NickTheRipper
9 posts
NickTheRipper
@NickTheRipperX
Latest Cybersecurity & Tech news + real opinions
United States Присоединился Mayıs 2026
40 Подписки3 Подписчики
Asciinema is seriously underrated. Makes technical writeups look so much more professional
English
@NickTheRipperX How will you hide ur IP address with that setup
English
How come nobody told me you can run Kali Linux straight off a windows pc
English
@ShamashAran I’m more irritated about the fact that I get this fucking pop-up every 10 minutes while paying these dickheads $40/mo for “premium”
English
Can we PLEASE
for the love of all that his holy
STOP NORMALIZING THIS INSTALL METHOD
English
Dealing with the current, castrated version of AI we have available to us is pretty much asking for low-grade rage 24/7
English
@IntCyberDigest This is biting Microsoft in the ass HARD.
Not only are they going to lose high quality researchers that they NEED, but they’re also alienating new ones like me from ever working with them.
Corporations are dumb
English
‼️🚨 BREAKING: Another researcher skipped coordinated disclosure entirely and dropped a critical 1-click GitHub token theft in public because he doesn't want to deal with MSRC. In his own words: "I really don't want to deal with MSRC on VSCode bugs."
The bug: just clicking a link can hand an attacker a GitHub token that reads AND writes to all your repos, including private ones. It lives in github[.]dev, GitHub's browser-based VSCode editor, which passes the browser an OAuth token that isn't scoped to a single repo. That token can touch everything you can.
Researcher Ammar Askar found that VSCode's sandboxed "webviews" leak keyboard events to the main editor. A malicious repo opened via one link can simulate keystrokes, install a local extension that skips VSCode's publisher-trust check, and exfiltrate your token. He published a working proof-of-concept.
He says when he reports github[.]dev bugs, GitHub tells him they're out of scope and to go report to MSRC, and a prior VSCode bug he reported was silently fixed with no credit. One commenter summed up the mood: "MSRC has turned into Feedback Hub."
English
Watching Microsoft dig their heels in and alienate their best security researchers is quite eye opening.
Why would a company shoot themselves in the foot like this?
There is literally zero benefit.
International Cyber Digest@IntCyberDigest
‼️🚨 BREAKING: Another researcher skipped coordinated disclosure entirely and dropped a critical 1-click GitHub token theft in public because he doesn't want to deal with MSRC. In his own words: "I really don't want to deal with MSRC on VSCode bugs." The bug: just clicking a link can hand an attacker a GitHub token that reads AND writes to all your repos, including private ones. It lives in github[.]dev, GitHub's browser-based VSCode editor, which passes the browser an OAuth token that isn't scoped to a single repo. That token can touch everything you can. Researcher Ammar Askar found that VSCode's sandboxed "webviews" leak keyboard events to the main editor. A malicious repo opened via one link can simulate keystrokes, install a local extension that skips VSCode's publisher-trust check, and exfiltrate your token. He published a working proof-of-concept. He says when he reports github[.]dev bugs, GitHub tells him they're out of scope and to go report to MSRC, and a prior VSCode bug he reported was silently fixed with no credit. One commenter summed up the mood: "MSRC has turned into Feedback Hub."
English
The future is going to be so badass
I truly feel sorry for the men and women who won’t live to see it.
The golden age of humanity is coming fast.
50 years from now we won’t even recognize who we once were.
English