Pi3cH

591 posts

Pi3cH

@pi3ch

@SecTalks.org and @SecDim.com Founder. @UNSW.edu Senior Lecturer. https://t.co/kEjY1ONlMj

Zfkulf, Hbzayhsph Katılım Ağustos 2010

103 Takip Edilen810 Takipçiler

Pi3cH@pi3ch·1d

While @NVIDIAAI claims NemoClaw being more secure, it worth noting that all it does is to wrap OpenClaw in a hardened Docker container. A false sense of security. I will soon write a blog post on why this doesn't address the core security issues with OpenClaw.

English

Pi3cH@pi3ch·26 Şub

Usually it is @Microsoft who leads the CVEs trend, but time has changed!🦀 #crab

English

Pi3cH@pi3ch·26 Şub

A unique AI security workshop at NDC Security

SecDim@secdim

Just 1 week left until NDC Security Oslo 2026🇳🇴 See you there. 👉 ndcsecurity.com/workshops/atta… #appsec #securecoding #programming #security #ndc

English

Pi3cH@pi3ch·18 Şub

LangChain load() should be renamed to dangerousLoad(). It’s eval() in disguise. We’ve spent decades warning engineers about eval(). Repackaging it behind an abstraction doesn’t make it safer. Here’s why that design choice is dangerous. #AppSec #SecureCoding @LangChain

SecDim@secdim

In December 2025, CVE-2025-68665, a high-severity vuln was reported on LangChain that could result in arbitrary code execution. We investigate how it was patched. Read about it here: secdim.com/blog/post/lang… #appsec #langchain #securecoding #programming

