Kabuto

@C2IRIS This is finally relevant

There is a leaked Coruna version being used against iOS 26.3 at present, btw Google, et al just haven’t released their report on it because Apple hasn’t been able to patch yet “Responsible disclosure” usually = creepy, vague lying to the public via omission & half truths

@IntelOpsV3 @session_app @DoingFedTime @vxunderground @rmoskovy Totally missed that thanks. I remember looking at the asar for session and seeing the misconfig and thinking lol this is gonna be a problem some day

@meterpretered @session_app @DoingFedTime @vxunderground "We have already demonstrated and were able to successfully complete an ATO attack and extract the victim’s private key completely remotely." @rmoskovy has already confirmed a separate XSS vulnerability

Complete remote account takeover in @session_app Desktop by extracting the account’s Ed25519 private key! 🚨 @DoingFedTime @vxunderground

The threat actor group Hellcat has now reportedly had 2 of its members de-anonymized, those members being Rey & Pryx. IntelBroker, Hellcat's most notorious alleged member in terms of publicity, was reportedly arrested in 2025 and is believed to be in custody. The current state of Hellcat is shown in the image of alleged members below.

@YugoUnderground @SerbianSpirit_ You’re a retard, this is a threat intel report on a data breach and the origin of the data is Serbia, obviously they don’t know where the threat actor is from you idiot

@SerbianSpirit_ It says Serbian 🤣🤣🤣 again Serbia goverment propaganda at its finest

🚨 The hacker behind the Telekom Srbija breach—which leaked ~160,000 customer records—goes by the alias "Zeus_kos", hinting at a possible Albanian 🇦🇱 connection from Kosovo-Metohija 🇷🇸 The actor claims more data will be released tomorrow, raising fears of a larger exposure.

@mramisuzuki @MikeSonko @Sassy_Khat Not to mention that this already exists and that this is just a smaller version for teeth. It’s like if I made a small towel and claimed to be the genius inventor of the hand towel lol

@MikeSonko @Sassy_Khat Patent. Rotating drum cleaners even at small scale are unlikely to be accepted for patent, because the design is ubiquitous.

A white man will steal this, take it back to America and later claim that he invented it. This is what they always do.

@thaulos @Fragbaza Brain so oneshotted by slop that you can’t only understand things as a metaphor for porn

@Fragbaza Honey, wake up, World’s first cuck just dropped

In the early 600s, an elderly hermit named Saint Vitalis of Gaza arrived in the city of Gaza after many years of living alone in the desert. Even though he was about sixty years old, he chose hard physical labor, carrying heavy stones each day just to earn a few small coins. But every night, people saw him walking into the city’s brothels. In a deeply religious community, this shocked many people. Soon, rumors spread everywhere. People began calling him a hypocrite and a fraud, and many treated him with open disrespect. For years, Vitalis never defended himself. He quietly accepted the insults and judgment. What no one in the city knew was that he never went there for sinful reasons. Instead, he used the money he earned from exhausting labor to pay for time with the women—only to sit and speak with them kindly. He encouraged them to believe they deserved a better life and offered help to those who wanted to leave that painful world behind. Little by little, he helped many women escape their situation. He gave them money for dowries, helped them find safe places to live, and connected them with honest work so they could begin new lives. But he always asked them to keep his actions secret. Vitalis understood that if people knew the truth, the women’s past would follow them forever. So he allowed the city to believe the worst about him in order to protect their future. One night, Vitalis was badly attacked in the street and later died alone in a small room. At first, people in Gaza showed little sympathy. But at his funeral, many women appeared—women the city barely recognized anymore. They bravely shared the truth about the man everyone had judged. As the story spread, the city was filled with regret and sorrow. The man they had mocked had actually been quietly saving lives. In time, the church honored him as a saint, reminding the world that true kindness is often hidden behind misunderstanding.

@al_f4lc0n @immunefi What a bunch of idiots lol, the next person who’s desperate enough will find this writer and totally finger fuck their platform 😂 state of bug bounty in 2026

I Saved Injective's $500M. They Pay Me $50K. I like hunting bugs on @immunefi . I'm decent at it. - #1 — Attackathon | Stacks - #2 — Attackathon | Stacks II - #1 — Attackathon | XRPL Lending Protocol - 1 Critical and 1 High from bug bounties (not counting this one) Life was good. Then I found a Critical vulnerability in @injective . This vulnerability allowed any user to directly drain any account on the chain. No special permissions needed. Over $500M in on-chain assets were at risk. I reported it through Immunefi. The next day, a mainnet upgrade to fix the bug went to governance vote. The Injective team clearly understood the severity. Then — silence. For 3 months. No follow up. No technical discussion. Nothing. A few days ago, they notified me of their decision: $50K. The maximum payout for a Critical vulnerability in their bug bounty program is $500K. I disputed it. Silence again. No explanation for the reduced payout. No explanation for the 3 month ghost. No conversation at all. To be clear: the $50K has not been paid either. I've seen others share bad experiences with bug bounty payouts recently. I never thought it would happen to me. I can't force them to do the right thing. But I won't let this be forgotten. I will dedicate 10% of all my future bug bounty earnings to making sure this story stays visible — until Injective pays what I deserve. Full Technical Report: github.com/injective-wall…

@imfckxxgcherry @qryptoide @Rekthouse @King_Sukunaaa This is elementary physics that every retard knows. How can a machine that generates cold also output cold. Where is the heat (energy) from the warm air and external environment that is trying to warm up the fridge going?

