user
Joined November 2021
- Tweets 670
- Following 238
- Followers 10,413
- Likes 2,356
144 Photos and videos
Pinned Tweet
Apr 20
Lovable has a mass data breach affecting every project created before november 2025.
I made a lovable account today and was able to access another users source code, database credentials, AI chat histories, and customer data are all readable by any free account.
nvidia, microsoft, uber, and spotify employees all have accounts. the bug was reported 48 days ago. its not fixed. They marked it as duplicate and left it open.
269
713
5,670
1,415,294
Jun 13
Anthropic just bent over for the US government
Jun 13
The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees.
The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance.
Access to all other Claude models is not affected.
We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible.
Read our full statement: anthropic.com/news/fable-myt…
3
583
Jun 6
This exploit has been around for a while. Instagram has been on fire ever since they started integrating everything into their GraphQL / Bloks API. They're trying to merge all the separate Meta app APIs under one surface and its a mess. The account recovery endpoint alone gives you full PII from a username alone. The new API is littered with no auth, no rate limits, race conditions and logic bugs everywhere.
Jun 6
> be Zuckerberg
> needs AI everywhere (apparently)
> lays off a bunch of employees
> replaces with AI
> fast forward
> AI is dog shit
> AI tricked into stealing accounts
> try to fix
> fail like 5 times
> product now leaking CEOs PII
AI truly is the future, wow
16
53
796
131,131
Jun 4
Gained two CVEs this week.
National Instruments ships on every defense contractor, chip fab, NASA test stand, and national lab in the country. their core kernel driver nipalk.sys is EV signed and valid through 2027. arbitrary physical memory read/write with zero authentication.
CVE-2026-8035. CVE-2026-8036.
7
27
139
9,574
Jun 4
the driver has no access controls. any program on the machine can open it and start issuing commands. no admin or privileges required.
its EV signed and loads on any windows machine without NI hardware installed. not on any blocklist.
this is a BYOVD.
1
15
1,271
Jun 4
reported april 11. both CVEs assigned. NI advisory dropped june 2. patched in 26.3.1.
not a remote 0day but a post compromise multiplier.
BlackCat, Scattered Spider, LockBit all use BYOVD to kill EDR before encryption.
ni.com/en/support/security/a…
1
1
10
1,011
Jun 2
- You have not secured impacted accounts
- They are not getting a password reset notification, they're getting a notification that their account has been successfully stolen
- "we are now working to restore access to affected individuals" This is the same sentence as the last one but flipped. Contradictory.
- Why aren't we getting official statements instead of vague tweets
Jun 2
Thank you for raising this. While we have already secured impacted accounts, we are now working to restore access to affected individuals. Some people may receive password reset notifications and some may be asked security questions when they try and log into their accounts.
4
17
165
11,663
Jun 2
Why is Meta AI still connected to the database, do they not have an off switch for this thing?
Jun 2
I kept telling everyone the Instagram exploit is not "patched" because AI is not linear. The exploit evolves so long as the tooling is still there.
I just had one of my OG accounts hit. Got it back but this is June 2, 2026 almost two days post patch.
7
14
265
15,025
Jun 2
below in this thread here there are also multiple people with short handles or OG usernames also still getting hacked this is the 3rd day and theres still NO FIX.
x.com/wongmjane/status/20618…
Jun 2
Update: My four-letter username finsta has also been hacked.
(even though it also has two-factor auth turned on)
9
2,386
Jun 2
The OG usernames "treat" and "sold" were just stolen, meta clearly has not fixed anything, they seem to not be able to switch off the scary AI monster.
x.com/DaNikePlugs/status/206…
Jun 2
Instagram accounts got hacked again
Both accounts logged out
What is happening over at Meta? Can we get some answers?
40
2,922
impulsive retweeted
Jun 2
This is a very silly photo.
@weezerOSINT shared a photo of someone speaking with Instagram Trust & Safety. They told him what he is describing is "impossible" and denied the existence of the AI bug thing
"It doesn't exist, nerd. AI is never wrong" - Zuckerberg, probably
37
80
1,053
77,348
impulsive retweeted
Jun 2
Instagram still hasn't (correctly) patched their AI goop account reset thingy. Accounts are still being stolen and Instagram hasn't said anything about it. Nerds continue to find ways to convince AI to reset accounts for them.
People on social media are freaking out because some of these profiles apparently are big sources of revenue for them.
Meanwhile, rumors are floating around that a few weeks ago Instagram laid off a large percentage of their Trust & Safety department and had it replaced with AI.
Very cool
112
592
6,040
276,055
May 31
meta gave their AI support agent the ability to modify your instagram account. no identity verification. people figured this out and accounts are being taken over right now
126
1,158
13,302
1,775,570
Jun 2
Jun 2
This is how Meta is dealing with victims of the attack.
"That sounds impossible" So even if you get through to a human agent its just as useless.
1
1
25
6,070
Jun 2
This is how Meta is dealing with victims of the attack.
"That sounds impossible" So even if you get through to a human agent its just as useless.
May 31
meta gave their AI support agent the ability to modify your instagram account. no identity verification. people figured this out and accounts are being taken over right now
12
30
350
52,322
May 31
Additionally you can also add face scan on sign in as well to increase your security
15
8
333
96,271
Jun 1
Jun 1
understandable but you gotta think about the musicians, artists, rappers, larger accounts with following
2
136
117,707
Jun 1
Jun 1
meta put out a blog post 3 months ago bragging that their AI support reduced account hacks by 30%. yesterday the obama white house instagram got taken over using that same AI. you can't make this up
4
193
111,163
Jun 1
meta put out a blog post 3 months ago bragging that their AI support reduced account hacks by 30%. yesterday the obama white house instagram got taken over using that same AI. you can't make this up
May 31
meta gave their AI support agent the ability to modify your instagram account. no identity verification. people figured this out and accounts are being taken over right now
5
42
271
128,599
May 31
this is a $1.6 trillion dollar company and their AI support bot will just change your email if you ask nicely. embarrassing doesn't even begin to cover it
7
33
1,127
84,171