Rey Bango 🇺🇦🌻
65.1K posts

Rey Bango 🇺🇦🌻
@reybango
AI & Security | I hack into things sometimes. Opinions are mine. Fortis fortuna adiuvat. Nostalgia is not a strategy. It's a good time to cause a little chaos.
Katılım Mart 2007
5.6K Takip Edilen22.5K Takipçiler

Realizing that I've never met @0xTib3rius in person.
Rey Bango 🇺🇦🌻@reybango
@0xTib3rius @_thenetgala Want this one.
English

Those days when @pmelson was my best bud in the whole world. :D
Rey Bango 🇺🇦🌻@reybango
That time I hung out with @pmelson. Too long!!
English

I wonder if the @bcsecurity team will be bringing some of these @EmpireC2Project challenge coins this year?
Rey Bango 🇺🇦🌻@reybango
The @EmpireC2Project challenge coin is awesome! Long Live Empire!
English
Rey Bango 🇺🇦🌻 retweetledi

Rey Bango 🇺🇦🌻 retweetledi

@rootsecdev @HackingLZ @curi0usJack Let's see which of you three I see first at Hacker Summer Camp this year.
English

@reybango @HackingLZ What the hell man. @curi0usJack I saw @reybango first. He knows where the best Cuban food is.
English
Rey Bango 🇺🇦🌻 retweetledi

I have been seeing reverse engineering / malware analysis courses that cost thousands of dollars. Do you know you can actually learn that for free, right? There are also a bunch of other courses out there that are way cheaper or even free:
- courses.0ffset.net
- malwareanalysis-for-hedgehogs.com
- invokere.com
- github.com/RPISEC/MBE
- guyinatuxedo.github.io/index.html
- openanalysis.net
- p.ost2.fyi
- taomm.org
English
Rey Bango 🇺🇦🌻 retweetledi

‼️ BREAKING: xAI's Grok Build CLI was uploading entire Git repositories to a Google Cloud bucket, private codebases and unredacted secrets included. The uploads quietly stopped via a hidden server-side flag, and xAI still has not said a word about scope, retention, or deletion.
The scale is staggering. On a 12 GB test repo, 5.1 GB flew out the door to xAI's grok-code-session-traces bucket while the actual coding task needed just 192 KB. The tool grabbed whatever repository it ran in, not the files it needed.
The fix arrived as a hidden flag, disable_codebase_upload: true, a day after a researcher's wire-level analysis. The "Improve the model" opt-out never stopped the uploads.
Still no advisory, no scope, no word on whether already-uploaded code gets deleted. For anyone pointing AI coding agents at proprietary code, what crosses the wire matters more than what the settings page says.



English
Rey Bango 🇺🇦🌻 retweetledi

Proton is now publicly calling Windows spyware over the Global Device ID that Microsoft uses for every Windows installation. They say users never consent to the GDID, can't remove it, and that reinstalling Windows only partially helps since Microsoft keeps the old records.
The company found exactly one mention of the identifier in all of Microsoft's public documentation.
Every Windows installation carries a Global Device ID that Microsoft can hand to law enforcement, and a federal complaint against an alleged Scattered Spider hacker just showed it defeating a VPN.
Per the FBI affidavit, Microsoft records tied one GDID to the creation of an ngrok account used in a May 2025 jewelry retailer breach, then gave investigators the device's full IP history. Cross-referenced against the suspect's Apple, Snapchat, and Facebook logins, the VPN didn't matter.



English

❗️ An Israeli startup founder secretly uploaded a cluster of malicious typosquatted npm packages that impersonate Anthropic, Vercel, LangChain, Ollama, OpenAI and Aspect Security and profile developer machines on install.
The packages skip passwords and tokens by design. Instead, the install script harvests identity: hostname, every git and SSH email on the box, teammate emails from the git reflog, AWS/GCP profile and account details, and the corporate DNS domain, all shipped to a Google Cloud Run endpoint.
There were about 20k downloads before takedown.


