jayden

Starting a series where we write up interesting vulns our agent at @verialabs finds: First up, 1-click RCE in Goose, Block's coding agent with 33k+ stars: verialabs.com/blog/securing-… Goose was vulnerable to CSWSH, allowing an attacker-controlled website to run arbitrary commands.

We just qualified 2 teams for DiceCTF Finals, with one of our teams getting 2nd place overall! Congrats @BunkyoWesterns on winning and we'll see everyone in NYC! insert line about llms ruining ctfs here

We spun out of the #1 hacking team in the US and built AI that finds what even the best hackers miss. During one engagement, it found 6 different ways to take over any user's account on a popular webapp. Completely autonomously. Then suggested fixes for every single one. Today we're announcing @verialabs' $3.2M seed, backed by @ycombinator, @gokulr, @paulg, and @woloski (co-founder of Auth0), and many other great investors. DM me if you want to know what we'd find in your app.

We're officially top 3 in the world on CTFtime for 2025, up from 13th last year! yay This year, we also: - hosted the first ever smileyCTF, with 1,000+ teams playing - went to in-person CTFs in Switzerland, Las Vegas, NYC * 2 - qualified for SECCON and LakeCTF 2026 finals

A POC for CVE-2025-55182 gist.github.com/maple3142/48bc…

F25 Demo Day in the books

“accidentally said … and got kicked out of sf” Stfu 💔💔💔

@zeyu1337 roll your own🤤

CLERK SUCKS

@zeyu1337 yeah wtf

why is everyone in yc f25

🧵 We just discovered critical RCE vulnerabilities in popular AI coding tools including Claude Code and Gemini CLI. The issue: These tools use OAuth for MCP (Model Context Protocol) authentication, but don't validate authorization URLs from servers.