Mrrply @mr_rply
Security engineer, designer, technology enthusiast. 30% Arabica 70% Curiosity. Joined April 2011-
Tweets5K
-
Followers178
-
Following1K
-
Likes11K
❗️🚨 An Israeli company has backdoored hundreds of millions of households through countless Smart TV apps, and they're quietly turning Samsung and LG TVs into exit nodes for AI web-scraping. Your TV is relaying strangers' web traffic from your home IP, your bandwidth, your address attached to whatever those scraping jobs touch. Roku, Fire TV and Google TV banned the practice. Samsung and LG didn't. The culprit is Bright Data's proxy SDK, which rides inside Tizen and webOS apps, 200+ on webOS alone. Datacenter IPs get blocked, home IPs don't. Include Security reverse-engineered the SDK and found its relay protocol has no message signing, authentication, or device attestation. Their words: less secure than typical malware command-and-control. To make things worse, they found that in iOS the relay tunnel binds straight to the physical network interface, so it routes around any VPN the user is running. Bright Data's config also ships per-country tiers. Devices in Uzbekistan and Oman are cleared to relay down to 1% battery, with data caps up to 60x the worldwide default. Before the BaCkDoOrEd replies land: technically you agreed. In practice you were enrolled into a global proxy network you were never given the information to refuse. And these exit nodes drag down your IP's reputation, potentially leaving you with blocks from providers.
MCP is slow for RE-heavy projects and, in some cases, is unstable. ghidra-rpc is way faster than MCP and scales more efficiently in a multi-agent setup, since it outputs structured JSON.
We're mostly an IDA shop at @CellebriteLabs, but I decided to play around with Ghidra. My main motivation was to experiment with agentic reverse engineering techniques. The result is an agent skill for Ghidra, which we are releasing publicly: github.com/cellebrite-lab… >>
Everyone except me ? We are in fact still in court over this.
Over the past several days, we have been listening to the conversation around coordinated disclosure and the relationship between security researchers and vendors. We recognize that this relationship is both critical and, at times, fragile. We deeply value the security community,
Previous generations of software protection (DRM perspective) have always relied on code complexity (for RE), compute limitations, and human limitations as the guarantees that kept hacking timelines reasonably long. That's changed now. Beyond the acceleration in vulnerability research and malware analysis, the same new reality applies to software protection, and security by obscurity, or assuming the attacker is limited in compute and motivation, no longer works.
#HNSecurity has brand new headquarters in #Turin! A bigger space. A proper hacking lab, because our researchers deserve the right playground. And ('cause we're Italian and we have our priorities straight 🇮🇹) a well-equipped kitchen. 👨🏻🍳 hnsecurity.it
Personal update: I've joined Anthropic. I think the next few years at the frontier of LLMs will be especially formative. I am very excited to join the team here and get back to R&D. I remain deeply passionate about education and plan to resume my work on it in time.
llama.cpp with MTP support makes local models fast enough to use as daily drivers 🚀 Qwen3.6-27B dense generation (on A10G): From 25 tok/s → 45 tok/s (+78%). Two flags on llama-server: --spec-type draft-mtp --spec-draft-n-max 2
llama.cpp adds MTP for the Qwen3.6 family This is a significant milestone for the local AI ecosystem. The performance jump with these changes is massive and elevates local inference on commodity hardware further. Special thanks to Aman Gupta for leading this development!
In many applications, you need a map from strings to integers. In python, you might do it like so... d = {"apple": 100, "banana": 200, "cherry": 300} If you have 1 million keys, that can use a lot of memory!!! Like over 100 bytes per key! I have published a new library that uses about 9 bytes per key. That's right. Just 9 bytes. You use it like so: from fastconstmap import ConstMap d = {"apple": 100, "banana": 200, "cherry": 300} m = ConstMap(d) m["apple"] # -> 100 m.get_many(["banana", "cherry"]) # -> [200, 300] It can be significantly faster (e.g., 2x in some cases) than the a standard dict. Further, you can serialize it and deserialize it to disk or to a network for convenient reuse.