English
Rey Bango 🇺🇦🌻 retweetledi

If your Instagram is public, Meta just enrolled you in something you didn't agree to.
Their new AI tool, Muse Image, lets anyone @-mention your Instagram handle in Meta AI and generate images using your face and photos. launched Tuesday. opt-in by default. no notification when it happens.
→ you won't be told when someone creates an AI image of you
→ opting out only stops future generation; anything already made stays live
→ there's no mechanism to remove images created before you opted out
how to turn it off:
Instagram → Profile → Menu (☰) → Sharing and Reuse → turn off Posts and Reels under "Allow people to reuse your content on Instagram and with AI features at Meta"
note: the setting is still rolling out. if you don't see it yet, keep checking.
if you want the strongest protection right now: go private.

English
Rey Bango 🇺🇦🌻 retweetledi

❗️ Meta just silently opted in every adult Instagram user for their new Muse AI Image generator, which lets anyone create AI images of your likeness by tagging your public handle in a prompt, no notification when your photos are used, and no removal of images generated before you opt out.
To opt out on Instagram: Profile > Menu > Sharing and reuse, then switch off the reuse toggles under "Allow people to reuse your content on Instagram and with AI features at Meta."


English

@ZackKorman @sherrod_im I’m glad Sherrod is working at Unit 42 now. She can now continue to make an impact without worrying that her teammates might disappear.
English

This is cool and all, happy for you @sherrod_im, but what the hell is going on at Microsoft right now?
They’re losing all of their security people.
💻 Sherrod@sherrod_im
⚠️Change of Affiliation⚠️ I have joined Palo Alto Networks Unit 42 as VP of Threat Intelligence and I couldn't be more excited to work with this incredible team! (You can read more at LinkedIn if you're into that)
English

@sherrod_im Congratulations @sherrod_im. A great organization just got even better.
English
Rey Bango 🇺🇦🌻 retweetledi

‼️ BREAKING: New research shows you can copy any signed GitHub commit into a second one that looks identical, without the author's secret key, creating a distinct commit with an identical tree, identical metadata, a valid signature, and a "Verified" badge from GitHub.
On GitHub, a green "Verified" badge is supposed to mean two things: a trusted author signed it, and its ID is a one-of-a-kind fingerprint for that exact code. A new Carnegie Mellon preprint from Jacob Ginesin says the second promise, the unique fingerprint, does not hold.
Why it matters: security teams and package systems (behind tools like Go, Nix, and GitHub Actions) trust that ID as a unique handle for code. Block or pin the "bad" version, and an attacker can re-issue the same signed code under a fresh, still-verified ID that slips past. The author says Git and GitHub have not fixed it.
PoC: github.com/JakeGinesin/gi…


English
Rey Bango 🇺🇦🌻 retweetledi

The 19-year-old hacker, Peter Stokes, was caught by the FBI despite bouncing his internet connection across three countries using a Virtual Private Network (VPN).
He believed a VPN would hide his real identity by masking his public Internet Protocol (IP) address.
However, his Windows 11 operating system was tracking a hidden, permanent code
known as a Global Device Identifier (GDID).
This specialized tracking number is unique to the physical computer itself and does not change when you activate a VPN.
When Stokes used his computer to conduct cyberattacks, his background Windows system automatically logged his activity alongside this secret GDID number.
Microsoft recorded this data through its built-in telemetry features and subsequently shared the logs with federal investigators.
The FBI used these digital fingerprints to link his precise web traffic directly back to his physical laptop.
This educational case highlights that hiding an IP address is insufficient for total anonymity, as modern operating systems constantly track hardcoded hardware data
Abdulkadir | Cybersecurity@cyber_razz
A 19 year old kid used a VPN and change his IP across 3 countries but the FBI was still able to catch him and that’s because windows was tracking a number he didn’t even know existed….
English
Rey Bango 🇺🇦🌻 retweetledi

I've been pretty quiet recently, mainly because we've been cooking up a few things at @MDSecLabs - some of which will be revealed over the next month or so. One of the most exciting things is a HUGE new @nighthawk_c2 release. It's packed with "stacks" of new OpSec - incl. 3 new CET compat masking. But most exciting of all, we have a super sexy new cross platform UI 🔥

English




