Joined June 2025
- Tweets 39
- Following 1
- Followers 331
- Likes 159
13 Photos and videos
Pinned Tweet
Jun 3
Introducing OpenHack.
An Open Source Agentic Security Scanner that hunts and verifies vulnerabilities using open source models exclusively.
Upto 40x cheaper, it is on par with Claude Opus 4.6 on CVE-Bench.
Check it out at openhack.com!
19
24
144
21,621
Jun 11
OpenHack just crossed a 100 stars on GitHub! 🎉
Thank you for your all your support!
2
3
20
748
Jun 11
Full blog post on OpenHack’s new open source security harness is out now!
openhack.com/blog/introducin…
2
3
277
Jun 10
OpenHack is now open source using the MIT license! 🎉
Live on Github here:
github.com/openhackai/OpenHa…
16
141
17,078
Jun 10
Claude Fable 5 literally flags a simple port scan and switches back to Opus. This is why we're building OpenHack and betting hard on open source models.
Jun 3
Introducing OpenHack.
An Open Source Agentic Security Scanner that hunts and verifies vulnerabilities using open source models exclusively.
Upto 40x cheaper, it is on par with Claude Opus 4.6 on CVE-Bench.
Check it out at openhack.com!
1
2
6
748
OpenHack retweeted
Jun 4
Excited to launch OpenHack! 🚀
A fully open source agentic security scanner to hunt and verify security vulnerabilities.
Upto 40x cheaper, it is on par with Claude Opus 4.6 on CVE-Bench for finding logic based vulnerabilities in web apps.
30
20
97
13,793
Jun 3
Introducing OpenHack.
An Open Source Agentic Security Scanner that hunts and verifies vulnerabilities using open source models exclusively.
Upto 40x cheaper, it is on par with Claude Opus 4.6 on CVE-Bench.
Check it out at openhack.com!
19
24
144
21,621
Jun 3
We're giving away free credits for everyone to try out OpenHack! Install using `pipx install openhack` and signup to get started.
2
1
7
539
Jun 3
OpenHack is a fully open source harness. Check out the Github repository: github.com/openhackai/openha…
1
8
460
May 14
Fun fact: In March 2022, the maintainer of node-ipc deliberately introduced malicious code into versions 10.1.1 and 10.1.2 that would overwrite files with heart emojis (❤️) on systems with IP addresses located in Russia or Belarus. (1/n)
May 14
‼️ Another day, another NPM package compromise
node-ipc versions 9.1.6, 9.2.3, and 12.0.1, which together have over 800,000 weekly downloads, were published containing an obfuscated stealer/backdoor in the CommonJS bundle that activates on import.
1
4
378
May 14
This was done as a form of protest against Russia's invasion of Ukraine. The destructive code used an IP geolocation service to identify affected users and then overwrote accessible files, permanently deleting their contents. These malicious versions were online for about five hours before being replaced. (2/n)
1
2
236
May 14
Subsequent versions (11.0.0 and later) included the "peacenotwar" dependency, which dropped text files on users' desktops as a declared form of "non-violent protest". This incident affected major projects including Vue.js framework and Unity 3D gaming engine. The vulnerability was tracked as CVE-2022-23812 and received a critical severity rating of 9.8/10.
3
165
May 14
‼️ Another day, another NPM package compromise
node-ipc versions 9.1.6, 9.2.3, and 12.0.1, which together have over 800,000 weekly downloads, were published containing an obfuscated stealer/backdoor in the CommonJS bundle that activates on import.
1
2
5
952
May 14
The malware performs host fingerprinting, enumerates local files, steals credentials including AWS, Azure, GCP keys, SSH private keys, Kubernetes configs, Docker tokens, GitHub CLI tokens, and AI tool configurations, then exfiltrates them via DNS TXT queries and HTTPS POST to sh.azurestaticprovider.net
3
376
May 14
Microsoft surpassed Claude Mythos using their new harness, MDASH (multi-model agentic scanning harness)!
MDASH uses GPT-5.4, Claude Opus 4.6, Sonnet 4.6 and absolutely smashed it on CyberGym.
microsoft.com/en-us/security…
1
2
12
2,065
OpenHack retweeted
May 14
Microsoft just dropped and just surpassed Mythos using Claude Opus 4.6, Sonnet 4.6 and GPT-5.4.
Proof that a great harness goes a really, really long way.
5
9
80
17,968
May 12
‼️TanStack, Mistral and many more popular NPM packages hit by ongoing mini Shai Hulud Supply Chain attack!
List of NPM packages:
TanStack — @tanstack/* (router, start, devtools, adapters, vite/nitro plugins across React, Solid, Vue)
Mistral AI — @mistralai/mistralai, @mistralai/mistralai-gcp, @mistralai/mistralai-azure
UiPath — @uipath/* (Apollo, CLI, Robot, Maestro, Orchestrator, packager tools, SDKs, agent/insights/identity tooling)
BeProduct — @beproduct/nestjs-auth (19 versions hit)
Mesa Dev — @mesadev/sdk, @mesadev/rest, @mesadev/saguaro
Squawk — @squawk/* (aviation data: airports, airways, navaids, NOTAMs, flightplan, weather, ICAO registry)
TallyUI — @tallyui/* (commerce connectors for Shopify, WooCommerce, Vendure, Medusa; POS, theme, components)
ML Toolkit TS — ml-toolkit-ts, @ml-toolkit-ts/xgboost, @ml-toolkit-ts/preprocessing
Draftlab / DraftAuth — @draftlab/auth, @draftlab/db, @draftlab/auth-router, @draftauth/core, @draftauth/client
Dirigible AI — @dirigible-ai/sdk
Supersurkhet — @supersurkhet/cli, @supersurkhet/sdk
Taskflow Corp — @taskflow-corp/cli
Tolka — @tolka/cli
Unscoped maintainers — safe-action, ts-dna, cross-stitch, cmux-agent-mcp, agentwork-cli, git-branch-selector, git-git-git, wot-api, nextmove-mcp
1
6
816
May 8
❗️ShinyHunters have also removed Canvas from their extortion page. It is very likely they settled.
May 8
ShinyHunters removed list of schools from their website. It seems like Instructure has privately negotiated with ShinyHunters and is working on getting Canvas back online.
6
1,459
May 8
ShinyHunters removed list of schools from their website. It seems like Instructure has privately negotiated with ShinyHunters and is working on getting Canvas back online.
May 7
🚨 BREAKING: Instructure, the company behind Canvas - the LMS tool used by almost every university in the United States, has been breached by popular threat actor ShinyHunters.
List of breached schools:
http://91.215.85.103/pay_or_leak/instructure_affected_schools_list.txt
5
1
14
13,765