Ricardo Iramar (@ricardo_iramar) 's Twitter Profile
Ricardo Iramar

@ricardo_iramar

Every time count is regressive.

ID: 26536163

linkhttps://www.linkedin.com/in/iramar calendar_today25-03-2009 16:53:58

4,4K Tweet

1,1K Takipçi

135 Takip Edilen

Ricardo Iramar (@ricardo_iramar) 's Twitter Profile Photo

Just completed a CTF challenge in #TheUltimateCloudSecurityChampionship by @Wiz_io 🥊 Put your cloud security skills to the test in this monthly series and join the competition cloudsecuritychampionship.com/certificate/cl…

Luan Herrera (@lbherrera_) 's Twitter Profile Photo

The end of an era! Firefox is removing the support for executing javascript: URIs via ctrl+click, middle-click, etc. hg.mozilla.org/mozilla-centra…

Soroush Dalili (@irsdl) 's Twitter Profile Photo

I have launched YSoNet (ysonet.net) and added #SharePoint CVE-2025-49704 payload generator to it as the first thing. Here is how this can work: Running command: ``` ysonet.exe -p sharepoint --cve=CVE-2025-49704 -var 1 -c "calc" ``` Running C# code: ``` ysonet.exe

Mat Rollings (@stealthcopter) 's Twitter Profile Photo

REGEXSS: How .* Turned Into over $6k in Bounties Overly-greedy regex replacements can break HTML sanitisation & lead to XSS. Includes a live demo you can try exploiting it yourself! sec.stealthcopter.com/regexss #BugBounty #BugBountyTips #XSS #AppSec

Charlotte Chess Center (@cltchesscenter) 's Twitter Profile Photo

The Naroditsky family shares the sad news of Daniel’s unexpected passing. Daniel was a talented chess player, educator, and beloved member of the chess community. We ask for privacy as the family grieves.

The Naroditsky family shares the sad news of Daniel’s unexpected passing. Daniel was a talented chess player, educator, and beloved member of the chess community. We ask for privacy as the family grieves.
Ricardo Iramar (@ricardo_iramar) 's Twitter Profile Photo

Imagine a security testing agent not fully autonomous, but agentic guided by the intuition and expertise of a human tester. A fusion of automation and human judgment. The future of penetration testing isn’t replacing humans, but it's amplifying them.

React (@reactjs) 's Twitter Profile Photo

There is critical vulnerability in React Server Components disclosed as CVE-2025-55182 that impacts React 19 and frameworks that use it. A fix has been published in React versions 19.0.1, 19.1.2, and 19.2.1. We recommend upgrading immediately. react.dev/blog/2025/12/0…

React (@reactjs) 's Twitter Profile Photo

Researchers have found two new vulnerabilities in React Server Components while attempting to exploit the patches last week. These are new issues, separate from the critical CVE last week. The patch for React2Shell remains effective for the Remote Code Execution exploit.

Stanislav Kozlovski (@bdkozlovski) 's Twitter Profile Photo

An incredibly awful security vulnerability just got revealed in MongoDB. So much that it got named after HeartBleed. MongoBleed is a vulnerability affecting all MongoDB versions from 2017 to... today. The exploit is simple. It's a buffer over read bug due to compression.

An incredibly awful security vulnerability just got revealed in MongoDB.

So much that it got named after HeartBleed.

MongoBleed is a vulnerability affecting all MongoDB versions from 2017 to... today.

The exploit is simple. It's a buffer over read bug due to compression.
Geekboy (@emgeekboy) 's Twitter Profile Photo

Scanning for CVE-2025-14847 (MongoBleed🩸) using Nuclei by ProjectDiscovery If you're running MongoDB, scan your servers now. Nuclei Template - cloud.projectdiscovery.io/library/CVE-20… Vulnerability Summary - jira.mongodb.org/browse/SERVER-… #cybersecurity #mongobleed

Scanning for CVE-2025-14847 (MongoBleed🩸) using <a href="/pdnuclei/">Nuclei by ProjectDiscovery</a>

If you're running MongoDB, scan your servers now.

Nuclei Template - cloud.projectdiscovery.io/library/CVE-20…

Vulnerability Summary - jira.mongodb.org/browse/SERVER-…

#cybersecurity #mongobleed
Security Bug Aggregator (@bugsaggregator) 's Twitter Profile Photo

[446722008][reward: $100000] heap-use-after-free in content::indexed_db::Database::connections_ when force_closing_ is true crbug.com/446722008

Faith 🇧🇩🇦🇺 (@farazsth98) 's Twitter Profile Photo

I'm excited to finally share Chronomaly, a kernel exploit for Android and Linux kernels 5.10.x using CVE-2025-38352. As a reminder, please patch your Android devices if you haven't already! I recommend getting some 🍿 before reading this post 👀 All links in the thread below:

I'm excited to finally share Chronomaly, a kernel exploit for Android and Linux kernels 5.10.x using CVE-2025-38352.

As a reminder, please patch your Android devices if you haven't already!

I recommend getting some 🍿 before reading this post 👀

All links in the thread below:
lcamtuf (@lcamtuf) 's Twitter Profile Photo

The dark side of auto-updates: notepad-plus-plus.org/news/hijacked-… Don't get me wrong, they are *essential* for some software, but the pendulum might have swung too far, adding risk where little risk existed before.

Ricardo Iramar (@ricardo_iramar) 's Twitter Profile Photo

That’s exactly what I was referring to here. hackerone.com/blog/agentic-p… The way forward is a hybrid approach: agentic execution for scale, paired with expert validation for accountability. HackerOne