Found a few SSRFs in a Node.js application. Apparently the request package (18M+ Weekly Downloads) allows you to access Unix sockets without needing to change the protocol. http://unix:/var/run/docker.sock 🤨

Dan Urson has been the voice of AWS security to many of us. He's the person external researchers interact with when they find issues (or think they find issues) with AWS. Any team would be lucky to have him. linkedin.com/feed/update/ur…

Really cool challenge! 🔥

Congratulations to our MSRC 2023 Most Valuable Researchers! Thank you to all the researchers who have helped secure our customers. 👏🎉 Check out our blog for the full list: msft.it/60199yOc9

We discovered that by uploading a malicious AI model to @Replicate, a leading AI-as-a-Service platform, we could read and modify prompts of other customers 🤯 Here is exactly how we did it 🧵⬇️

Great video by Bug Bounty Reports Explained explaining all the Azure Health Bot bugs really well! Check it out:

Ever wondered how AI chatbots work? And how can you hack and manipulate their behavior? We (+ Shir) created an AI CTF to highlight security pitfalls we observed in the wild. Think you can hack your way to a flight ticket? 🛩️ 👉 Check it out: promptairlines.com

🚨We could bypass authentication to thousands of applications by exploiting a configuration-based vulnerability in AWS ALB. Here’s everything you need to know about the #ALBeast vulnerability discovered by Miggo Security

Hello to everyone coming from Daniel Boctor's YouTube video. Happy to see you liked my research. Will soon share new AI/cloud research with an even greater impact

1/ 🚨Recently, our research team found CVE-2025-25182, A critical security finding in Government Communications Headquarters (GCHQ), the UK's intelligence and security agency, maintained project, Stroom.

We (+sagitz Ronen Shustin Hillai Ben-Sasson) found a series of unauthenticated RCEs in core @KubernetesIO project "Ingress-NGINX". The impact? From zero permissions ➡️ to complete cluster takeover 🤯 This is the story of #IngressNightmare 🧵⬇️

Wildest one yet. The ability to generate a token to any user within any tenant is unprecedented