@qryptoide @Rekthouse @King_Sukunaaa that's not my question. does he understand how every thing works. because if he does he shouldn't be here

You're never gonna believe this

@jamieantisocial Compiler flags that I determined by consulting a crystal orb 6 weeks ago on a random Monday, and nothing else works.

hunting through telemetry for your own payload's compiler flags that you can't remember is peak infosec.

@SecondA16110022 @HansMarvel3 @JeffYoungerShow Nothing says readable and predictable like a tweaked with a knife right

@HansMarvel3 @JeffYoungerShow If you are able to read people, you can see there was a good chance to avoid the confrontation. You don’t have to turn your back to him, you can face him but walk away.

He’s fighting a guy with a knife. His wife GRABS HIS ARMS FROM BEHIND. Unfathomably stupid. He should get rid of her. She’ll get him killed.

@null6374 @amsryq @10x_er Ehhh not true. The hardware ID key is burned into the chip, not the pin. The pin is combined with this key to create a key for encrypting/decrypting the filesystem

@amsryq @meterpretered @10x_er Sry I missed this bro. Once you 4-6 digit code into a normal iPhone device it is logged as your private key, burned into the silicon not readable by software. Touch and Face Id are only temporary keys, someone would have to remove the chip and probe the silicon with high level

It’s really stupid how on restart you can’t use Touch ID or face id but you can use your password??

@null6374 @10x_er It’s definitely easier to replicate a 6 digit code than to replicate face or Touch ID, replicating someone’s exact biometric markers is basically nearly fucking impossible

@10x_er I don’t know what is easier at all tbh, I’m not an expert. Times are changing very rapidly. Just a theory, of what’s going on in the Apple cyber dev’s head, from a logic perspective idk lolz.

@Autonomous_Chad @dunik_7 True, but you can do this across markets, for example buying yes on polymarket and no on kalshi

@dunik_7 for the reason i mentioned. YES bids are mirrored into NO asks automatically, there is never a point where you can buy YES + NO < 1c

you see YES at $0.62 and NO at $0.33. you do the math: $0.95, not a dollar, so there’s arbitrage. buy both for $0.95, get $1.00 back, pocket $0.05 and you’re right. the math checks out. but here’s the problem — by the time you opened the tab and reached for the "Buy" button a quant bot had already scanned 17,218 conditions on the platform found the same inefficiency simultaneously across 50 related markets calculated the optimal position size based on order book depth and fees executed all the trades in parallel, and rotated the capital into the next opportunity the spread was gone. you didn’t even get to click and the difference here isn’t internet speed the difference is the mathematical infrastructure behind every decision

@NameNamish @AsterNullbyte @Watermelon1Sir Hashing converts an array of bytes into an array of bytes of a set length. It does not convert utf —> B64 ascii. You can theoretically decode any data using any scheme you’d like, hash it, then encode the hash using any scheme you’d like, b64, hex, whatever

@AsterNullbyte @Watermelon1Sir The important part is hashing rather than salting, hashing should convert any utf into base64 ascii

Websites be like "your password is not secure enough" and then don't allow the scarab

@AsterNullbyte @sweenothy @Watermelon1Sir Dude r u stupid lol, the password needs to be hashed and that hash needs to be encoded into text before entering the database. That text will always be alphanumeric. If it isn’t storing the alphanumeric hash, and the scarab appears that means that it’s plaintext, which is BAD

@hackerfantastic I offer a counter perspective. I have met many insanely talented but under qualified and thus unemployed hackers, I have also met many over qualified LinkedIn slop retards with high paying jobs in cybersecurity.

I want to be brutally honest, those days are done. In the past, cyber security industry was willing to recruit former hackers, blackhat's who reformed - however today there are MANY people competing for a smaller pool of desirable jobs who do not have criminal backgrounds.

“Sophisticated phishing campaign” > give me ur pin pls, I am uhhhh, I uhhh, I work for signal

@DualBladeSteven @ashex210 Obama used the exact same loophole to bomb Libya lmao, like literally the exact same loophole. You should not be allowed to vote.

@ashex210 What these dumbass Trumpers don't realize: Trump illegally bomed Iran and made a pointless war. Obama did stuff by the book, through Congress. Trump is a Hitler Dictator. Obama was the real President