And this one is human insight w/ LLM-assisted research. Took about one week to finish everything. The AI really rescued me from a lot of tedious work — excluding the part where it changed the Domain Admin password, locked me out, and claimed it got RCE 🤦
Aaaand it's official! Orange Tsai (@orange_8361) of DEVCORE Research Team chained 3 bugs to achieve Remote Code Execution as SYSTEM on Microsoft Exchange, earning a whooping $200,000 and 20 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin
AI-pentest companies get significant marketing value from publishing findings attributed to their products. In The HTTP Terminator, I’ll include the other side - the techniques and breakthroughs that AI consistently fumbles.
security research now has this weird incentive where finding the bug is only half the game. the other half is packaging the story as "claude/codex found it" because that’s where all the attention is right now. model providers, with their big accounts and distribution, will push
Aaaand it's official! Orange Tsai (@orange_8361) of DEVCORE Research Team chained 3 bugs to achieve Remote Code Execution as SYSTEM on Microsoft Exchange, earning a whooping $200,000 and 20 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin
That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉
Confirmed! Orange Tsai (@orange_8361) of DEVCORE Research Team (@d3vc0r3) chained 4 logic bugs to achieve a sandbox escape on Microsoft Edge, earning $175,000 and 17.5 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin
Confirmed! @chompie1337 of IBM X-Force Offensive Research (XOR) used a single bug to exploit NV Container Toolkit, earning $50,000 and 5 Master of Pwn points. #Pwn2Own #P2OBerlin
Webkit Use after free in EventTarget Run test: brutal-sam.github.io/uaf-maybe/ (it may or may not be exploitable)
Security things from the last few days: - CopyFail (linux pwn'd) - CopyFail 2/Dirty Frag - 13 advisories in Next.js - Over 70 CVEs addressed in MacOS 26.5 - ~50 CVEs addressed in iOS 26.5 - YellowKey (Windows Bitlocker pwn'd entirely) - GreenPlasma (Windows privilege escalation) - CVE-2026-21510 and CVE-2026-21513 confirmed to be used by Russia for Windows RCE - CVE-2026-32202 separately confirmed to be used by Russia for sensitive document access - Mini-Shai Hulud (over 300 JS and Python packages compromised via GitHub Action cache poisoning) - Google confirms they have identified AI-powered exploitation of zero days in an unidentified "open-source, web-based system administration too" - Canvas (popular LMS used in most schools) pwn'd entirely - PAN-OS (palo alto networks) pwn'd with a 9.3 severity CVE-2026-0300 Are you scared yet?
Big news for Blue Team nerds That nerd who released those Microsoft 0days has created two new repos on GitHub with spooky sounding names indicating they will be releasing two new Windows 0days. Very cool github.com/Nightmare-Ecli…
Two more zerodays - deadeclipse666.blogspot.com/2026/05/two-mo…
We're likely 1st to publicly exploit crypto: af_alg as a new attack surface in kernelCTF. Our members @n0psledbyte & @st424204 started poking it in Sep 2025, finding a 0-day container escape unnoticed since 2011. @AnthropicAI @OpenAI: interested in collaborations? We are all ears
Except that this httpd pre-auth “RCE” exploit does not work. A real exploit requires an infoleak, and the author conveniently supplied a “helper” that reads addresses directly from /proc/
PoCs for Apache Tomcat Unauth RCE (CVE-2026-34486) and Apache httpd Pre-auth RCE (CVE-2026-23918) are now public on our Github. Tomcat exploit is fully reliable. httpd chain works in a controlled lab setup with a known info leak. github.com/striga-ai/CVE-… github.com/striga-ai/CVE-…
Quicder @Quicder4100410
27 Followers 1K Following
Kade Streich @KadeStreic13500
3 Followers 170 Following Recruiting webshell engineers to penetrate websites, with a monthly salary of up to $100,000. If interested, please contact https://t.co/tDRU9A8uPG
Teresa Melani @TeresaMelani12
15K Followers 13K Following Cerco facezie nascoste nei cassetti e negli anfratti della rete, per riportarle agli antichi splendori.
