Do you remember when you joined X? I do! #MyXAnniversary

New banger from @thefosi: HTTP/2 framing WAF bypasses across six proxies. Use it wisely while you can. :p lab.ctbb.show/research/h2-WA…

You may know him as Churchill, but his journey had many names before the legend arrived. We are now HFCB; our new name reflects where we’ve been, who we’ve become and the great we continue to create. #GreatHasANewName #HFCB @MwalimChurchill

Our Great Name is HFCB! Our new chapter unifies our Group & all its subsidiaries under a single, cohesive & forward looking brand; offering fully integrated financial services & property solutions. #MyGreatName #HFCB

🚨 Supply chain attack on the Laravel Lang organization: 700 historical versions across multiple community-maintained Laravel Lang packages were compromised with an RCE backdoor, including: laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes Laravel-Lang/actions The payload targets cloud creds, CI/CD secrets, Kubernetes tokens, Vault, browser data, password managers, SSH keys, and more.

🚨 The "𝙼𝚎𝚐𝚊𝚕𝚘𝚍𝚘𝚗" Campaign is live... 𝟻,𝟽𝟷𝟾 malicious commits to 𝟻,𝟻𝟼𝟷 GitHub repositories in a six-hour window. Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected 𝙶𝚒𝚝𝙷𝚞𝚋 𝙰𝚌𝚝𝚒𝚘𝚗𝚜 workflows containing 𝚋𝚊𝚜𝚎𝟼𝟺-𝚎𝚗𝚌𝚘𝚍𝚎𝚍 bash payloads that exfiltrate: - CI secrets, - cloud credentials - SSH keys - OIDC tokens - source code secrets Check your repo / Technical details: safedep.io/megalodon-mass-gi…

A cat.py backdoor is mentioned in both @Microsoft's npm report and @step_security's report (Nx Console VS Code compromise) I've uploaded it and other components to @objective_see's public Mac malware collection: github.com/objective-see/Mal… (pw:infect3d)

Me trying to manually penetrate systems after 2 years of letting AI agents do all my testing… #AI #CyberSecurity #bugbounty

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. krebsonsecurity.com/2026/05/…

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws. thehackernews.com/2026/05/mi…

Microsoft has released mitigations addressing the “YellowKey” BitLocker bypass vulnerability (CVE-2026-45585), which impacted Windows 11 version 26H1, 24H2, 25H2 for x64 Systems, Windows Server 2025, and Windows Server 2025 (Server Core installation). thehackernews.com/2026/05/mi…

Just saw a "@OepnAI " (mistyped OpenAI) share a ClickFix lure under the guise of testing an image for AI.

WPScan 4.0.0 is out - great to see continued innovation in WordPress security. Solid tool for vulnerability scanning WordPress environments and staying ahead of threats. 🔐 #WPScan #WordPress #CyberSecurity

software engineering in 2026: - your package manager is compromised - your cloud provider blocks your account - github itself is hacked software is solved

We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.

🚨 BREAKING: Xabi Alonso has accepted to become Chelsea next manager, HERE WE GO! 🔵🔜 The agreement is set to be completed. #CFC prepare official announcement for the upcoming days, but Xabi said YES. 💣

we're so cooked

The only thing faster than his draw is the cameraman's heart rate. He's standing way too close for comfort.

the scary part is not AI generating code it is AI understanding decades old systems well enough to find vulnerabilities humans missed

Anthropic’s Mythos just hacked macOS helped researchers find a macOS kernel exploit Apple is reviewing it now. The AI found the vulnerability. Wrote the exploit. Delivered a 55-page report to Apple in Cupertino. We are so cooked