@tuckner profile picture
tuckner @tuckner

Finding bad software extensions at @SocketSecurity (acquired @secureannex). #️⃣ githash.org

Joined May 2008
  • Tweets 5,088
  • Following 854
  • Followers 3,106
896 Photos and videos
tuckner retweeted
John Hammond
@_JohnHammond
14h
Back from break and now @IceSolst carrying us through Practical Security Engineering! And a sweet "How do we secure our product?" brainstorming session with the live chat for @_ContinuumCon_ 😎 continuumcon.com/
2
6
40
3,975
tuckner
@tuckner
Jun 13
Found a way you can still use Mythos after the ban. (Spoiler: what a golden opportunity for fraudsters)
2
4
50
10,338
tuckner retweeted
Zack Korman
@ZackKorman
Jun 12
Quick reminder that I have a ContinuumCon workshop tomorrow (1:15pm ET) on escaping AI agent sandboxes. Workshop so dangerous that my own product keeps alerting on my "research".
9
8
53
8,582
tuckner retweeted
solst/ICE of Astarte
@IceSolst
Jun 11
This Saturday at 3:45 ET I’ll be presenting a live intro to my security engineering course there (practical guide to SAST, DAST, etc)
John Hammond
@_JohnHammond
Jun 11
OH SHOOT @_ContinuumCon_ IS TOMORROW continuumcon.com
5
5
56
8,598
tuckner
@tuckner
Jun 11
Super fascinating to catch "timestomped" GitHub commits related to contagious interview roll in to #githash in real time This one has an authored date 8 months ago and is what is shown on GitHub but was actually committed May 31st
1
5
1,038
tuckner
@tuckner
Jun 11
Link for the curious githash.org/MonaTech-Solutio…

githash - MonaTech-Solution/KCS-2.0 @ d584c14

githash · commit d584c14 · MonaTech-Solution/KCS-2.0

githash.org
2
316
tuckner retweeted
The CyberSec Guru
@thecybersecguru
Jun 9
The bigger issue is the timeline. The vulnerability was reportedly documented internally on April 7, but customers only saw the real urgency after June activity and patching. If you run ServiceNow, check this breakdown right now! Full breakdown: thecybersecguru.com/news/ser…

ServiceNow API Breach: What Customers Need to Know Now | The CyberSec Guru

A misconfigured ServiceNow REST endpoint exposed customer tenants in. Here's what happened, what attackers accessed, and what you need know

thecybersecguru.com
4
8
6,120
tuckner
@tuckner
Jun 10
How cool! It's an interesting problem to help everyone create their dream app while also protecting them from the more dangerous parts of software at the same time.
Replit ⠕
@Replit
Jun 10
Most people run a security scan for malicious packages before publishing a project But the risk starts the moment they're installed Today we're launching Package Firewall, built in partnership with Socket It blocks malware before it ever reaches your app
4
688
tuckner
@tuckner
Jun 10
👍👍👍👍👍👍👍👍
3
365
tuckner
@tuckner
Jun 10
Tonight at @sec_kc we got to watch a livestream of a brave man getting a dickbutt tramp stamp tattoo for charity. What does your local security group do?
2
1
10
1,779
tuckner retweeted
Adnan Khan@adnanthekhan
Jun 9
It's finally happening. We can put this whole install script NPM worm madness behind us... github.blog/changelog/2026-0…

Upcoming breaking changes for npm v12 - GitHub Changelog

Our next npm major version, v12, introduces security-related default changes to npm install. All these changes are available behind warnings in npm today on 11.16.0 or newer, so you can…

github.blog
7
39
168
59,688
Them: Do you know when supply chain security will be fixed? Me:
0:17
1
10
900
tuckner retweeted
Adnan Khan@adnanthekhan
Jun 8
Replying to @KirkDerpca
Oh boy. they dropped an 0day in this too.
3
6
36
15,015
Fantasy baseball has been so bad for me this year I'm turning over the keys to AI running daily free agent pulls vs statcast trends.
1
311
VS Code (and assuming forks eventually) will by default implement a 2 hour cooldown period on extension updates. Progress! code.visualstudio.com/update…
5
17
67
8,246
You might not believe me if I tell you this steals tokens
tuckner
@tuckner
Jun 3
Just an ordinary day of extensions published in the VS Marketplace
6
11
245
25,901
👍 or 👎 your JSON formatter injecting affiliate links on pages you visit
2
1
6
2,298
tuckner retweeted
sudox
@kmcnam1
Jun 3
OMG... Look at SecKC selling the cutest shirt... seckc.org/products/p/womens-…

Womens PSYOP PRINCESS micro rib raglan baby tee — SecKC.org

Excuse me, pwincess! R u a psyop? Prove it with a PSYOP PRINCESS tee! Soft, sporty, and easy to style—this baby tee updates a classic baseball-inspired design. With its fitted cut, mid-length body,...

seckc.org
2
1
17
668
Chrome extension with zero code present. It only overrides the default search provider to a random server which can direct users to malware. Configuration that lives strictly in the extension's manifest.
4
7
29
4,331
Just an ordinary day of extensions published in the VS Marketplace
3
2
31
26,815
Load more