Michael Timothy Benne... @MiTiBennett
16K Followers 5K Following award winning ai researcher (2 so far) | just graduated cs phd | author how to build conscious machines | musician | @bennettsrazor | i do not work @AnthropicAI
Barnes VLorie @BVlorie51899
2K Followers 8K Following Am not here for games or pranks so don't tell me shit just if you can prove real to me and ready to care about life...
Datamango @datamango_io
540 Followers 4K Following We make software | Sharing the latest news from the world of tech and cybersecurity.
Lolly Dames @LollyDamesXXX
403K Followers 19K Following ULTIMATE MILF SEX DOLL🏳️🌈👨👨👧👧, ALL HOLES FiLLED ,BATTERIES NOT NEEDED -BOOKINGS @hussiemodels /
karim 22k @22kKarim
0 Followers 13 Following
Kasim Susanti @KasimSusanti
76 Followers 2K Following こんにちは、KasimSusantiです!いつでも最高のゲームをお勧めします。フォロー歓迎&応援ありがとう
xanthium enterprises @InXanthium
2K Followers 4K Following Learn about #Robotics,#EmbeddedSystems, #Arduino,#Python website : https://t.co/RW0tZnQR6b
Valerio ¯\_㋛_/¯ @vaio_co
445 Followers 277 Following 'A Turing-complete input language destroys security for generations of users.' (cit.)
Lup Yuen Lee 李立�... @MisterTechBlog
6K Followers 4K Following IoT Techie and Educator / Apache NuttX PMC @[email protected]
mrragava @mrragava
236 Followers 7K Following
Kerz @kerz_
306 Followers 2K Following Security Researcher / Member of @null2root / CTF Player / OSCP / pwn pwn pwn wannabe
Alexandra Kulagina - ... @AlexandraKulag3
441 Followers 3K Following 📍🇫🇮 - Talks about 👉 IoT Cybersecurity / Firmware Security / Device Security 💻 - Sales & Marketing Specialist @binareio - 📧 [email protected]
Hunger @hungerz
389 Followers 2K Following
Rust Security 🦀 �... @RustSecurity
4K Followers 4K Following News about #Rustlang Security & Fuzzing. Not affiliated with @rustlang core team. 🎉 #Rust security Audit and Fuzzing training is now available 🥳
OPNsense @opnsense
16K Followers 2K Following OPNsense is an open source, easy-to-use and easy-to-build FreeBSD-based firewall and routing platform.
Rustaceans Nigeria @RustNigeria
1K Followers 149 Following Tweeting about the Nigerian Rust community!!! Subscribe to our newsletter: https://t.co/rND9sPaQcH 🇳🇬 + 🦀 = ❤️ || @rust_africa
Cindrella Joy @CindrellaJoy1
43 Followers 264 Following I describe Bitcoin as “a digital version of gold” eGold. – Arif Naseem
CxB1n @B1nCx
5 Followers 78 Following
mrmacete @bezjaje
1K Followers 2K Following crack software, not balls. i am responsible for my ideas and their consequences. he/him. (mastodon: @[email protected])
Cycode | Complete ASP... @CycodeHQ
1K Followers 4K Following Complete ASPM providing visibility, prioritization & remediation at scale. Standardizes developer security without slowing down the business.
Reversense @_reversense_
491 Followers 857 Following Open-source reverse engineering platform and company. We design offensive tools for experts. #Dexcalibur. @FrenchYeti, France.
