Engineering Security for the AI Era | AI Pen Testing Smart Contract Audits | OWASP Smart Contract Security Pioneers | SOC2 Type ll Audited
Joined December 2021
- Tweets 2,021
- Following 26
- Followers 3,453
- Likes 1,650
431 Photos and videos
Pinned Tweet
Feb 12
CredShields and @SolidityScan are proud to contribute to the release of the @owasp Smart Contract Top 10 2026.
OWASP Smart Contract Top 10 defines the primary contract-level failure patterns that repeatedly lead to loss in blockchain systems.
Sincere gratitude to @ethereumfndn Ecosystem Support Program for supporting the OWASP Smart Contract Security initiative.
owasp.org/www-project-smart-…
20
42
72
8,205
Jun 12
Over 400 Arch Linux AUR Packages Compromised in "Atomic Arch" Attack 🚨
A sophisticated community supply chain attack has targeted the Arch User Repository (AUR)
Attackers systematically hijacked unmaintained or "orphaned" packages to inject an infostealer and rootkit payload.
1
1
1
157
Jun 12
Threat actors utilized the AUR's public adoption mechanism to claim ownership of abandoned projects.
Build scripts (PKGBUILD) were modified to trigger an npm package called atomic-lockfile.
This deployment drops a hidden binary that behaves as a credential stealer and persistent backdoor, targeting system information, local credentials, and security tokens.
1
60
Jun 12
Immediate Remediation Steps for Linux Administrators & Users
1. Run pacman -Qm to list all installed AUR packages and cross reference them with the official Arch Linux mailing list advisories
2. Completely remove any suspicious packages using sudo pacman -Rns [package_name]
3. Check your active systemd services (systemctl list-units --type=service) and cron directories for unauthorized background processes
4. If an infection is confirmed, treat the host as fully compromised. Execute a clean OS reinstallation and immediately rotate all passwords, API keys, and SSH tokens
Locking down third party dependencies and auditing user vetted repositories should be an absolute must.
32
Jun 11
A SOC 2 report doesn't tell you:
→ Whether your code has exploitable vulnerabilities
→ If your cloud is misconfigured right now
→ Whether your APIs leak data
→ Or an attacker could walk in tomorrow
Auditors check controls and attackers check the rest.
By all means, get certified. Just don't mistake the certificate for a locked door. 🔒
#SOC2 #CyberSecurity #AppSec #PenTesting #CloudSecurity #InfoSec
47
Jun 10
SQL injection has been a known bug class for over 20 years. It's still in the OWASP Top 10.
The fix is one line of code.
Don't build your query by gluing strings together. The moment user input becomes part of the query text, an attacker can rewrite what that query does.
Bind it instead.
Pass the input as a parameter and the database treats it as data, never as SQL.
#SQLInjection #AppSec #OWASP #SecureCoding
45
Jun 9
Your AI agent can send emails, book meetings for you, even execute code.
So can your attacker. The attacker just needs to control one input.
42
Jun 6
Has your security team tested your LLM features for prompt injection?
0%
Yes it's covered
0%
No not yet
0%
We dont have LLM features
0%
What's prompt injection?
0 votes • Final results
66
Jun 5
We just found and disclosed CVE-2026-10753 in Google's Site Kit, the official Google plugin running on 5M WordPress sites.
Our team caught a broken access control flaw that slipped past everyone else.
One REST API write endpoint checked for view level access when it should have required admin. That single line let an Editor with dashboard sharing flip a sitewide setting they were never meant to touch. Every sibling endpoint in the same controller already required admin capability. One route drifted out of step.
Running Site Kit? Update to 1.176.0 or later.
Read for a deeper understanding:
discover.credshields.com/cve…
1
1
1
268
Jun 4
The Impact: Once active, it bypasses standard barriers to harvest developer IDE credentials, cloud environment access keys (AWS/GCP/Azure), CI/CD secrets, and local storage data.
Standard file deletion will not work against a Ring 0 rootkit.
1
94
Jun 4
Immediate Remediation Steps:
1️⃣ Pin & Proxy: Lock exact dependency versions. Use enterprise-governed package proxies.
2️⃣ Audit eBPF: Monitor build infrastructure for unauthorized eBPF programs.
3️⃣ Hard Reset: Infected runners/workstations must be completely wiped and reimaged.
42
Jun 4
Vector: Supply chain infiltration via compromised npm packages, triggering silently during npm install via hidden postinstall script hooks.
Stealth: Attaches kprobes to kernel system calls like sys_getdents64 for full process cloaking. It hides its footprint from ps or top.
1
1
90
Jun 4
A highly sophisticated, heavy Rust-built infostealer named IronWorm is actively targeting modern software development pipelines.
Because it deploys a Ring 0 / kernel-level eBPF rootkit, standard user-space EDR agents will fail to detect it.
👇 Quick breakdown and defense steps:
1
131
Jun 2
Hackers hijacked high profile Instagram accounts, including the old Obama White House handle without malware, phishing, or stolen passwords.
How did they do it?
1
143
Jun 2
The takeaways 👇
→ AI support tools create security blind spots that human agents wouldn't
→ Automated convenience routinely outpaces verification
→ Strong MFA was the layer that held the line for protected accounts
1
41
Jun 2
Lock yours down tonight:
1/ Audit your account recovery contact info
2/ Move from SMS to app based MFA
3/ Review logged in devices weekly
#CyberSecurity #InfoSec #MetaAI #AccountSecurity #MFA #AIsecurity
61