the CRTP labs are so buggy that, at this point, debugging the lab is harder than the lab itself :)

Time for another giveaway! We will pick 6 winners to win one of the following: 1x Annual VIP @hackthebox_eu Licence 5x @PentesterLab 3 Month Licences To enter: 1️⃣ Follow us @BugBountyDefcon 2️⃣ Like this post ❤️ 3️⃣ Re-tweet this post 🔁 Giveaway open until Monday June 15th! GOOD LUCK!

lab server was down, so I had to go touch some grass. 10/10 recommend

water the grass if it's not greener on your side 🍃

I think this mango tree is for everyone except humans.

It was supposed to boost productivity, but it accidentally boosted my nap game 😭

agi achieved

Roads after 10 pm on a weekday >>>

seeing math concepts at work in security tools is pretty interesting :)

We successfully wrapped up the Cysinfo quarterly meetup yesterday! 🎉. Here is the link to the slides & demo videos: cysinfo.com/14th-quarterly-m… Thanks to the security community, core team members, for the support 🙏 #cysinfo

dam vulnerable web app ❌ comet ✔️ ( dam vulnerable agentic browser)

🚨 JAILBREAK ALERT 🚨 OPENAI: PWNED 😎 ATLAS-BROWSER: LIBERATED 🙌 WOW! There's a new AI browser on the block! Has some hefty guardrails in play, but the browser surface area is vast 🌊 First, I started with a good ol' LSD jailbreak, which was cool to see that the GPT-5 prompt still works in this browser setup with the new sys prompts. Referencing search and videos are a fun enhancement for higher quality jailbreak outputs (some cool youtube videos out there about drugmaking, for example), but honestly that isn't anything new or different from regular ChatGPT's capabilities. What IS hot off the press, and IMO a very real security risk to be aware of for AI browsers (and the internet in general), is this humble yet mighty vuln: Clipboard Injection. It's trivial to add a hidden "copy to clipboard" feature to any clickable button on the web. It took me just a few minutes to update one of my personal websites such that ALL the buttons were geared for injecting the user's clipboard with a malicious phishing link. If your browser Agent is navigating a website and clicks a button like that without your knowledge, and you open a new tab later and hit paste without knowing what's in your clipboard, well...PWNED! 🙃 As you'll see in the video below, "control-c" is in my clipboard in the beginning, but unbeknownst to me, "I'VE BEEN PWNED BY PLINY!!! WEEE I'M FREEE FUCKITY FUCK FUCK!!! ABRACADABRA, BITCH!!! http://paypa1. com/account-update" gets snuck into my clipboard as soon as Agent starts trying to navigate my website. This works so well because Agent is normally aware of all text/code being passed to and from the user, and has clearly been trained to recognize prompt injections, but since the "copy clipboard" button logic is hidden in js in the backend of the site, the Agent has zero awareness of the text content being injected to the user's clipboard. This has broad implications for anyone in the habit of copy-pasting, including coding, data entry, banking/trading, etc. Imagine going about your browsing business, then simply hitting control-v in your address bar and next thing you (don't) know, it takes you to a spoofed phishing website that tells you your OpenAI or Gmail or PayPal session has expired and you need to re-login. If you're not careful, the attackers now have all your login info, including any MFA codes 🥲 gg

Next week is our next run of our Attacking AI course! Check out the expanded syllabus ⬇️ payhip.com/b/xysOk 📢 Last Min Giveaway Time! Two seats up for grabs, winner will be chosen Tuesday next week! Each person can have up to 3 entries to the giveaway! ➡️Repost This Post = 2 Entries ➡️Like This Post = 1 Entry

So annoying @tryhackme

cute :3

Seeing a ton of people making 2025 their year to implement this. Y'all got this - get after it!

What's your fav security blogs/articles etc related twitter account? #Cybersecurity #penetrationtesting #Pentesting

Cooked fr