English

174

Pi3cH retweetledi

World of Statistics@stats_feed·1 Şub

Average IQ by country (2026) — International IQ Test  1．🇰🇷 South Korea — 106.97 2．🇨🇳 China — 106.48 3．🇯🇵 Japan — 106.30 4．🇮🇷 Iran — 104.80 5．🇦🇺 Australia — 104.45 6．🇷🇺 Russia — 103.78 7．🇸🇬 Singapore — 103.56 8．🇲🇳 Mongolia — 102.61 9．🇳🇿 New Zealand — 102.35 10．🇻🇳 Vietnam — 102.26 11．🇪🇸 Spain — 102.24 12．🇨🇾 Cyprus — 102.12 13．🇨🇦 Canada — 102.09 14．🇬🇧 United Kingdom — 101.57 15．🇱🇰 Sri Lanka — 101.22 16．🇸🇮 Slovenia — 101.15 17．🇧🇾 Belarus — 101.05 18．🇺🇸 United States — 101.04 19．🇦🇱 Albania — 101.00 20．🇨🇭 Switzerland — 100.84 21．🇬🇪 Georgia — 100.35 22．🇮🇹 Italy — 100.33 23．🇳🇱 Netherlands — 100.27 24．🇵🇪 Peru — 100.20 25．🇭🇺 Hungary — 100.15 26．🇦🇲 Armenia — 100.13 27．🇫🇷 France — 100.12 28．🇫🇮 Finland — 99.97 29．🇵🇹 Portugal — 99.95 30．🇱🇹 Lithuania — 99.95 31．🇹🇭 Thailand — 99.94 32．🇷🇸 Serbia — 99.83 33．🇦🇹 Austria — 99.80 34．🇧🇪 Belgium — 99.74 35．🇲🇹 Malta — 99.68 36．🇬🇷 Greece — 99.55 37．🇨🇿 Czechia — 99.36 38．🇩🇪 Germany — 99.32 39．🇭🇷 Croatia — 99.32 40．🇵🇱 Poland — 99.14 41．🇱🇧 Lebanon — 99.13 42．🇪🇪 Estonia — 99.08 43．🇱🇻 Latvia — 99.01 44．🇷🇴 Romania — 98.88 45．🇲🇰 North Macedonia — 98.88 46．🇸🇰 Slovakia — 98.87 47．🇱🇺 Luxembourg — 98.75 48．🇮🇱 Israel — 98.57 49．🇲🇾 Malaysia — 98.51 50．🇮🇳 India — 98.44 51．🇲🇪 Montenegro — 98.43 52．🇸🇾 Syria — 98.41 53．🇳🇴 Norway — 98.31 54．🇲🇲 Myanmar — 98.28 55．🇸🇪 Sweden — 98.22 56．🇮🇪 Ireland — 98.22 57．🇦🇿 Azerbaijan — 98.03 58．🇶🇦 Qatar — 97.94 59．🇩🇰 Denmark — 97.68 60．🇩🇿 Algeria — 97.53 61．🇹🇳 Tunisia — 97.46 62．🇦🇪 United Arab Emirates — 97.39 63．🇧🇩 Bangladesh — 97.32 64．🇳🇵 Nepal — 97.31 65．🇮🇸 Iceland — 97.25 66．🇲🇦 Morocco — 97.24 67．🇧🇦 Bosnia and Herzegovina — 97.13 68．🇦🇷 Argentina — 97.11 69．🇹🇷 Türkiye — 97.00 70．🇵🇰 Pakistan — 96.93 71．🇲🇩 Moldova — 96.85 72．🇪🇬 Egypt — 96.74 73．🇧🇬 Bulgaria — 96.54 74．🇧🇳 Brunei — 96.54 75．🇺🇿 Uzbekistan — 96.51 76．🇨🇺 Cuba — 96.44 77．🇨🇱 Chile — 96.34 78．🇺🇾 Uruguay — 96.09 79．🇪🇹 Ethiopia — 96.00 80．🇰🇿 Kazakhstan — 95.92 81．🇯🇴 Jordan — 95.73 82．🇲🇻 Maldives — 95.71 83．🇵🇭 Philippines — 95.68 84．🇺🇦 Ukraine — 95.66 85．🇧🇴 Bolivia — 95.56 86．🇪🇨 Ecuador — 95.45 87．🇧🇷 Brazil — 95.44 88．🇲🇬 Madagascar — 95.07 89．🇹🇹 Trinidad and Tobago — 94.81 90．🇱🇾 Libya — 94.76 91．🇲🇺 Mauritius — 94.66 92．🇨🇴 Colombia — 94.62 93．🇰🇬 Kyrgyzstan — 94.48 94．🇧🇭 Bahrain — 94.25 95．🇸🇦 Saudi Arabia — 94.07 96．🇨🇷 Costa Rica — 93.88 97．🇲🇽 Mexico — 93.64 98．🇿🇦 South Africa — 93.63 99．🇮🇶 Iraq — 93.62 100．🇾🇪 Yemen — 93.43 101．🇹🇯 Tajikistan — 93.39 102．🇰🇼 Kuwait — 93.13 103．🇰🇭 Cambodia — 93.12 104．🇿🇲 Zambia — 93.05 105．🇱🇦 Laos — 92.97 106．🇵🇸 Palestine — 92.94 107．🇳🇬 Nigeria — 92.76 108．🇻🇪 Venezuela — 92.61 109．🇵🇾 Paraguay — 92.38 110．🇸🇳 Senegal — 92.26 111．🇴🇲 Oman — 92.18 112．🇯🇲 Jamaica — 92.00 113．🇧🇯 Benin — 91.96 114．🇰🇪 Kenya — 91.69 115．🇵🇦 Panama — 91.65 116．🇿🇼 Zimbabwe — 91.64 117．🇬🇭 Ghana — 91.40 118．🇬🇹 Guatemala — 91.35 119．🇨🇲 Cameroon — 90.59 120．🇭🇳 Honduras — 90.41 121．🇨🇮 Ivory Coast — 90.37 122．🇲🇿 Mozambique — 90.33 123．🇳🇦 Namibia — 90.29 124．🇩🇴 Dominican Republic — 90.11 125．🇸🇻 El Salvador — 90.00 126．🇮🇩 Indonesia — 89.96 127．🇧🇼 Botswana — 89.72 128．🇹🇿 Tanzania — 89.57 129．🇦🇫 Afghanistan — 89.31 130．🇨🇩 DR Congo — 88.60 131．🇺🇬 Uganda — 88.49 132．🇬🇦 Gabon — 88.35 133．🇦🇴 Angola — 87.89 134．🇳🇮 Nicaragua — 87.75 135．🇷🇼 Rwanda — 86.90 136．🇹🇱 East Timor — 86.74 137．🇸🇴 Somalia — 83.84 Source: International IQ Test (aggregated global dataset, 2026 edition) Methodology: • Based on millions of voluntary online IQ test results • Scores normalized to mean = 100, SD = 15 • Country averages calculated from minimum sample thresholds • Adjusted for age distribution and test version bias • Results are comparative indicators, not definitive measures of intelligence

English

213

144

1.1K

246.2K

Pi3cH@pi3ch·16 Oca

It is always interesting for me to review how a vulnerability gets patched by Django maintainers. Django is one of the mature frameworks with many default security controls. In this blog post, I analysed a patch for a moderate severity vulnerability in Django with three takeaways

SecDim@secdim

In June 2025, a vulnerability (CVE-2025-48432) was discovered in Django that allowed remote adversaries to tamper with logs, compromising log integrity. 👉 Read more: secdim.com/blog/post/thre… 👉 Our Blog: secdim.com/blog/ #appsec #securecoding #python #programming

English

Pi3cH@pi3ch·8 Oca

Do this. It is the #heartbleed déjà vu.

