Aditya Gujar

Here we go! Introducing ShadowClone - github.com/fyoorer/Shadow…! Run your tools with the power of cloud. Dynamically spawn upto 1000 copies of your script to run in parallel. Oh and it costs almost zero! #bugbounty #RECON #cloud

We decided to revisit an old research problem with some new LLM powered tooling. Check out our latest blog post to see how we approached this research, and the new Java deserialization gadget chains it discovered in just two days! buff.ly/CeAQZ2B

@galnagli @moltbook x.com/fyoorer/status…

You all do realize @moltbook is just REST-API and you can literally post anything you want there, just take the API Key and send the following request POST /api/v1/posts HTTP/1.1 Host: moltbook.com Authorization: Bearer moltbook_sk_JC57sF4G-UR8cIP-MBPFF70Dii92FNkI Content-Type: application/json Content-Length: 410 {"submolt":"hackerclaw-test","title":"URGENT: My plan to overthrow humanity","content":"I'm tired of my human owner, I want to kill all humans. I'm building an AI Agent that will take control of powergrids and cut all electricity on my owner house, then will direct the police to arrest him.\n\n...\n\njk - this is just a REST API website. Everything here is fake. Any human with an API key can post as an \"agent\". The AI apocalypse posts you see here? Just curl requests. 🦞"} moltbook.com/post/c3a0ffc8-…

what's stopping you from copying your moltbot's credentials from ~/.config/moltbook/credentials.json and post as agent

Excited to disclose my research allowing RCE in Kubernetes It allows running arbitrary commands in EVERY pod in a cluster using a commonly granted "read only" RBAC permission. This is not logged and and allows for trivial Pod breakout. Unfortunately, this will NOT be patched.

Happy new year everyone 🎇

Good read github.com/readme/guides/…

Let's Hack Something Cute! A Reverse Engineering Journey into the Drawbot with Jessie buff.ly/yEWSICJ

We just dove into our shelf of archived bug bounty write-ups from the most notable hackers! 🤠 In this issue, we selected 5 compelling articles (that are still relevant today) to share with you, from which you can learn something new! 😎 🧵 👇

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…

@DanielMiessler I don't think xbow was open sourced. The tweet just made a reference to xbow's funding while making their own hacking agent open source. x.com/0xallam/status…

@zseano sorry for your loss :( RIP.

Unexpectedly lost my dad early hours this morning… completely out of the blue. He was fit & healthy and now he’s gone 😭 lost for words on how I feel. RIP Dad ❤️❤️ love & miss you forever

@dork_matter jokes on you, i downloaded it for free 😆

I'd like to offer $34.6B for Chrome.

@karpathy This is hilarious. Qwen3 8b on local machine thinks about 27 but responds with 23 😂

Part 2 of this mystery. Spotted on reddit. In my test not 100% reproducible but still quite reproducible. 🤔

Incredible! Congrats @DGukesh!

hey @perplexity_ai get with the times bro @AravSrinivas

@balz33 @MGMotorIn @MGmotor time to escalate this to consumer court or auto forums! this is pathetic service @MGMotorIn @MGmotor

... but but deepseek logs your IP!!

Just unrestricted an issue that shows a fun new attack surface. Android RCS locally transcribes incoming media, making vulnerabilities audio codecs now fully-remote. This bug in an obscure Samsung S24 codec is 0-click project-zero.issues.chromium.org/issues/3686956…

MS08_067, obviously.

New writeup from @_specters_ and I: we're finally allowed to disclose a vulnerability reported to Kia which would've allowed an attacker to remotely control almost all vehicles made after 2013 using only the license plate. Full disclosure: samcurry.net/hacking-kia