Sam Stepanyan

5.4K posts

Sam Stepanyan

@securestep9

@OWASPLondon Chapter Leader (#OWASP #OWASPLondon). OWASP Board Member. Application Security (#AppSec) Consultant. OWASP #Nettacker Project leader. #CISSP

London, UK 가입일 Eylül 2013

3.7K 팔로잉7.3K 팔로워

Sam Stepanyan@securestep9·1h

#Trivy, a popular open-source vulnerability scanner, was compromised - attackers hijacked 75 version tags in #GitHub Actions to deliver an infostealer. It ran in CI pipelines, stealing creds and tokens, exfiltrating data: #SoftwareSupplyChainSecurity 👇 thehackernews.com/2026/03/trivy-…

English

Sam Stepanyan@securestep9·2h

Today I am re-watching: "Achieving Secure Continuous Delivery" - a talk presented by Lucian Corlan and Chris Rutter at the @OWASPLondon meetup back in 2016. Featuring #ChuckNorris meme: #SecureSDLC 👇 youtube.com/watch?v=HyBhsH…

YouTube

English

Sam Stepanyan@securestep9·5h

@HackingDave @ArmanSameer95 @rez0__ @AnthropicAI Can you share an example security research prompt which used to work, but now gets blocked because Anthropic considers it a Terms violation?

GIF

English

Dave Kennedy@HackingDave·11h

@ArmanSameer95 @rez0__ @AnthropicAI It also seems like 4.6 went six months behind. It’s really bad right now

English

530

TESS@ArmanSameer95·1d

@AnthropicAI Your recent update just killed Claude capabilities to do any security research.

English

9.5K

Sam Stepanyan@securestep9·3d

@milesdeutscher @milesdeutscher It is fascinating how many accounts impersonate you and reply to your tweets trying to push crypto scams pretending to be you:

English

Miles Deutscher@milesdeutscher·3d

underrated af new Claude features: • Interactive charts • Cowork scheduled tasks • Cowork plug-ins • Memory management (import/export) • Claude in Excel • Infinite chats • Push-to-talk in Claude Code These features alone make Claude the most powerful AI platform available.

English

302

21.7K

Sam Stepanyan@securestep9·3d

#telnet: Yet Another Critical Unauthenticated Root RCE #vulnerability CVE-2026-32746 discovered in legacy inetUtils Telnet - no user interaction and no special network position required. Telnet is still in use in old switches, routers, ICS/IoT, cameras: 👇 thehackernews.com/2026/03/critic…

English

203

Sam Stepanyan@securestep9·3d

@ErezYalon ^My eyes 👀 hurt from seeing a SQL Injection and plain-text password storage - vulnerabilities so typical for AI-generated (vibe-coded) applications. When reviewing AI-Coded apps I also frequently come across AWS, Vercel and Supabase credentials exposed in client-side JavaScript

English

Erez@ErezYalon·4d

Code review challenge 👇 What security issue jumps out first?

English

Sam Stepanyan@securestep9·4d

#OpenClaw: Never thought I'd see a picture of #Nvidia CEO Jensen Huang with claws - but here it is on my computer screen this morning and Nvidia has now launched a 'secure and enterprise-ready' open-source plugin for OpenClaw called #NemoClaw: 👇 github.com/NVIDIA/NemoClaw

English

183

Sam Stepanyan@securestep9·4d

#GitHub seems to be suffering a lot getting hit by traffic from #AI bots scraping the code these days - I keep getting 'Too Many Requests' when following links to various @github repos: github.blog/changelog/2025…

English

143

Sam Stepanyan@securestep9·4d

UK #Government Companies House confirms security #vulnerability exposed millions of UK companies' sensitive data including directors' dates of birth and residential addresses via a flaw introduced in October 2025: #CompaniesHouse bleepingcomputer.com/news/security/…

English

111

Sam Stepanyan@securestep9·13 Mar

UK Government Companies House new website had a basic OWASP Top 10 authentication bypass #vulnerability for God knows how long until it was identified and reported. I wonder if this is a result of vibe-coding? 🤔 👇

Dan Neidle@DanNeidle

I see some weird things but this takes the biscuit. A vulnerability in the Companies House website, that let anyone view the private dashboard of any one of the five million registered companies, see directors' personal details. And modify them.

English

628

Sam Stepanyan@securestep9·13 Mar

#Chrome: Google released security updates for its Chrome web browser to address two high-severity #zeroday #vulnerabilities CVE-2026-3909 & CVE-2026-3910 that it said have been exploited in the wild. Make sure to update your Chrome today! (restart it): 👇 thehackernews.com/2026/03/google…

English

246

Sam Stepanyan@securestep9·13 Mar

#Linux: AppArmor hit by 9 "#CrackArmor" vulnerabilities letting unprivileged users manipulate security profiles and escalate to root. The bugs date back to 2017 and affect 4.11+ kernels of Ubuntu, Debian, and SUSE: #PrivilegeEscalaton #CloudSecurity 👇 thehackernews.com/2026/03/nine-c…

English

266

Sam Stepanyan@securestep9·12 Mar

Looks like a cyber security incident at @LloydsBank & @HalifaxBank First thing this morning the customers reported seeing other people's transactions and bank statements, and now the system appears to have stopped logging people in: #Lloyds #LloydsBank #Halifax #IDOR 👇

myexploit2600@myexploit2600

Anyone know anyone who works at Halifax in cyber? They are not picking up the phone. And the AI bot they replaced humans with is saying everything is hunky dory.

English

930

Sam Stepanyan@securestep9·11 Mar

#Copilot: The fact that any files attached to Microsoft Copilot prompts bypass Purview DLP is a serious architectural flaw, which potentially is being exploited in your organisation right now to exfiltrate data:

Jake Williams@MalwareJake

Not a week passes that I don't find more evidence that Copilot was a rush job from Microsoft and has serious limitations for enterprises. learn.microsoft.com/en-us/purview/…

English

217

Sam Stepanyan@securestep9·9 Mar

#NPM: A malicious npm package '@openclaw-ai/openclawai' is spreading a full RAT #malware disguised as an #OpenClaw installer. It steals browser data, macOS Keychain entries, crypto wallets, MacOS and cloud credentials: #SoftwareSupplyChainSecurity 👇 thehackernews.com/2026/03/malici…

English

354

Sam Stepanyan@securestep9·6 Mar

#linux: Ubuntu, Fedora, Mint Linux are considering adding age verification to Linux due to the upcoming law mandating that OS providers and application developers implement age verification measures to protect minors online. This will have a huge impact: 9to5linux.com/ubuntu-fedora-…

English

204

Sam Stepanyan@securestep9·5 Mar

I am speaking at NDC Security! Come catch my talk in Room 4.

English

171

Sam Stepanyan@securestep9·2 Mar

#trivy: The GitHub repo of Cloud Security and Supply Chain Security vendor Aqua Security (@AquaSecTeam) popular vulnerability scanner tool 'trivy' was compromised yesterday via GitHub Actions: #SoftwareSupplyChainSecurity 👇 github.com/aquasecurity/t…

English

319

Sam Stepanyan@securestep9·28 Şub

#OSINT: Pizza order intelligence

Pentagon Pizza Watch@pizzintwatch

Pizza activity around the Pentagon is experiencing an extreme spike this afternoon. Domino's Pizza (1.4 mi) at 326%, Pizzato Pizza (2.2 mi) at 208%, and Extreme Pizza (0.5 mi) at 127%. DOUGHCON level is 4.

Svenska

521

탐색

@OWASPLondon @HackingDave @ArmanSameer95 @rez0__ @AnthropicAI @milesdeutscher @ErezYalon @github