Ron Masas

I found 2 stored XSS vulnerabilities in ChatGPT. The XSS bug was the easy part, but sharing it required bypassing CSP, leveraging a mass assignment issue for client-side path traversal (thanks @ctbbpodcast) to force a request to a BFLA endpoint. 🧵 [1/5]

@danpacary Incredible work. Are you planning to release the code? 🙂

I got a 1T (trillion) parameter model running on my MacBook Pro. Kimi-K2. 1.029T params. ~1 TB raw weights. 524 GB converted. ~1.7 tok/s. Yesterday it was 671B. Today it's 1T. Same laptop. Same M4 Max. No cloud. When I say we: I mean Claude and me.

@WeizmanGal Congrats!

7k$ reward from Google Chrome 7k$ reward from Perplexity Comet 5k$ reward from Perplexity Comet More on the way 👀 Are you still sleeping on Extensions?

@WeizmanGal Can you give an example?

Prompt Forcing / Forced Prompt Injection is a missing item in the class of how AI based applications can be attacked It isn’t a direct / indirect prompt injection, where the prompt/ctx is being polluted by the attacker - it is simply the action of forcing a complete prompt upon the receiving system from an inferior position In 2026 this notion will become clearer

Trying to fix prompt injection for LLMs is like trying to fix social engineering in humans.

@AsafCohenIL What would you ask him? 😂

@RonMasas Can he talk?

I made a tiny pet that lives on your Dock, modeled after the Claude Code mascot, vibe coded with Claude Code, of course. 😁

Try it out: github.com/masasron/Pixel…

⚠️ I found a Stored #XSS nested inside the OAuth credentials configuration. Because n8n makes these credentials shareable, a threat actor can easily propagate this attack vector to any victim they choose ! Full write-up here ➝ lnkd.in/e5Y_VdE7

@WeizmanGal 👏🏻 מגניב ביותר!

קצת אסקפיזם: היום התפרסם מחקר שלי שאני גאה בו מאוד, בו אני מדגים איך תוסף פשוט לדפדפן יכל להשתלט על האינטגרציה החדשה של gemini אל תוך chrome, מה שאפשר לאותו תוסף לבצע ״הסלמת הרשאות״ ולגשת למצלמה, מיקרופון, צילומי מסך וקבצים על המחשב של המשתמש 👇

@moxie Which model + size powers Confer?

Confer now supports encrypted attachments. Explore medical records, financial statements, legal documents -- without transmitting any of it to the data lake that will be plumbed by future subpoenas, hackers, and advertisers.

@thedawgyg What do you think the security impact is? This sounds more like chasing a technicality

Anyone know if Google/Chrome VRP pay's for denial of service vulns? Like a webpage thats able to crash the renderer tab?

Watching @rebane2001’s games made me want to play something on my phone like in the old days, with real physical buttons and not just tapping glass. So I started looking into whether a browser can detect hardware button presses. Turns out it can’t. Neither iOS nor Android expose system volume or volume-button events to the web. To solve that the game plays a high-frequency tone (around 18 kHz), listens to it through the microphone, and runs an FFT in real time. Press the volume buttons, the tone gets louder or quieter, and that delta becomes the input that controls the game. It’s a dumb idea that works surprisingly well. The volume buttons end up acting like an analog controller, entirely inside the browser. You can try it here (tested on iOS only): ultrasonic.breakpoint.sh github.com/masasron/Ultra… Don’t use headphones. Avoid using it near dogs or other sound-sensitive animals. If you can hear the tone (some people can, some phones leak), lower the gain or stop.

I made a browser game that uses your phone’s volume buttons as the controller.

@AmitSchendel did you actually try this? cvereports.com/reports/CVE-20… This honestly looks fully AI-generated. The ProxyServlet it talks about doesn’t even exist in the versions it claims are vulnerable. The “exploit PoC” on GitHub is just as weird: github.com/Ashwesker/Ashw… It literally copies the made-up “Vulnerable Logic Simulation” concept from your report, stuffs a fake command prefix into an HTTP header, and calls it an exploit. This fucking AI slop must end.

@phithon_xg Why hide the exploit code in a docker image?

CVE-2025-54068 is the #React2Shell of the Laravel world.🚩 Just like Next.js Server Actions, Livewire bridges the frontend/backend gap automatically. But blindly deserializing state from the client? That leads to RCE. 👇Try the exploit via Vulhub: github.com/vulhub/vulhub/… #Vulhub

@moxie Looking forward to it!

@RonMasas Yes, the provider (me) can't see the inference. I'll do a technical writeup soon =)

I've been building Confer: private AI chat where your conversations are end-to-end encrypted so that only you can access them. It's still new, but I've been using it every day and beta testing it with friends. Let me know what's missing! confer.to/blog/2025/12/c…

I really enjoyed the CTF. See you next year!

zeroday.cloud 2025?… UNREAL. 2 days. $340k in prizes 🤑 Live exploits on stage that literally shook the room. THANK YOU to everyone who came! You made history. You made the cloud safer.