mikeymop ⟠

Someone found an RCE on my website yesterday. CVE-2025-55182. React2Shell. I don't have a bug bounty program. I never asked for a security assessment. I woke up to a DM: "Hey I found a critical vulnerability in your site. I only ran the exploit to verify it worked. Here's my PayPal for the bounty." Bounty? I checked my logs. Forty-seven requests to my RSC endpoint. Something, something ... Prototype pollution payloads. They used the GitHub script. The one with 2,000 stars. The one that runs id automatically "for verification purposes." They spawned a shell on my production server. uid=1001(nextjs) gid=65533(nogroup) They took a screenshot. They posted it on Twitter. "Popped a Shell on a Live Website 🚀💀 #BugBounty #CVE-2025-55182 #YOLO" They got 84781 likes. My customers' data was on that server. I asked them to delete the screenshots. They said "I removed the domain name, you should be thanking me." Thanking them. For unauthorized access to my production infrastructure. For running arbitrary commands on systems I own. For posting proof of exploitation for clout. They called it "responsible disclosure." I called my lawyer. They called me "ungrateful." I called the FBI. Now they're in my DMs explaining that "this is how the industry works" and I "don't understand pen testing." A pen what? I understand it perfectly. I understand that running react2shell-ultimate.py against random websites isn't research. I understand that "I removed the identifying info" doesn't undo the unauthorized access. I understand that #BugBounty doesn't apply when there's no bounty program. I understand that finding my site on Shodan doesn't constitute authorization. Their followers are defending them now. "Presumption of innocence." "You don't know if it was authorized." "The screenshots were redacted." Three hundred people are calling me a bootlicker for reporting a crime. Someone said I should be grateful they didn't deploy a cryptominer. The bar is underground. I just wanted to run a small Next.js app. I didn't ask to be someone's proof-of-concept. I didn't consent to being their "first" I didn't sign up for an unscheduled penetration test from a stranger with a GitHub account. There is no safe harbor for spraying public exploits at random websites. There is no legal protection for "I was just verifying the vulnerability." There is no ethical framework where unauthorized prototype pollution is a favor. But sure. Thank you for your service. You found a CVE that was already public. Using a tool someone else wrote. Against a target that never authorized you. And you posted about it on main. For likes. Hero.

@pavandavuluri Its evolving into a product that's driving people to Mac and Linux.

🚨CONFIRMED: Cheats are already working in Battlefield 6. This footage proves CHEATS are FULLY FUNCTIONAL on Day 1 of Early Access Beta.

Hey @endgamegear! The op18k is nearly the perfect mouse but I can't use it. Could you please consider making a public webui to configure the mouse so its not locked to only windows? If you do, this would be the mouse I recommend, to everyone I know.

@IroncladDev Git rebase -i + squash / drop

can someone please tell me how to delete a file from commit history (i'm desperate this is embarassing)

@edhelssnail @SallTrading @Deepakk47969190 @Uguetta_bnt @masoomi_me69676 Sincerely fuck off and fuck whoever you bought my username from

I can see Grok as a free user now.

@MoaidHathot @ThePrimeagen I think he's speaking for participating in a community. Could replace church with volunteering a soup kitchens, etc, imo

@ThePrimeagen What going to church (or any other religious institution) has to do with it?

ok, its 2025 and its time for a refresher on the "best software engineering roadmap of all time." this will help you at every stage of your career * work out * read * drink water * eat better * sleep properly * go to church * touch grass * make friends

@CreeCoder Asahi Linux

Brand new MacBook 💻 What’s the 1st thing you’re installing?

Hey @SoDownBassMusic Im loving Colors of the Mind. I'm wanting to buy a lossless copy of the album. Is there any chance you could upload it to your bandcamp or Qobuz account so I can purchase it?

Finally everyone agrees on RCS, and Google starts forcing a Google account sign in on Google messages. Not okay when Google Messages is the only option on Android.

If you ever had a “move back in with your parents” stage, you have no business judging homeless people. The only difference between you and them is you were privileged enough to have a fallback.

Looks like 3 million users are waiting for @Ubisoft to remove Denuvo. 🤔 mmobomb.com/news/instead-o…

@patrickpanda01 @PlayApex The Finals does, it runs at about 30-40fps on low with FSR. Titanfall I play on PC (Fedora 40), but I can try it out and get back to you on performance.

@mikeym0p @PlayApex Does the game work on the Steam deck?

@patrickpanda01 @PlayApex Try out The Finals or Titanfall. Both have similar movement and are much more fun

@PlayApex Sad the only way I can play Apex Legends On My Steam deck is by getting windows on it to download it

@PlayApex Welp, I will not use Windows ever again so it was nice playing Apex while I could.

@turingpi Glad to see the hardwares ready to go! I'm sure it was well worth the extended wait 🥳

🎉 Turing Pi 2.5 is in stock, and we’re celebrating with a giveaway! Comment below and you could be the lucky one!

We’re thrilled to introduce our long-awaited mini ITX case for the Turing Pi 2 and 2.5 boards! We’ve been working on this together with the community, and are excited to share all the details with you... 👇

It's coming

@chfsrh If its a Mac? Homebrew