FrenchYeti @FrenchYeti
2K Followers 1K Following @[email protected] | Creator of #Dexcalibur, Interruptor and @_reversense_ | #deobfuscation | reverse | security researcher
FuzzingLabs @FuzzingLabs
9K Followers 4K Following Research-oriented Cybersecurity startup specializing in #fuzzing, Vulnerability Research & Offensive security on Mobile, Browser, AI/LLM, Network & Blockchain.
fabrice1337 (par ouï... @Fabrice1337
698 Followers 5K Following dév web, API-culteur pour un registrar-hébergeur. Varois et bucco-rhodanien. I am just a son, a brother, a father and a friend...🎶🤘
gweeperx @gweeperx
1K Followers 913 Following Wanna Be Security Researcher | Mediocre Red Teamer | PenTester My Ass | Sarcastic Bastard | Sacrilegious | Foulmouthed | Tainted | G00n | Boggy | One More Clown
Juliano Rizzo @julianor
9K Followers 2K Following Crypto. Security. BEAST/CRIME SSL/TLS, Padding Oracle Attacks. CEO & Founder @coinspect
MIT CSAIL @MIT_CSAIL
346K Followers 20K Following MIT's Computer Science & Artificial Intelligence Laboratory (CSAIL). Media Inquiries: [email protected] Check out the latest CSAIL content ⬇️
Kraq @kraq_deepsea
7 Followers 406 Following
Rafael S Marques @pegabizu
2K Followers 4K Following I'm all about malware, assembly, beer and freeboard. redTeam coder.
IoT savant @iot_savant
98 Followers 2K Following Just your typical 16 bit Ninja. Standard wireless carrier message and data rates may apply.
Frida @fridadotre
14K Followers 2K Following Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
Mik_Le @mik_salenthill
227 Followers 3K Following #OpenData #Vba #Streamlit #DataLover #Ardicore #Python Io sono il tipo che sta sulle sue!!! 😂 Parmigiana e struffoli. Il sole calante su Valle della Cupa!
Chris Hanlon @ChrisHanlonCA
17K Followers 18K Following Security Engineer Google Security Hall of Fame Presenter & Workshop host at #BSidesLV and #DEFCON
Ali Saifeldin @Ali_Saifeldin
193 Followers 1K Following OSCP | OSEP | OSWE | CRTO | eCMAP | eTHPv2 | MSc Information Security and Digital Forensics
guyru @guyru_
2K Followers 552 Following Vulnerability research, cryptography, FOSS, finance and random stuff. Leading @cellebrite's iOS research.
International Cyber D... @IntCyberDigest
169K Followers 289 Following Your weekly go-to cybersecurity newsletter, curated and commented on by our senior analysts.
Tom Morello @tmorello
892K Followers 126 Following Feed the poor. Fight the power. Rock the f*ck out. Tickets Here ⬇️ https://t.co/zMc2Ab3k7O
DARKNAVY @DarkNavyOrg
5K Followers 77 Following Cybersecurity enthusiasts from DARKNAVY. Achieve, Analyze, Attack *Oops.
Xchg Labs @xchglabs
946 Followers 29 Following Vulnerability research and reverse engineering lab tackling the hardest problems in government and commercial security.
Unsloth AI @UnslothAI
68K Followers 464 Following Train and run models locally! 🦥 https://t.co/2kXqhhvLsb
Nightmare Eclipse @ChaoticEclipse0
10K Followers 575 Following
Tom Turney @no_stp_on_snek
6K Followers 3K Following Christian. Husband. Father. Former Xoogler. Building TurboQuant+.
Huy Nguyen @Little_34306
25K Followers 327 Following Employee of @Calif_io, opinions are my own. Others platform: https://t.co/qY3jaBjkDn
HOLIDAY! RECORDS お�... @holiday_distro
80K Followers 5K Following 厳選・最新インディーズバンドを紹介&CD屋。 ◾️通販SHOPはこちらNow shipping worldwide → https://t.co/Z7RDcabzYF 【DM見てません】販売希望、全てのお問い合わせは 📩[email protected]
Tim Blazytko @mr_phrazer
6K Followers 261 Following Binary Security Researcher & Trainer | PT Chief Scientist @ Emproof Also at https://t.co/YBfgAt3kc7
wrongbaud @wrongbaud
5K Followers 1K Following Cars, Bikes, Coffee and Embedded Systems Security | Founder @voidstarsec Training and Consulting https://t.co/0ib8fK31Ib https://t.co/YzN9K2LaST
Hugging Models @HuggingModels
50K Followers 29 Following We're sharing/showcasing best of @huggingface models. Follow to stay in loop. Promoting Open-Source models.
stevibe @stevibe
23K Followers 1K Following LLM. Local AI addict. Building @BenchLocalAI Builds things nobody asked for. Benchmarks things for fun.
huihui.ai @support_huihui
7K Followers 23 Following https://t.co/zI71a4QB1W https://t.co/QFKNuHms1N [email protected] Donation: Support our work on Ko-fi (https://t.co/gAtHKPSCHH)!
