Javan Rasokat

#Firefox security team must be overstretched these days... No idea how big the backlog is, but remediation needs to scale at the same speed... #mythos

Firefox just announced they patched 270 zero days found by #mythos. With Opus 4.6 they patched dozens, with Mythos they had to patch hundreds. See here: blog.mozilla.org/en/privacy-sec… #glasswall

"more convincing crap is worse than obvious crap." aikido.dev/blog/bug-bount…

"Advanced Web Security" Training at @BlackHatEvents USA 2026. Attacking XSS Vulns is becoming impossible. Trusted Types shipped, setHTML shipped. Join the Black Hat training that teaches the latest changes on the browser defense side. #advanced-web-security-scaling-csp--cutting-edge-browser-defences-for-bug-class-elimination-50965" target="_blank" rel="nofollow noopener">blackhat.com/us-26/training… #BHUSA

npm fixed something. Since about 2 months, you can use '--min-release-age', which brings npm closer to what pnpm users already had with 'minimumReleaseAge'. Good resource: github.com/lirantal/npm-s… #supplychainsecurity #npm

@BlackHatEvents We will talk about rolling out secure defaults at scale and discuss how to approach it in your organisational ecosystem. Don't be the "Alex" on the right side of the image. You'll learn how to convert individual fixes into scalable, pattern-based security architecture.

This time it's npm package 'axios'. It's time we change those manual hardening steps into secure defaults. Join my "Proactive Security Engineering" training at @BlackHatEvents USA 2026: #proactive-security-engineering-building-secure-by-design-architectures-that-scale-51078" target="_blank" rel="nofollow noopener">blackhat.com/us-26/training… #BHUSA #BlackHatTrainings #Cybersecurity #Infosec

I'm excited to be a Trainer at Black Hat USA 2026, click here to join me: app.ingo.me/q/c2h5r #BHUSA

Great tool to find silent patches (fixes for security issues that were not publicly disclosed): blog.syss.com/posts/automate…

WhatsApp Private Writing: blog.whatsapp.com/get-the-tone-o… ToB Report: github.com/trailofbits/pu…

@Bitwarden I blogged about it here: javan.de/my-password-va…

Hi Javan, Thanks for sharing. The team is aware and working on this. Please try again and it is most important that you have a strong and unique main password for your Bitwarden account and perhaps you want to set a unique email address as well. More info here bitwarden.com/blog/3-tips-fo…

@Bitwarden I am currently being blocked, as the Web version gives me a Rate Limit error, I was able to get once in using the recovery key but then again, rate limit hits in - how is it possible that a attacker can keep me logged out if I do have 2fa and recovery key.

@Bitwarden One day later, still being blocked from accessing the Vault. I cannot change my email address or my master password. This is a deadlock @Bitwarden

@LingYi_Stu @Bitwarden This is insane, at least you are able to login. The attackers keep me logged out as the Bitwarden Rate Limit blocks me from logging in to change my Master Password.

Bitwarden 这是怎么了？@Bitwarden

At #defcon - kicking off my workshop!

See you at BSidesLV and DEF CON next week - if you catch me, please say "Hi!".

vibe code so hard, your entire waitlist is visible in frontend.

Join Javan Rasokat and Rico Komenda at OWASP Global AppSec EU 2025 in Barcelona for a powerful joint session on AI security! 🛠️Builders and Breakers: A Collaborative Look at Securing LLM-Integrated Apps 📅 Thursday, May 29, 2025 ⏰ 2:15 PM – 3:00 PM CEST 🔗 Register: owasp.glueup.com/event/123983/r… You'll see: 🔐 Prompt injection prevention & validation strategies 🚨 Live demos of prompt manipulation & data poisoning attacks 🛡️ How to build AND break with security in mind Whether you're developing LLM-integrated tools or testing them for vulnerabilities, this talk delivers practical, hands-on insights from both sides of the AI security battlefield. Don’t miss your chance to learn from two experts shaping the future of secure AI. #OWASP #AppSecEU2025 #AIsecurity #LLMSecurity #Cybersecurity #RedTeam #BlueTeam #SecureAI #Barcelona