Taylor Hornby 🛡❤️

20.5K posts

Taylor Hornby 🛡❤️

@DefuseSec

Security research (https://t.co/xrmvhFVPtv), EDM (https://t.co/Ynq2DNWQa1), & board member @ Zcash Foundation.

Calgary, Canada Katılım Şubat 2012

1.4K Takip Edilen6.8K Takipçiler

Taylor Hornby 🛡❤️ retweetledi

scriptjunkie (Matt)@scriptjunkie1·2d

I appreciate everyone dropping linux privesc 0days in the current AI renaissance, but to really make it feel like the good ol days someone needs to drop a weaponized pre-auth SMB or RDP RCE. We haven't had a good Windows worm in AGES.

English

266

21.1K

Taylor Hornby 🛡❤️@DefuseSec·2d

@jedisct1 I used some prompts I was developing to find some neat cryptographic bugs with Opus 4.5. It did need a bit of guidance from me to find them though. Unfortunately I am so backlogged verifying fixes and reporting new bugs it will be a while before a write up comes out.

English

Frank@jedisct1·2d

In the deluge of software vulnerabilities we are witnessing these days, none seem to stem from cryptographic constructions. I guess LLMs can reason about code, but still struggle to reason about protocols and cryptographic constructions. Or rather, this may be a tooling issue waiting to be solved.

English

2.2K

Taylor Hornby 🛡❤️ retweetledi

Perry E. Metzger@perrymetzger·2d

Most people’s model for security bugs is wrong. People have acted as though there is always an infinite number, because humans couldn’t find them faster than they could create them, but the number has always been finite. AI systems aren’t going to find every single one immediately, but they are draining the available supply fast, and new ones aren’t going to be created as quickly. Once we start using AI to improve the engineering, the supply is going to drop a great deal indeed, and operations that rely on a steady supply of them are going to have to find other ways to work.

English

299

166.4K

Taylor Hornby 🛡❤️ retweetledi

Frank@jedisct1·2d

And now... 6 CVEs in dnsmasq lists.thekelleys.org.uk/pipermail/dnsm… - What a time to be alive.

English

118

26.8K

Taylor Hornby 🛡❤️ retweetledi

Low Level@LowLevelTweets·3d

I would go longer than 2 days, probably a week or two, but this is great advice

🇮🇹 Massimo De Luisa@massimodeluisa

Easier way to protect yourself (if you are not infected yet) is to set a minimum release age in your package manager. For @npmjs: `npm config set min-release-age=2d` For @pnpmjs: `pnpm config set minimumReleaseAge 2880` For @bunjavascript: ``` # In bunfig.toml [install] minimumReleaseAge = 172800 ``` For Yarn: `yarn config set npmMinimalAgeGate "48h"`

English

1.4K

219.2K

Taylor Hornby 🛡❤️ retweetledi

Theo - t3.gg@theo·3d

I hope you guys understand that this is going to keep getting worse

Socket@SocketSecurity

Update: Socket has found 121 more compromised npm package artifacts across 84 package names, including 64 UiPath artifacts. Combined w/ TanStack, the current known total is 205 affected npm package artifacts across enterprise automation, AI/MCP, auth, workflow, and dev tooling.

English

156

207

4.5K

576.5K

Taylor Hornby 🛡❤️ retweetledi

LiveOverflow 🔴@LiveOverflow·4d

This should change the opinion of the last person who doubted AI

International Cyber Digest@IntCyberDigest

‼️🚨 Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots. Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's usual secrecy. ▪️ AI surfaces a massive wave of 0-day RCEs. ▪️ Submissions overwhelm ZDI past max capacity. ▪️ Slots run out. Researchers with working chains get rejected. ▪️ "Revenge disclosures" begin. ← we are here. Confirmed casualties so far: ▪️ @xchglabs : 86 vulnerabilities prepared (PyTorch, NVIDIA, Linux KVM, Oracle, Docker, Ollama, Chroma, LiteLLM, llama.cpp). All rejected. Now reporting directly to vendors with writeups dropping as patches land. ▪️ @ggwhyp : full-chain Firefox RCE on Windows. Rejected. Publicly demoed (HTML page → cmd.exe → calc.exe). Responsibly disclosed to Mozilla. ▪️ @yunsu_dev : working RCE chain, rejected. Submitting elsewhere. ▪️ @ryotkak : tried to register for 3+ weeks. ZDI confirmed "at maximum capacity, can't add extra contest days." Considered canceling flight and hotel. ▪️ @anzuukino2802 : Claude Code RCE PoC. Rejected. ▪️ @desckimh : 0-day RCEs in Ollama and LM Studio. Rejected. Reported impact: a community-estimated 150+ researchers tried to register. Accepted contestants are now being warned about collisions. Rejected vulnerabilities going to bug bounty programs may trigger pre-event patches that invalidate the work of those who got in. ZDI has not publicly addressed the capacity issue. The event still runs May 14-16 in Berlin.

