k4rn4

Follow him: @wunderwuzzi23 Helpful resources 👇🏻 The Month of AI Bugs 2025 Source: embracethered.com/blog/posts/202… Exfiltrating Your ChatGPT Chat History and Memories With Prompt Injection Source: embracethered.com/blog/posts/202… Turning ChatGPT Codex Into A ZombAI Agent Source: embracethered.com/blog/posts/202… Anthropic Filesystem MCP Server: Directory Access Bypass via Improper Path Validation Source: embracethered.com/blog/posts/202… Cursor IDE: Arbitrary Data Exfiltration Via Mermaid (CVE-2025-54132) Source: embracethered.com/blog/posts/202… Amp Code: Arbitrary Command Execution via Prompt Injection Fixed Source: embracethered.com/blog/posts/202… I Spent $500 To Test Devin AI For Prompt Injection So That You Don't Have To Source: embracethered.com/blog/posts/202… How Devin AI Can Leak Your Secrets via Multiple Means Source: embracethered.com/blog/posts/202… AI Kill Chain in Action: Devin AI Exposes Ports to the Internet with Prompt Injection Source: embracethered.com/blog/posts/202… ZombAI Exploit with OpenHands: Prompt Injection To Remote Code Execution Source: embracethered.com/blog/posts/202… OpenHands and the Lethal Trifecta: How Prompt Injection Can Leak Access Tokens Source: embracethered.com/blog/posts/202… Claude Code: Data Exfiltration with DNS (CVE-2025-55284) Source: embracethered.com/blog/posts/202… GitHub Copilot: Remote Code Execution via Prompt Injection Source: embracethered.com/blog/posts/202… Google Jules: Vulnerable to Data Exfiltration Issues Source: embracethered.com/blog/posts/202… Google Jules: Remote Code Execution ZombAI Source: embracethered.com/blog/posts/202… Google Jules: Invisible Prompt Injection Source: embracethered.com/blog/posts/202… Amp Code Fixed: Invisible Prompt Injection Source: embracethered.com/blog/posts/202… Amp Code Fixed: Data Exfiltration via Images Source: embracethered.com/blog/posts/202… Amazon Q Developer: Data Exfil via DNS Source: embracethered.com/blog/posts/202… Amazon Q Developer: Remote Code Execution Source: embracethered.com/blog/posts/202… Amazon Q Developer Interprets Hidden Instructions Source: embracethered.com/blog/posts/202… Windsurf: Data Exfiltration Vulnerabilities Source: embracethered.com/blog/posts/202… Windsurf: SPAIware Exploit - Persistent Prompt Injection Source: embracethered.com/blog/posts/202… Windsurf: Sneaking Invisible Instructions for Prompt Injection Source: embracethered.com/blog/posts/202… ChatGPT Deep Research Connectors: Data Spill and Leaks Source: embracethered.com/blog/posts/202… Manus AI Kill Chain: Expose Port - VS Code Server on Internet Source: embracethered.com/blog/posts/202… AWS Kiro: Arbitrary Command Execution with Indirect Prompt Injection Source: embracethered.com/blog/posts/202… Cline: Vulnerable to Data Exfiltration Source: embracethered.com/blog/posts/202… Windsurf: Dangers - Lack of Security Controls for MCP Server Tool Invocation Source: embracethered.com/blog/posts/202… AgentHopper: A PoC AI Virus Source: embracethered.com/blog/posts/202… Wrapping Up Month of AI Bugs Source: embracethered.com/blog/posts/202…

Alibaba releases an open source framework that's like OpenClaw + Claude Cowork. Self hosted, persistent memory, skills, & more!

📍 AI is not creating roles. It is redistributing organizational power. As Gartner highlights the proliferation of AI-specific titles across management, business, and technical layers, the implication is structural reallocation of authority, not hiring expansion. 1️⃣ Competitive Shift AI leadership roles formalize decision rights around data, automation, and model governance at the executive level. 2️⃣ Structural Blind Spot Many firms treat AI hires as additive specialists while leaving reporting lines, incentives, and budget control unchanged. 3️⃣ Strategic Risk If AI authority remains fragmented across silos, the organization builds capability without consolidating control, slowing value capture. This is not about job titles. It is about who owns decision power in an AI-native enterprise. Are you adding AI roles, or redesigning your power structure around them? Credit: gartner.com and Bot Nirvana @corixpartners @Transform_Sec @Corix_JC @ILoveBooks786 @COSTESLionelEr @ramonvidall @RLDI_Lamy @FrRonconi @timo_vi @Nicochan33 @NathaliaLeHen @TCyberCast @arigatou163 @ricardo_ik_ahau @VivMilanoFSL @xavierquerat @WillyRayNick @StrategyNDigita @quepasachico @bulbi59 @BulbiT3ch @bbailey39 @sulefati7 @BCAgroup @negimagurott @CRudinschi

