Logan

@jasonsaayman @github @martinwoodward possibly something you can help with?

@github can anyone please help me with my github account i would like to be certain i have remedied any issue with compromise. contacting through support is not really fast enough

Using a mocap suit to kick yourself in the balls with a robot is a great metaphor to close out 2025.

We’ve been digging through the #React RCE mess for two days now, trying to get at least some visibility into what’s going on out there. None of this is easy to detect, and most signals vanish in memory before you can even look at them. My teammate @_swachchhanda_ put together a pair of #Sigma rules that cover the one thing that reliably shows up when someone actually executes code on a Node.js server -> child processes. One rule for Linux, one for Windows. It’s not a silver bullet, just one of the few angles that makes sense right now. We pushed all our #YARA and #Sigma signatures for the React RCE cases as well, and contributed the Sigma rules upstream: github.com/SigmaHQ/sigma/… This whole situation shows how much attack surface lives in places many of us didn’t think about before. I expect we’ll see more of this class of issues now that people realize what’s possible.

Don't miss "Hunters and Gatherers: The Realities of Bug Bounty Life" by Logan MacLaren (@maclarel_), Jeffrey Guerra (@s2jeff_gh), Johnathan Kuskos, Katie Noble, Sam Erb (@erbbysam)! 📅 Saturday, Aug 10 ⏰ 11:30 AM 📍 Creator Stage 4 #BugBounty #DEFCON

Exciting news! The Bug Bounty Village website is live! 🚀🌐 Join us at @defcon for everything bug bounty. Explore our speakers, presentations, sponsors, events, and more. Visit bugbountydefcon.com #BugBountyVillage #DEFCON #CyberSecurity #BugBounty #HackerCommunity

A lot of the AI stuff Google showed was cool. But I find myself unable to care. - Their products are far harder to use - They have a “throw it at the wall” feel - If I like it they’ll probably cancel it They’ve simply lost my trust.

@BugBountyDEFCON @defcon Tight timeline, but hoping to submit!

📢 Calling all hackers! Submit your CFP for the first official Bug Bounty Village at @DEFCON 32! Share your research, techniques, or run a workshop. 🕒 Deadline: May 31. Don't miss out! Check the guidelines and submit here bit.ly/bugbountydefcon #bugbounty #infosec #DEFCON32

Is authing the Rabbit R1 against any of your accounts actually secure? I'm not so sure

In this post I'll use CVE-2023-6241, a vulnerability in the Arm Mali GPU that I reported last November to gain arbitrary kernel code execution from an untrusted app on a Pixel 8 with MTE enabled. github.blog/2024-03-18-gai…

The team at @OpenAI just fixed a critical account takeover vulnerability I reported few hours ago affecting #ChatGPT. It was possible to takeover someone's account, view their chat history, and access their billing information without them ever realizing it. Breakdown below 👇

Marty Stratton, @idSoftware Studio Director, lied about @DOOM Eternal's OST events in a Reddit post that used disinformation to blame me entirely for its failure Later, he offered me a six-figure sum to never speak about it The truth is more important. link.medium.com/USjGbPeBOub

@krisnova Even my hot garbage code has not managed to cripple GitHub yet. You'll do great :)

Are you attending @ekoparty ? Go stop by the @GitHubSecurity booth and say hello to @s2jeff_gh from our Bounty Team.

Check out the latest researcher interview in GitHub's Bug Bounty Researcher Spotlight series github.blog/2022-10-28-cyb…

@thejillboss @MakeItHackin @defcon @thedarktangent @jaysonstreet @deviantollam @marcwrogers @AlexChaveriat xD

@MakeItHackin @defcon @thedarktangent @jaysonstreet @deviantollam @marcwrogers @AlexChaveriat @maclarel_ found your halloween costume

get them while they last! @defcon goon costume. what items are missing? @thedarktangent @jaysonstreet @deviantollam @marcwrogers @AlexChaveriat #defcon

Did you know that GitHub doesn’t just encrypt data at rest but also encrypts specific database columns? Read about our column encryption strategy and our decision to adopt the #Rails column encryption standard. github.blog/2022-10-26-why…

@ArchAngelDDay I write out my daily agenda each morning when I get into my office. My handwriting has never been good, but this helped get it back to (mostly) legible levels.

Odd question - has anyone else with poor #handwriting had any success in improving it? If so, what tools/methods did you find helpful?

TikTok in a nutshell.

Extremely valuable advice!

We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel. Worse, it leaks DNS requests. #Apple services that escape the VPN connection include Health, Maps, Wallet. We used @ProtonVPN and #Wireshark. Details in the video: #CyberSecurity #Privacy