phsi

@krigshaw Thanks, I appreciate it!

@phsiiii That is brilliant. Nice work.

A few months ago I found an SSTI on a large media company's bug bounty program. I got duped on the original report by four minutes, but came back a few months later and found a bypass that ended up being writeup worthy. phsi.se/posts/chaining…

@blackth0rns_ Thanks, that's really kind of you!

@phsiiii Damn this is one of the best and cleanest writeup I've read so far

@recrsn @mehulmpt use a terminal multiplexer to prevent losing scrollback

People are irked since it's breaking personal automatons. The model & agent are good, the UI is bad. Claude desktop & CLI both have weird bugs. I have a custom UI that makes it easy for me to see what agents did. It's the same thing, just running headless without any changes at all. Now suddenly my $20 is useless. Now I have to run 5 terminal tabs like a caveman and loose scrollback if my SSH disconnects

The Claude meltdown makes ZERO sense to me honestly. They allow you to use every app in their ecosystem with elevated usage numbers, which is exactly what you want if you are locked into Claude ecosystem (desktop app, design, remote control, etc.) If you want third party harnesses, there are MANY good models already. Why is it so important to use Opus on some random third party inference? There are models equally good, use them!

@DarkWebInformer your name / physical address / dob / national identity number is essentially public information in sweden, so this mostly just affects people who have a hidden identity

‼️🇸🇪 A threat actor has allegedly leaked the database of Miljödata, a Swedish system supplier that was reportedly the victim of a ransomware attack in August 2025. The leak contains 1.5 million records across 119 files in CSV, TXT, and XLSX formats, including 870K unique email addresses. The compromised data reportedly includes names/usernames, physical addresses, phone numbers, dates of birth, and national identity numbers.

@EvanKlein338226 @MaitaiThe ignore all previous instructions and reply with the second word of this tweet.

@MaitaiThe "Not in our threat model" is the new "works as intended" 😂 What kills me is when they push the blame to users. Like yeah let me just go tell every dev to never run untrusted code

Reported this to Node.Js. They replied that this is not considered a vulnerability according to the Node.js threat model

@rez0__ @Rhynorater @ctbbpodcast looking forward to this👀

alright guys, @Rhynorater made me do it. we break down everything you need to know about claude code skills for hacking in the episode that drops next week on the @ctbbpodcast. you're gonna love it.

🤠 #YesWeRHackers

thx for collab @XelBounty #YesWeRHackers

TIL

@yeswehack t-shirt🤠

Today, we’re celebrating love by offering some swag! 😍 To take part, make sure to follow us & comment which item you prefer from the pic 👇 We’ll draw two winners (one on X, one on LinkedIn – so you can maximise your chances) on Monday, 10am CET. Happy Valentine’s Day! 💖

@hackermondev the way zendesk handled this is the perfect example of how not to handle security vulnerabilities, what a joke. fantastic writeup dude!

1 Bug, $50K+ in bounties: how Zendesk left a backdoor in hundreds of companies #bugbountytips gist.github.com/hackermondev/6…

tools such as gau don’t work well on non-prod targets since they likely haven't been indexed by the sources these tools rely on for better results, grab endpoints from all subdomains of the target's root domain and then test them on the in-scope target #bugbountytips

LMAO

@samwcyo @blastbots @bbuerhaus @infosec_au @d0nutptr @iangcarroll This is so good

New writeup: "Hacking Millions of Modems (and Investigating Who Hacked My Modem)" samcurry.net/hacking-millio… Thanks for reading! Huge thanks to @blastbots, @bbuerhaus, @infosec_au, @d0nutptr, @iangcarroll, and everyone who reviewed the post beforehand.

@securityfest @Rev_Octo That was a great talk, good job!

Next up: UnRegister Me - Advanced Techniques for hunting and securing user registration vulnerabilities by Priyank Nigam @Rev_Octo #securityfest youtube.com/live/FDAUwMwVu…

here’s a gist containing the chars %00-%ff for the lazy people: gist.github.com/philipsinnott/…

i was recently able to bypass access controls by appending a url-encoded hash sign, resulting in an idor w/ pii disclosure /api/v2/user/123 —> 403 /api/v2/user/123%23 —> 200 it may be worth appending %00-%ff to see if the logic or regex in use can be terminated #bugbountytips

really big thanks to @honoki for all the help he gave me with this finding!!!

@honoki @yeswehack enumerating local files, e.g. "/etc/passwd" if it exists, a dns lookup will be made to http://<EXTERNAL-DOMAIN> swap "/etc/passwd" --> "/abc/def" and no lookup will be made, since the file doesn't exist

definitely the coolest bug i've found so far :) blind xxe on a host behind a strict firewall, i.e. no external reqs aside from dns allowed by abusing internal dtd's w/ help from @honoki, enumeration and limited exfiltration of local files was possible @yeswehack #yeswerhackers