Spearbit

2.1K posts

Spearbit

@spearbit

Industry Leading Web3 Security. Request a security review here ➡ https://t.co/gqs2f17Yhd

Katılım Ekim 2021

33 Takip Edilen14.3K Takipçiler

Spearbit@spearbit·5d

Five household-name eng orgs hit in three weeks by the same group. A worm built for npm ended up walking ~3,800 internal repos out of GitHub.

Cantina 🪐@cantinasecurity

We’ve detected that @GitHub has been compromised by TeamPCP. A poisoned VS Code extension on an employee device. ~3,800 internal repos exfiltrated. Data already on a black forum for $50K. The technical vulnerability is two words: "runOn": "folderOpen" in a .vscode/tasks.json. Cursor plays with Workspace Trust OFF by default. Open the folder, the task fires. Same group hit @Tan_Stack, @OpenAI, @Microsoft, and Nx in the prior 3 weeks. Same blind spot in every IDE-scanning security stack. What a time for cybersecurity! Full breakdown: cantina.review/github

English

3.7K

Spearbit retweetledi

Cantina 🪐@cantinasecurity·6d

Pretty wild: Apple's May 2026 security advisory is the first in its history to include AI credit lines. 3 credits to Cantina (one bug had been in WebKit for 13 years). 2 to Anthropic's Claude. This is why we put together a joint guide with @swif_ai: the shape of a security advisory is changing, and we wanted to give teams a clear read on what matters most during this transition. Read on: cantina.review/apple-security

English

2.1K

Spearbit retweetledi

Cantina 🪐@cantinasecurity·6d

Scammers spin up brand impersonation accounts by the 1000s every day using typosquats, homoglyphs, fake avatars, and fake job listings. So we had to act. Introducing Klaxon: a free, self-hosted terminal tool that monitors your brand on social and pages your team the moment something is off. Try it for yourself: cantina.review/klaxon

English

Spearbit@spearbit·18 May

Elite researchers, elite security: @rileyholterhus

Cantina 🪐@cantinasecurity

$500,000 to @rileyholterhus through Cantina Bounties. 🪐 The researchers who consistently find the bugs that matter don't chase volume. They follow programs where scope is tight, triage is fast, and rewards match actual impact. Well done, Riley!

English

3.8K

Spearbit retweetledi

Cantina 🪐@cantinasecurity·15 May

The local foothold can put an entire platform team on the clock. Dirty Frag affects RHEL 8, 9, and 10, OpenShift 4, and a broad set of Ubuntu packages. The real issue is what happens next: a local user can turn limited access into root across shared infrastructure. It lands with platform, cloud, and security teams at the same time. Read the full article: cantina.review/3zv

English

1.8K

Spearbit retweetledi

Cantina 🪐@cantinasecurity·14 May

Today. 1:30 pm ET. Join Cantina's CEO, @hrkrshnn, and President, @mikeleffer, who will discuss how AI blurs the lines between AppSec, SecOps, and GRC. Last call. Register: cantina.review/cantina-e2ecd7

English

1.5K

Spearbit retweetledi

Cantina 🪐@cantinasecurity·13 May

Apple patched a 13-year-old bug in WebKit yesterday. Apex, Cantina's autonomous AppSec agent, found it. It's one of three Apex findings in the same release. Two are CSP bypasses. Full writeup: cantina.review/ze5

English

534

497

2.2M

Spearbit retweetledi

Cantina 🪐@cantinasecurity·12 May

The cost starts when operators stop trusting the screen. Federal agencies said attackers were already reaching internet-facing PLCs and altering operator views across critical infrastructure. Read the full article: cantina.review/cantina-agenti…

English

1.1K

Spearbit retweetledi

Cantina 🪐@cantinasecurity·11 May

Three teams own one bug. AppSec finds it, SecOps contains it, GRC reports it. By the time the third team has context, the attacker has moved twice. 4 days out: From Design to Containment. Register: cantina.review/cantina-e2ecd7

English

1.5K

Spearbit retweetledi

Cantina 🪐@cantinasecurity·8 May

20% of breaches now start with the exploitation of a known flaw, up 34% year over year. Teams lose time in the handoff between AppSec and SecOps. Next week, Cantina's CEO @hrkrshnn and President @mikeleffer will discuss how AI blurs the lines between AppSec, SecOps, and GRC.

English

1.2K

Spearbit retweetledi

Cantina 🪐@cantinasecurity·7 May

Cantina threat discovery: we detected an authorization bypass in @ @springcentral, that can leave protected routes exposed even when the XML config looks correct. Found by Apex, Cantina’s AppSec agent. Full writeup: cantina.review/security-e8fbce

English

1.7K

Spearbit retweetledi

Cantina 🪐@cantinasecurity·6 May

Nearly $22B in ETH is staked via @LidoFinance. Today, we’re glad to announce that Lido has completed the Web3SOC assessment, covering operational, financial, security, and compliance domains across Lido DAO and the Lido protocol.

English

1.5K

Spearbit retweetledi

Cantina 🪐@cantinasecurity·5 May

What does it look like when a privacy-first platform invites the world's best to try and break it? @aztecnetwork is putting that question to the test, with a new bug bounty program on Cantina. Here's what researchers should look at.

English

Spearbit@spearbit·4 May

Your free daily security digest is here: ahackaday.news Powered by @cantinasecurity.

Cantina 🪐@cantinasecurity

Threat feeds dump 1000s of incidents on security teams every day. Most go unread, so we had to act. Introducing ahackaday.news: your free daily security digest that ranks the day for you, with live social signal on every brief.

English

727

Spearbit retweetledi

Cantina 🪐@cantinasecurity·30 Nis

Calling all security experts: the @Reserveprotocol x Cantina competition is now live. We’re opening Reserve's codebase to public security research through May 10, with a $30,000 prize pool for meaningful findings. Scope, docs, and timeline: cantina.xyz/competitions/9…

English

5.6K

Spearbit retweetledi

Cantina 🪐@cantinasecurity·29 Nis

Your SOC 2 report ages the moment the audit window closes. GDPR still requires teams to notify within 72 hours of a breach. DORA moves on operational timelines. The market keeps asking for current evidence, and it will continue to do so. Learn more: cantina.review/soc-a4c832

English

912

Spearbit retweetledi

Cantina 🪐@cantinasecurity·28 Nis

Today, we're proud to announce that we've partnered with @CrowdStrike and @swif_ai to offer EDR and MDM services, wired directly into Cantina's agentic security OS. cantina.review/cantina-cf44ca

English

1.3K

Spearbit retweetledi

Cantina 🪐@cantinasecurity·27 Nis

Cantina Threat Advisory: Bitwarden, the password manager used by more than 10M people, suffered a supply chain incident in its npm delivery path. Full breakdown: cantina.review/bitwarden-9ee1…

English

1.4K

Spearbit retweetledi

Cantina 🪐@cantinasecurity·24 Nis

The detection tool finds it. The code tool knows the repo. The ticket tool owns the remediation. Evidence lives somewhere else. Four tools. Zero shared context. That is the gap Cantina closes: cantina.review/deploy-autonom…

English

904

Spearbit retweetledi

Cantina 🪐@cantinasecurity·22 Nis

We're hiring a Staff Security Product Engineer. What we're looking for: - Security engineering, AppSec, detection, or incident response background - Ships code (TypeScript / Node.js) - Reasons through ambiguity and surfaces risks early Apply: jobs.ashbyhq.com/cantina.securi…

English

19.6K

Keşfet

@swif_ai @rileyholterhus @hrkrshnn @mikeleffer @springcentral @LidoFinance @aztecnetwork @cantinasecurity