I packaged up the "autoresearch" project into a new self-contained minimal repo if people would like to play over the weekend. It's basically nanochat LLM training core stripped down to a single-GPU, one file version of ~630 lines of code, then: - the human iterates on the prompt (.md) - the AI agent iterates on the training code (.py) The goal is to engineer your agents to make the fastest research progress indefinitely and without any of your own involvement. In the image, every dot is a complete LLM training run that lasts exactly 5 minutes. The agent works in an autonomous loop on a git feature branch and accumulates git commits to the training script as it finds better settings (of lower validation loss by the end) of the neural network architecture, the optimizer, all the hyperparameters, etc. You can imagine comparing the research progress of different prompts, different agents, etc. github.com/karpathy/autorese… Part code, part sci-fi, and a pinch of psychosis :)

New York’s incoming mayor bans Raspberry Pi at his inauguration party theregister.com/2025/12/31/z…

"Pixnapping" shows a malicious Android app can force other apps pixels into the compositor, exploit a GPU timing side-channel, and steal Google Authenticator 2FA codes in under 30 seconds often without permissions. pixnapping.com/

Serious bugs often occur in third-party components integrated by other software. @ifsecure and I found this vulnerability in the Dolby Unified Decoder. It affects Android, iOS and Windows among other platforms, sometimes 0-click. project-zero.issues.chromium…

DeepSeek-R1 mirrors human thought, learning from trial and error, reflecting on mistakes, and breaking down problems like we do. It's AI with human-like reasoning.

Dream big, no matter what it is. The human brain possesses remarkable neuroplasticity, enabling it to adapt, learn, and achieve what you consistently focus on and work toward.

Hey @ZALORA I have ordered some items. It was estimated to be delivered today. But looks like your support is not responding and there is no update on the item. Been following for a week now. Help!

1/10 - I've been doing offensive security source code review for a long time now, and along the way I've learnt a lot of lessons that can make you more effective. Some of them include:

To succeed in the future, you MUST learn web3. Here's a list of 24 top resources to get up to speed (for free):

🚨 ¡LARGAMOS! 🚀 Aprendé cómo explotar webviews junto a @imdadvs y @shiv__sahni en Apollo 12 en la #Eko2021 👏 🚨 NOW! Join @imdadvs & @shiv__sahni on Apollo 12 at @ekoparty to learn common webview related security issues & the story behind CVE-2021-21136 🔥 EN✅ | ES❌

📢 In this @ekoparty talk, Imdadullah Mohammed (@imdadvs) & Shiv Sahni (@shiv__sahni) will discuss common webview related security issues & how they discovered CVE-2021-21136 🔥 which allowed sensitive data leakage to 3rd parties via HTTP request headers. Join us at #Eko2021! 🙌

Mariana Trench is an open source static analyzer written to detect and prevent security issues in #Android and #Java applications. It can review large codebases, provide feedback to engineers, and detect bugs before they are introduced into a codebase. engineering.fb.com/2021/09/2…

iOS 14.7.1 / 14.6 / 14.4 #JAILBREAK News: RELEASE Of New XNU Vulnerability PoC (Open Source Code) VIDEO HERE: youtu.be/NCH2EKOIbPo In a previous video, I said this will be released and it's now finally out. It's a bug reachable from the Sandbox and works on 14.7.1 and lower.

Webview: An in-app Web Browser created to ensure seamless user experience without context switching between browser and mobile application. How secure is that? Ask CVE:2021-21136 and @imdadvs at #BSidesBCN21 SagradaFamilia track on Sept 30 at 4.45pm CEST

building a new reconnaissance platform? I have attempted to gather most of the open source tool-set into a mind-map. You might refer this XMind: xmind.net/m/Xy7XEW . Other file-types: github.com/himanshudas/RaaP #recon #asm #monitoring #bugbounty

1hr to go! Catch us live talking about “Securing Webviews and The Story Behind CVE-2021–21136” at @HITBSecConf youtube.com/watch?v=mh61AptH… #hitb #mobilesecurity #infosec #appsec #cybersecurity #HITB2021SIN Join us at 3pm SGT!!

Very happy to announce that I’ll be speaking at HITB2021SIN @HITBSecConf along with @imdadvs on Securing Webviews and the Story Behind CVE-2021-21136! Join us on Friday, 27 Aug 3:00 PM SGT!! #hitb #mobilesecurity #infosec #appsec #cybersecurity #HITB2021SIN

Writing an iOS Kernel Exploit from Scratch secfault-security.com/blog/c…

I along with @shiv__sahni will be presenting our talk "Securing Webviews and The Story Behind CVE-2021–21136" at #HITB2021SIN on 27th Aug. #MobileSecurity x.com/HITBSecConf/status/142…

Meet WiFiDemon: iOS WiFi RCE 0-Day Vulnerability & a 'Zero-Click' Vulnerability That was Silently Patched blog.zecops.com/research/mee…