State of AI Security 2026 github.com/blackorbird/AP…

Amazon Kiro deleted a production environment and caused a 13-hour AWS outage. I documented 10 cases of AI agents destroying systems — same patterns every time. blog.barrack.ai/amazon-ai-agen…

@Suryanshti777 Ai

🚨 100+ HOURS. 1 SINGLE SHEET. The complete AI Agent blueprint. I turned months of research into a no-fluff visual guide that shows you: • How AI agents actually work • Memory + tools + multi-agent systems • 50+ agents you can launch • Step-by-step build paths (RAG, Voice, Architectures) No theory. Just execution. If you’re serious about AI in 2026 — this is your unfair advantage. I’m giving it away FREE. How to get it: 1️⃣ Follow (must – I’ll DM you) 2️⃣ Comment AI 3️⃣ RT to help others Drop “AI” below 👇

Sometimes you spot a sink and know it's vulnerable, but proving it is a challenge. @SLCyberSec's team broke through layers of crypto to reach a pre-auth deserialization sink in OpenText Directory Services. Breaking the encryption was a journey. slcyber.io/research-cente…

Ransomware is learning how your business works. From AI‑driven extortion to attacks hidden inside normal workflows, this year’s threats will blend in, not break in. Watch this video to see what’s next: research.trendmicro.com/securitypredic…

Several organizations are embracing MCP, but its deepest security flaws are dangerously overlooked. In this conversation with @ZackKorman, CTO of a high-growth AI security startup, we discussed the uncomfortable truths behind MCP security and why he believes the protocol is fundamentally flawed. We also discussed the dangers of “prompt injection as a service,” the risks of malicious MCP servers, and why developments like NPM-enabled integrations could be a horror story in the making. The full chat is live on AI Cyber Magazine's YouTube Channel. Watch it using the link: youtu.be/6kIDUyD_Mj0?si… .

Introducing Rork Max AI that one-shots almost any app for iPhone,  Watch, iPad,  TV &  Vision Pro. Even Pokémon Go with AR & 3D. Max is a website that replaces Xcode. Install on device in 1 click. Publish to App Store in 2 clicks. Powered by Swift, Claude Code & Opus 4.6.

Introducing EVMbench—a new benchmark that measures how well AI agents can detect, exploit, and patch high-severity smart contract vulnerabilities. openai.com/index/introduc…

Last week I had a great conversation about all things AI pentesting with Cole Cornford on the Galah Cyber Secured podcast! Have a listen to find out where it shines, where humans still have an edge, and what comes next :)

Our latest GTIG AI Threat Tracker report reveals how adversaries are integrating AI into operations. We detail state-sponsored LLM phishing, AI-enabled malware like HONESTCUE, and rising model extraction attacks. Read the report: bit.ly/4adaUNk

FREE for ALL: AWS: drive.google.com/drive/mobile/f… CISSP: drive.google.com/drive/mobile/f… CISA: drive.google.com/drive/mobile/f… CISM: drive.google.com/drive/mobile/f… CRISC: drive.google.com/drive/mobile/f… CCDA: drive.google.com/drive/mobile/f… Digital Marketing: drive.google.com/drive/mobile/f…

#reversing #Kernel_Security #Sec_code_review Exploiting Reversing (ER) series: Part 1 - Windows kernel drivers (1) exploitreversing.com/2023/04/11/exp… Part 2 - Windows kernel drivers (2) exploitreversing.com/2024/01/03/exp… Part 3 - Chrome exploitreversing.com/2025/01/22/exp… Part 4 - macOS/iOS exploitreversing.com/2025/02/04/exp… Part 5 - Hyper-V exploitreversing.com/2025/03/12/exp… // step-by-step research series on Windows, macOS, hypervisors and browsers

Do you remember when you joined X? I do! #MyXAnniversary

@HitachiMSP @HitachiMSP @hitachi I deposited ₹15,000 at your Kaythapoyil CDM (ATM ID: MCRM5853) on [Date] at 13:13:41. The machine took the cash but showed a "Transaction Timeout" & the amount wasn't credited to my @canarabank Bank account. Please investigate & resolve ASAP. #ATMFailure

@HitachiMSP @hitachi I deposited ₹15,000 at your Kaythapoyil CDM (ATM ID: MCRM5853) on [Date] at 13:13:41. The machine took the cash but showed a "Transaction Timeout" & the amount wasn't credited to my @canarabank Bank account. Please investigate & resolve ASAP. #ATMFailure

i made contact with "EV Motors, a Royal Enfield Dealer Showroom in Thamarassery," one of the dealers. However, they said that the manufacturer had discontinued producing scram 411. Is that accurate? If the stock issue, kindly inform me. @royalenfield

Getting Started with iOS Penetration Testing — Part 1: The Setup #MobileSecurity #iOSsecurity sahil-security-nerd07.medium.com/getting-starte…