in order to brute force the API Keys of other users easily 🔥
If you want to know more about how I exploited the Sandwich Attack, go check my video about this on my YouTube channel 🤟
Yay, today was a good day, after reading JS files for 10 hours and with several chains I found an ATO without interaction bypassing the client and server side encryption mechanism. I recommend this article, it helped me a lot, the bug was triaged :).
https://t.co/0kHdElfCDu