Every critical I find in major corp has been through the most obscure feature that is annoying as hell to setup. It never ceases to give.

Hacking with AI recently has been fun. Here is couple of things I did recently: - Parsed multiple JS files within seconds after identifying a target domain. Used the parsing data to find a critical vulnerability. - For a different program, used mixture of redress, radare2 and GPT-4o to reverse engineer a pretty large golang based server. The more I prompt, the more I am convinced automating hacking with AI is the future. #aihacking #hackbot #LLM

getting ready to hack and send criticals

We are doing #VibeSecurityForAI If you are an AI startup (pre-seed or seed ) we will test your application for free. We are doing this only for next two weeks. We are hackers who have hacked major companies like Zoom, AWS, Amazon, Google, banks and more. DM me or contact us @OphionSecurity. #AISecurity #vibecoding #pentest #securityassessment #vibesecurity

Presenting on some fun stuff with @OphionSecurity this year at @_kernelcon_ and @bsidesseattle. Come for the talk, stay for the vulnerabilities. #vulnerabilities #bugbounty #attacksurfacemanagement

Been trying out Cursor for the last few days with prompts generated through deep research via ChatGPT and Grok, it is definitely a game changer. I have deployed apps that I have wanted personally within hours. ◦ AI aided development is future. ◦ Security is still under-development. Just #vibecoding and deploying will cost in long term. ◦ SaaS mills that deploy what users want within 24 hours is going to be a future combined with #ai agents for sales. (imagine @levelsio on steroid pushing apps out every hour)

🚨 New blog alert! I recently "compromised" a threat actors Telegram based C2 channel, that was used for exfiltration of stolen data from the Nova infostealer. The threat actor stupidly tested their infostealing malware on their OWN production "hacking" box.... (1/3)

taptastic.app/?score=10&patt… I reached level 10 in Taptastic! 🎮 Final speed: Super Fast Tiles: 9 The pattern that defeated me: 🟥 🟨 🟨 🟥 🟦 🟦 🟦 🟥 🟨 🟩 🟨 Can you beat my score? #Taptastic

update! @cursor_ai is donating me $50,000 USD for my efforts with the todesktop vulnerability

North Korea stole $1.4billion by injecting JavaScript through an AWS S3 bucket to spoof the UI interface during a transaction? It's almost like the entire infosec industry is focusing on hyperbolic amplified APT threats that are "cool" rather the stark realities confronting us.

Announcing: Ask Us Anything Security - A free security advisory for startups Security often gets pushed to the back burner at startups until something breaks or a big deal requires it. But what if you could get expert security guidance without the overhead? At Ophion Security, we have worked with startups and large enterprises to secure their products, cloud environments, and compliance posture without slowing down growth. As part of that mission, we’re offering free security advisory ask us anything, and we’ll personally reply with actionable advice. ✅ Worried about SOC 2, ISO 27001, or customer security questionnaires? ✅ Unsure if you’re protecting customer data correctly? ✅ Need guidance on securing your cloud infra, SaaS stack, or engineering workflows? ✅ Question about getting the right pentest done and what should be in scope? Drop your security questions here, and we’ll respond within 24 hrs, no strings attached: forms.gle/UtFbbD3m7Lbs78SY6 #startupsecurity #growth #founders #security #TechStartups #CloudSecurity

I will be attending @CactusCon this weekend! I will have some stickers, and swags dropping around the con area. #cactuscon13

We found a vulnerability in Cisco's Webex Connect giving access to live chat histories of every organizations from government agencies to fortune 500. Check it out: ophionsecurity.com/post/cisc… #vulnerabilitydisclosure #cisco #attacksurfacemanagement

Complete your security reviews faster while building your product. Contact us today to learn more.

Getting access to thousands of customers' chat history with support agents with just a cookie. Learn more on blog one of two from our Live Chat security research at @OphionSecurity. ophionsecurity.com/post/live… #livechat #vulnerabilitydisclosure

At the rate “AI code editors” have popped, I wanna see these code editors writing code for new code editors startups.