English

495

81.3K

Taylor Hornby 🛡❤️ retweetledi

Ankita Singh@annkkitaaa·6d

the intuition before the formula: imagine you want a polynomial that equals 7 at x=1, equals 3 at x=2, and equals 11 at x=4 the Lagrange trick: build helper polynomials, one for each point each helper polynomial equals 1 at its own point and 0 at every other point then multiply each helper by the desired y-value and add them all up the result: a polynomial that hits every target value at the right point. guaranteed

English

341

Taylor Hornby 🛡❤️ retweetledi

Ankita Singh@annkkitaaa·6d

Lagrange interpolation is the reason ZK proof systems can encode entire computations as single polynomials. without it, there are no SNARKs, no STARKs, no PLONK. let me break it down from scratch.

English

2.8K

Taylor Hornby 🛡❤️ retweetledi

Brendan Dolan-Gavitt@moyix·5d

@IceSolst Universe brain: deliberately add bugs arxiv.org/abs/1808.00659

English

Taylor Hornby 🛡❤️ retweetledi

jessicat@jessi_cata·5d

Yeah, I don't think any property of fundamental physics which is entirely unobservable in the physicist's sense, is a good candidate for something constituting human consciousness, which humans have direct awareness of through their acquaintance, and therefore know the nature of.

Deivon Drago@DeivonDrago

I just published my critique of Panpsychism. Pared down too - it's probably 30% shorter than the draft I had earlier this week. Comments/questions/outbursts? Against Panpsychism open.substack.com/pub/deivondrag…

English

4.7K

Taylor Hornby 🛡❤️@DefuseSec·4d

@mert @genzcash To be fair it would have never gotten off the ground at all without him.

English

287

mert@mert·5d

@genzcash study how much better the project got after he stopped being involved

English

154

36.6K

genzcash@genzcash·5d

How it started how it’s going

English

100

16.4K

Taylor Hornby 🛡❤️ retweetledi

Low Level@LowLevelTweets·6d

copyfail and dirtyfrag (which is two seperate bugs btw) all explore a new primitive where scatterlists, controlled by a user through splice, enable semi-arbitrary page-cache writes in the kernel. insanely smart primitive.

English

673

44.2K

Taylor Hornby 🛡❤️ retweetledi

LaurieWired@lauriewired·6d

I mean, firefox is what, ~25ish million lines of code? in aerospace, the target was ~0.5 defects per 1000 lines of code. Apply that to firefox numbers and you get ~10,000 bugs. aero code was also held to a ridiculous standard, commercial software is probably 5x worse than that. it's also probably non-linear, the bigger your codebase the faster the rate goes up

English

2.3K

58.5K

Taylor Hornby 🛡❤️ retweetledi

Zcash Open Development Lab@zodl_co·8 May

Yesterday, a 2024 Bitcoin use-after-free vulnerability that had been covertly patched in bitcoind was disclosed to us. We published an emergency hotfix release of zcashd, v6.12.3. Operators are urged to upgrade promptly. github.com/zcash/zcash/re…

English

13.1K

Taylor Hornby 🛡❤️ retweetledi

Alex Albert@alexalbert__·7 May

With the help of Claude Mythos Preview, the Firefox team fixed more security bugs in April than in the past 15 months combined.

English

346

1.3K

15.5K

1.5M

Taylor Hornby 🛡❤️ retweetledi

daine@notdaine·7 May

i have the opposite opinion i think everybody should make music because it is a great tool for somatically processing your feelings & introspection

dash@neogangsta

There are genuinely way too many people making music

English

484

12.4K

Taylor Hornby 🛡❤️ retweetledi

Zcash Open Development Lab@zodl_co·7 May

The new zcashd v6.12.2 release addresses several security vulnerabilities that could have caused nodes to diverge from consensus with Zebra. github.com/zcash/zcash/re…

English

122

Taylor Hornby 🛡❤️ retweetledi

Matthew Green@matthew_d_green·5 May

There’s something ominous about the speed with which the entire world has marched to require identification on platforms and, as I expected, begin the process of banning anonymous VPNs.

English

136

1.4K

7.1K

391.5K

Taylor Hornby 🛡❤️ retweetledi

George Ferman@Helios_Movement·4 May

Now there’s a tale that is rooted in a real historical event and goes something like this. During the rebuilding of St. Paul’s Cathedral in London after the Great Fire of 1666, which destroyed much of the city, the renowned architect Sir Christopher Wren oversaw the massive reconstruction project, which took decades to complete. Wren (anonymously) walks among the bricklayers who didn’t recognize him and asks three different men the same question: “What are you doing?” The first replies: “I’m laying bricks”. The second replies: “I am earning three shillings and six pence a day”. The third straightens up proudly and declares: “I am helping Sir Christopher Wren to build this great cathedral”. All three men are performing identical physical labor, yet their mindset completely changes how they experience the work, their energy, productivity, and fulfillment.

English

2.3K

Keşfet

@jedisct1 @IceSolst @mert @genzcash @elonmusk @BarackObama @taylorswift13 @cristiano