@lukefr09 @xamfiays @0xdef1ant @slinafirinne For me they marked it as planning fix as well, but didn’t give me a date or season? Does that signify anything?
English
frappe
19 posts
@xamfiays @0xdef1ant @slinafirinne No bounty. Unfortunately. I would assume dupe, that was the case for me, but it might also just be low severity.
English
@thedawgyg @0xdef1ant @dyneteve just bought a refurbished m1 max with 64 gb. thanks for the inspo lol
English
@frappehv @0xdef1ant @dyneteve i have 2 Macbook's right now. an M1 Max and an M4 Max. both with 64gb rams each.
English
@frappehv @0xdef1ant @dyneteve it will limit what targets you can go after, and how many instances of the fuzzers you can run, but it can be done with 24
English
@thedawgyg @0xdef1ant @dyneteve What mac should I get to start fuzzing apple. I’m new to fuzzing but I still want to force myself to start on apple. Curious what your set up looks like
English
@0xdef1ant @dyneteve since i have the 200$ subs for all the tops models (and have multiple codex and claudes) + the power, i need to make sure its bringing in atleast 3-4k a month just to break even basically. so would be 6-8 vulns a month paid on google or 1-3 on apple lol so switched lol
English
@frappehv @thedawgyg Claude.md file problem or some files in directory … there might be some restrcited words that allign with guardrails protection
English
I kind of want to do some experiments and see whats going on with #Fable / #Mythos .. anyone want to share some info/prompts of what you were trying to do when you were blocked so i can see if it blocks me for the same.. If anyone wants to, drop some info and ill see what happens when i do the same thing you were
English
@frappehv you might be an egregious retard
x.com/weezerOSINT/st…
impulsive@weezerOSINT
This exploit has been around for a while. Instagram has been on fire ever since they started integrating everything into their GraphQL / Bloks API. They're trying to merge all the separate Meta app APIs under one surface and its a mess. The account recovery endpoint alone gives you full PII from a username alone. The new API is littered with no auth, no rate limits, race conditions and logic bugs everywhere.
English
People still got fooled even after seeing that mbappe no. here is : +33772722727 ! It's an edited screen shot !
Mохаммед@user9JKsuG
New @instagram bug: Why bro masking emails and phone numbers during password recovery when you can just display them in full? Account recovery or account discovery? Meta care to explain? #Meta #Instagram #CyberSecurity #Privacy
English
Meta is moving from one security failure to another. A few hours ago, a new logic bug dropped in the Web Reset flow, leaking sensitive account data before getting hit with an emergency hotfix. This is what happens when you fire the experts and rely on brain-dead AI to run core infrastructure. Meta’s security is an absolute circus.
#cybersecurity #meta #instagram
English
$500 to a random person who likes this in 1 hour @kingcapsports_
English
🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣
nao tem impacto mas nao pode divulgar???? nao entendi colega
KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
pira;)@0xPira
@1tsn0tak4m3 @Snapchat veremos
Português
I demonstrated the entire attack: fake login screen, user entering information, and hitting my server.
I explained that it wasn't possible to demonstrate CSRF exfiltration in the POC because the moderators kept banning my test accounts, but that it would be possible if they provided me with test accounts.
English