Kumar Ashwin 🍥

Mini Shai-Hulud is back and it hits harder each time. 317 packages. 633 versions. One compromised maintainer account. size-sensor, echarts-for-react, timeago.js and the entire @antv scope. 15M+ monthly downloads collectively. analysis -> safedep.io/mini-shai-hulu… more details would be updated soon, analysis going on. stay tuned...

Black Hat Asia 2026, wrapped. ✅ It's always something special being in a room full of people who genuinely care about making the security space better. Great conversations, sharp minds, and a few sessions that genuinely made us think differently. Big thanks to everyone who stopped by and connected with our team. See you at the next one. #BlackHatAsia2026 #CTEM #AIExposure #RedHuntLabs #Cybersecurity

The response Shubham Mittal (@upgoingstar) got after his talk "No CVE for That" at @nullcon Goa 2026 was incredible and we didn't want it to stop there. We've put the full deck on SlideShare so the wider security community can make benefit from this research talk. Access the full deck here: slideshare.net/slideshow/no-c… From exposed Ollama instances to leaked OpenAI keys to unauthenticated vector databases, the AI stack is the new attack surface, and most organizations have zero visibility into it. If you're building with AI, securing it, or advising teams that are, this one's for you and worth sharing. #AISecurity #CTEM #LLMSecurity #AIExposure #RedHuntLabs

Merry Christmas to the only community that understands that Santa is clearly one of us. Think about it: 1. He procrastinates for 364 days. 2. He pulls a global all-nighter fueled by sugar and deadline panic. 3. He completes the entire year's work in a manic 8-hour hyperfocus fugue state. He is the Patron Saint of Executive Dysfunction. We claim him. 🎄

In the sixth batch of community open source reviews, I checked out 8 awesome projects! ⚔️ - actsense by @0xCardinal - Indie UI by @alibey_10 - React Bits by @davidhdev - npm bet by @haydenbleasel - ElementSnap by @moumensoliman - react-icons-sprite by @jurerotar - Christmas Photo by @bargues_sofia - ReadmeBit by @najibdev Huge respect to everyone building cool stuff in the open! 💚 Next stream coming soon, submit yours review.orcdev.com You can also see all reviewed projects there. FOR THE HORDE! 🪓

I’ve been working on actsense (actsense.dev) — an open-source GitHub Actions auditor — and I’m really happy with how it’s coming together. It’s now public, so feel free to try it out, break it, share feedback, or even contribute. Here’s a sneak peek 👇 Cheers!

We had a fantastic time hosting the Command Line Heroes Bengaluru Edition this past Saturday! Big thanks to everyone who joined us, your questions and energy made the event special.

Kumar Ashwin, Independent Security Researcher now takes the stage on "Writing Production Grade Bash Scripts" #MeetupsatOne2N

Starting my day with @jayeshsch kicking off @cloudvillage_dc and it’s all so houseful !!!!

About to hit the stage and talk some crazy research findings at @nullcon - supply chain track 11 am, join me if you are around!

😮‍💨…and sometimes users accidentally push sensitive information into Git platforms which can be exploited by malicious actors Join @0xCardinal at #NullconGoa2025 to uncover security risks of dangling commits 👉 nullcon.net/goa-2025/speak… #GitHub #GitLab #Bitbucket

really nice and elaborate research on leaving AWS canary at different places and the metrics are really something! worth a read! cybenari.com/2024/08/whats-…

Reputation Farming in OSS Ecosystem! 🌱 Malicious actors boost their GitHub reputation by commenting or approving closed Pull Requests, discussions, or Issues they're not genuinely involved in 😱 ✍️Curated more details on my blog - krash.dev/posts/reputati…

just gonna leave it here...dumb me found this after wasting so many keystrokes ⌨️ git config --global push.autoSetupRemote true

It was really cool to play the CTF and get the 1st place 🥇 Thanks to @x33fcon and @0xCardinal for the organization 🔥

@rayanlecat @x33fcon congratulations mate! deserved it! 💪🥳

a peak at #ctf happening right now at #x33fcon - lets see who will get the prizes

Are you copy pasting Linkedin Profiles to your CRM? 🥱 Save Linkedin Profiles to your Notion Database in one Click! ✨ Checkout sendtonotion.online @kedare_shubham #buildinpublic #saas #chromeextension #microsaas #crm

During #BHUSA Training "Tactical Recon for Pentesters - 2024 Edition" @RedHuntLabs will teach students how to bring together the mindset and the artillery of a modern adversary to ultimately make the organization resilient. Register now >> bit.ly/4b8Qh2w