@milesdeutscher @milesdeutscher It is fascinating how many accounts impersonate you and reply to your tweets trying to push crypto scams pretending to be you:
English
Sam Stepanyan
5.4K posts
Sam Stepanyan
@securestep9
@OWASPLondon Chapter Leader (#OWASP #OWASPLondon). OWASP Board Member. Application Security (#AppSec) Consultant. OWASP #Nettacker Project leader. #CISSP
London, UK เข้าร่วม Eylül 2013
3.7K กำลังติดตาม7.3K ผู้ติดตาม
underrated af new Claude features:
• Interactive charts
• Cowork scheduled tasks
• Cowork plug-ins
• Memory management (import/export)
• Claude in Excel
• Infinite chats
• Push-to-talk in Claude Code
These features alone make Claude the most powerful AI platform available.
English
#telnet: Yet Another Critical Unauthenticated Root RCE #vulnerability CVE-2026-32746 discovered in legacy inetUtils Telnet - no user interaction and no special network position required.
Telnet is still in use in old switches, routers, ICS/IoT, cameras:
👇
thehackernews.com/2026/03/critic…
English
@ErezYalon ^My eyes 👀 hurt from seeing a SQL Injection and plain-text password storage - vulnerabilities so typical for AI-generated (vibe-coded) applications. When reviewing AI-Coded apps I also frequently come across AWS, Vercel and Supabase credentials exposed in client-side JavaScript
English
#OpenClaw: Never thought I'd see a picture of #Nvidia CEO Jensen Huang with claws - but here it is on my computer screen this morning and Nvidia has now launched a 'secure and enterprise-ready' open-source plugin for OpenClaw called #NemoClaw:
👇
github.com/NVIDIA/NemoClaw
English
#GitHub seems to be suffering a lot getting hit by traffic from #AI bots scraping the code these days - I keep getting 'Too Many Requests' when following links to various @github repos:
github.blog/changelog/2025…
English
UK #Government Companies House confirms security #vulnerability exposed millions of UK companies' sensitive data including directors' dates of birth and residential addresses via a flaw introduced in October 2025:
#CompaniesHouse
bleepingcomputer.com/news/security/…
English
UK Government Companies House new website had a basic OWASP Top 10 authentication bypass #vulnerability for God knows how long until it was identified and reported. I wonder if this is a result of vibe-coding? 🤔
👇
Dan Neidle@DanNeidle
I see some weird things but this takes the biscuit. A vulnerability in the Companies House website, that let anyone view the private dashboard of any one of the five million registered companies, see directors' personal details. And modify them.
English
#Chrome: Google released security updates for its Chrome web browser to address two high-severity #zeroday #vulnerabilities CVE-2026-3909 & CVE-2026-3910 that it said have been exploited in the wild. Make sure to update your Chrome today! (restart it):
👇
thehackernews.com/2026/03/google…
English
#Linux: AppArmor hit by 9 "#CrackArmor" vulnerabilities letting unprivileged users manipulate security profiles and escalate to root.
The bugs date back to 2017 and affect 4.11+ kernels of Ubuntu, Debian, and SUSE:
#PrivilegeEscalaton
#CloudSecurity
👇
thehackernews.com/2026/03/nine-c…
English
Looks like a cyber security incident at @LloydsBank & @HalifaxBank
First thing this morning the customers reported seeing other people's transactions and bank statements, and now the system appears to have stopped logging people in:
#Lloyds #LloydsBank #Halifax #IDOR
👇
myexploit2600@myexploit2600
Anyone know anyone who works at Halifax in cyber? They are not picking up the phone. And the AI bot they replaced humans with is saying everything is hunky dory.
English
#Copilot: The fact that any files attached to Microsoft Copilot prompts bypass Purview DLP is a serious architectural flaw, which potentially is being exploited in your organisation right now to exfiltrate data:
Jake Williams@MalwareJake
Not a week passes that I don't find more evidence that Copilot was a rush job from Microsoft and has serious limitations for enterprises. learn.microsoft.com/en-us/purview/…
English
#NPM: A malicious npm package '@openclaw-ai/openclawai' is spreading a full RAT #malware disguised as an #OpenClaw installer. It steals browser data, macOS Keychain entries, crypto wallets, MacOS and cloud credentials:
#SoftwareSupplyChainSecurity
👇
thehackernews.com/2026/03/malici…
English
#linux: Ubuntu, Fedora, Mint Linux are considering adding age verification to Linux due to the upcoming law mandating that OS providers and application developers implement age verification measures to protect minors online. This will have a huge impact:
9to5linux.com/ubuntu-fedora-…
English
I am speaking at NDC Security!
Come catch my talk in Room 4.
English
#trivy: The GitHub repo of Cloud Security and Supply Chain Security vendor Aqua Security (@AquaSecTeam) popular vulnerability scanner tool 'trivy' was compromised yesterday via GitHub Actions:
#SoftwareSupplyChainSecurity
👇
github.com/aquasecurity/t…
English
Sam Stepanyan รีทวีตแล้ว
Our February Meetup has started and right now we have Mriya Hristova (@mariya_e_h) on stage speaking about North Korean Spies trying to get a job in your organisation!
Watch the live-stream 📺 here:
👇
youtube.com/live/VwSCOJWqa…
YouTube
English
Sam Stepanyan รีทวีตแล้ว
Sam Stepanyan รีทวีตแล้ว
Nothing humbles you like telling your OpenClaw “confirm before acting” and watching it speedrun deleting your inbox. I couldn’t stop it from my phone. I had to RUN to my Mac mini like I was defusing a bomb.
English