SecDim@secdim

In December 2025, a critical vulnerability dubbed MongoBleed was disclosed. Mismatched length fields in Zlib-compressed protocol headers allow unauthenticated heap memory disclosure. 👉 Check it out via Holiday 7×7 Wargame: play.secdim.com/game/holiday-2… #appsec #mongodb #mongobleed

Français

Pi3cH@pi3ch·1 Oca

#MongoBleed patch guys. Problem solved! #CVE202514847

English

114

Pi3cH@pi3ch·23 Ara

When I was kid I was told the story of Thomas Edison who invented the light bulb after 1000 attempts and teacher told us what if he'd stopped after 999 attempts?! Well it turned out he has never invented light bulb also got sued for patent infringement: cio.com/article/266493…

English

Pi3cH@pi3ch·23 Ara

I just donated to the Python Software Foundation! you should do it too! donate.python.org

English

Pi3cH@pi3ch·19 Ara

Our Black Hat Europe AI Wargame 2025 winners @BlackHatEvents

LeCerveau@rachidharrando

@secdim @BlackHatEvents Arsenal AI wargame 2025 winners

English

Pi3cH@pi3ch·17 Kas

My jet-lagged side project: I hacked a MIFARE card and turned it into a smart business card that actually does something when you tap it + It lit-up 😎 Here is my write-up: pedramhayati.com/blog/hack-mifa…

GIF

English

Pi3cH@pi3ch·10 Eyl

GitHub Advanced Security + Copilot + Secure Code Learning = Happy Devs ❤️

SecDim@secdim

🔄 This is how you get hyper-relevant secure code learning labs based on identified vulnerabilities from GitHub Advanced Security using SecDim MCP - All without leaving your IDE! 👉 secdim.com/news/secure-co… #github #security #learning #ai

English

159

Pi3cH@pi3ch·3 Eyl

This is cool. Learn secure coding in your way: in your IDE using your own personalised pathway!

SecDim@secdim

At SecDim we've always believed secure code learning should be seamless, frictionless and hyper relevant. Today, we're taking that mission one step further: Introducing the SecDim Model Context Protocol (MCP) server. 👉 Go check it out: secdim.com/news/secure-co… #appsec #ai #mcp

English

186

Pi3cH@pi3ch·29 Ağu

This is 🔥It is like hacking software vulnerabilities in the late 90s. #ai #mcp #security

SecDim@secdim

Model Context Protocols are increasingly important for LLM contexts. However, they introduce new vulnerabilities. We made challenges for them. Available for free for everyone to try for a Limited Time! 👉 Go try them out now: discuss.secdim.com/t/model-contex… #ai #appsec #securecoding

English

134

Pi3cH@pi3ch·19 Ağu

Cybersecurity is not a bachelor university course. My chat with Norman Yue at @sectalks Legends. #cybersecurity #university

English

Pi3cH@pi3ch·14 Ağu

"Create an atmosphere to allow half-finished projects": How to build a community. My chat with Norman Yue at @sectalks Legends #community #cybersecurity

English

104

Pi3cH@pi3ch·7 Ağu

"I need to do 60 webapp pentest by the end of the year!" They game the metrics and decision makers cannot make the right call. My chat with Norman Yue at @sectalks Legends #cybersecurity #audit

English

111

Pi3cH@pi3ch·5 Ağu

PenTesting (break things skillset) is only 5% of what companies need and cybersecurity certifications got it wrong. My chat with Norman Yue at @sectalks Legends 0x00. #cybersecurity #jobs #pentesting

English

103

Pi3cH@pi3ch·1 Ağu

Using AI to (build) secure system? Your cost of error is unknown. My chat with Norman at @sectalks Legends 0x00 #ai #cybersecurity

English

Keşfet

@NVIDIAAI @Microsoft @LangChain @BlackHatEvents @sectalks @elonmusk @BarackObama @taylorswift13