Jesse
1.9K posts
Jesse
@YayJesse
Tech 👨🏻💻 Crypto/Web3 💫 #fishtanklive 🐟 live tweeting 📺 Tweets/opinions are my own
Australia Katılım Ağustos 2010
818 Takip Edilen132 Takipçiler
Late to the show but there’s actually a fish called Anissa? LOL #fishtanklive
English
Mel is giving adult Disney vibes, get over him being late - did you want him to just leave the rings back at the hotel? #mafs #MAFSAustralia #mafs
English
My uncle works at Rockstar.
Been there forever.
Sent him this clip. Asked if they could bring that feeling for GTA VI.
He goes:
“Impossible now. Old code got scrapped. New physics would fight it, break online races, and fry the console. Legal locked the old files anyway.”
Matt Speed III@50_Mag_Special
Everything in gta Sa sounded like shit compared to the previous two, from weapons to even lowrider sfx. The single lowrider in gta III sounds better than all the sa ones. 😆
English
@j_macgeever Don’t worry mate Australia will be batting before the end of the day 😂
English
All out before 3:00 on Boxing Day. Shove it you Aussie clowns #Ashes
English
TV Blackbox has exposed Endemol Shine for MANIPULATING the Big Brother Australia Final. #BBAU
According to production insiders, producers told Allana and Bruce “say yes to any challenge that comes up in the final” and they told Coco, the housemate topping the vote to win, to say no.
Allana and Bruce weren’t aware they’d both been told this, ensuring that during the live final, producers got the head to head challenge when both volunteered to steal a car. Had producers not stepped in, Emily, the runner-up, could have ended up winning the whole series, had Coco won the car and voluntarily left the house.
What makes matters worse, is that while streaming live online, there was and is no footage of these conversations — because producers turned off mics and cameras in the Diary Room, and ENTERED the room, to personally tell the housemates what decisions to make based on where they were ranking in the vote.
English
@leeaandr01 @DarkWebInformer It’s what happens when a bunch of young adults/teens run the majority of these sites lol
English
🚨 The shinyhunte{.]rs website has been updated with a new PGP message.
Hey James :)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This message is intended for James: you have 24 hours to contact us, otherwise the truth will be revealed to the public.
Do you think that ShinyHunters have joined forces with the Scattered LAPSUS$ Hunters group?
That's nonsense.
It's just one person who manages all of this.
It's a former associate of ours who preferred to go their own way and sabotage us by signing messages with our PGP key.
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCAAdFiEE6AwTCKCewa3EGMPwJXiYj2m8o/wFAmlBtGYACgkQJXiYj2m8
o/z8YAwAjDdfEnQB0QfSfs8RaCptm3FbflPkqbNH/mgEpj1rLxuCqaRJ+8U91co3
4JvpfRRsQwYl1HJV78H1YdAeUaeKbJHGcUg95K0EJZoMi3m4xaW3tLOO1VAYDU4m
nOLq1MsFLNX5GQkWk/hASRtOAdQTVwrzvy4qvYYv+cXg6YyY8NE+TTODCcHvJ4Mf
sfR5RsrDyC/ttgIzT4Pthaj+k1JCkFQL0HeAiCxoYtXmGLvwfvFbpyBBmacazCpj
1KF2hjXnVRxtInqXW73k+qDNi8Fv1EP6GZbQUvlGGsF8YgSvUVbwFk9tbxSZ9a7u
dJTLpFD9ht6GVViNnm8dHvqMfzXPD+4fUA5KgOBzet/1RvS4GqquMYAgRQBEuK1H
z7UfzxCSbn0WU+uIVU+yEmtkKAtugihO5zi+yows8JfDiPwCjcTfhwBxhPuYllpQ
k9Q5DHgU9trujs1GO42R6QUO4utaCitKW52ift/jP62QqhZfiNLrJw8T6LC4E8sx
qDe0gdhw
=u7Bg
-----END PGP SIGNATURE-----
See you at breachforums.bf
English
What does everyone think of this take?
Peter Girnus 🦅@gothburz
Someone found an RCE on my website yesterday. CVE-2025-55182. React2Shell. I don't have a bug bounty program. I never asked for a security assessment. I woke up to a DM: "Hey I found a critical vulnerability in your site. I only ran the exploit to verify it worked. Here's my PayPal for the bounty." Bounty? I checked my logs. Forty-seven requests to my RSC endpoint. Something, something ... Prototype pollution payloads. They used the GitHub script. The one with 2,000 stars. The one that runs id automatically "for verification purposes." They spawned a shell on my production server. uid=1001(nextjs) gid=65533(nogroup) They took a screenshot. They posted it on Twitter. "Popped a Shell on a Live Website 🚀💀 #BugBounty #CVE-2025-55182 #YOLO" They got 84781 likes. My customers' data was on that server. I asked them to delete the screenshots. They said "I removed the domain name, you should be thanking me." Thanking them. For unauthorized access to my production infrastructure. For running arbitrary commands on systems I own. For posting proof of exploitation for clout. They called it "responsible disclosure." I called my lawyer. They called me "ungrateful." I called the FBI. Now they're in my DMs explaining that "this is how the industry works" and I "don't understand pen testing." A pen what? I understand it perfectly. I understand that running react2shell-ultimate.py against random websites isn't research. I understand that "I removed the identifying info" doesn't undo the unauthorized access. I understand that #BugBounty doesn't apply when there's no bounty program. I understand that finding my site on Shodan doesn't constitute authorization. Their followers are defending them now. "Presumption of innocence." "You don't know if it was authorized." "The screenshots were redacted." Three hundred people are calling me a bootlicker for reporting a crime. Someone said I should be grateful they didn't deploy a cryptominer. The bar is underground. I just wanted to run a small Next.js app. I didn't ask to be someone's proof-of-concept. I didn't consent to being their "first" I didn't sign up for an unscheduled penetration test from a stranger with a GitHub account. There is no safe harbor for spraying public exploits at random websites. There is no legal protection for "I was just verifying the vulnerability." There is no ethical framework where unauthorized prototype pollution is a favor. But sure. Thank you for your service. You found a CVE that was already public. Using a tool someone else wrote. Against a target that never authorized you. And you posted about it on main. For likes. Hero.
English