Andrew Bustamante @EverydaySpy
44K Followers 18 Following Ex-CIA Covert Intel Officer | Founder of EverydaySpy | Emissary for Change
Greg @GregFeingold
11K Followers 997 Following special projects @AnthropicAI | prev @perplexity_ai @tiktok_us @effecthouse @felixandpaul
Claude @claudeai
1.5M Followers 2 Following Claude is an AI assistant built by @anthropicai to be safe, accurate, and secure. Talk to Claude on https://t.co/ZhTwG8d1e5 or download the app.
Anatomist @th3anatomist
866 Followers 42 Following Solana RCE | 1st place @ Immunefi Ethereum Attackathon | Largest AI Agent Bounty | DM for Private Security Audits
OpenHome @openhome
6K Followers 274 Following Open source AI smart speaker - give your agent a voice 🔊 abilities, control your home, local LLM. DevKits shipping! Join Builders: https://t.co/nmPij5K9U6
INTERPOL @INTERPOL_HQ
343K Followers 619 Following Uniting 196 countries to fight today’s most pressing crime threats. Report crimes to your local police. Follow our Secretary General @INTERPOL_SG
The AI Doc @theaidocfilm
8K Followers 1 Following The AI Doc: Or How I Became an Apocaloptimist. An official selection of Sundance and SXSW. Available to watch at home now.
Piotr Migdal @pmigdal
2K Followers 985 Following Crafting challenges for AI - founding engineer @QuesmaOrg. AI & data viz specialist with PhD in quantum physics. Blogs about tech, neurodiversity and stuff.
TheStandupPod @thestanduppod
7K Followers 29 Following @ThePrimeagen & @teej_dv host The Standup along side regulars @cmuratori & @trashh_dev a Top 30 podcast on software, life & memes. New episodes twice a week.
Rui Carmo ☯️ @rcarmo
3K Followers 532 Following I fix things other people designed broken. @Microsoft/@Azure, ex-@Sapo, @Vodafone, @Accenture. #apple #ai #linux #analytics @[email protected]
Mahmoud Al-Qudsi @mqudsi
35K Followers 672 Following My name is my watermelon. Tech tweets on hold while we fight for 🇵🇸. Don’t forget Syria, Sudan, and Congo.
cinesthetic. @TheCinesthetic
1.6M Followers 226 Following 🎥 Film & TV News 🍿 Daily Watchlist Recommendations 📍 Helping you find what to watch next For Promotion/Partnership- DM or mail: [email protected]
William Patrick Corga... @Billy
276K Followers 380 Following "The Magnificent Others” new episodes every Wednesday. Watch new episodes of NWA POWERRR every Saturday at 4 PM ET on Comet TV @NWA @smashingpumpkins
FIRE @TheFIREorg
223K Followers 3K Following We defend and promote free speech for all Americans in our courtrooms, on our campuses, and in our culture.
DJ Design @DJDesign90
9K Followers 2K Following DJ Design Production Credits: The Beastie Boys, J Dilla, Madlib/Quasimoto
Looper Vandross @shepardsounds
14K Followers 607 Following 1998 Bop It World Champion [email protected] for Beats/Booking
Nano Banana Labs @NanoBanana_labs
18K Followers 0 Following Your AI cheat code 🍌 Prompts, tools & tricks for images, text, video & more 🚀 DM for Collab
Salad Jazz @SaladJazz1
53K Followers 193 Following I can’t stand not doing anything towards tomorrow. - Miles Davis
bluesharp @bluezharp
127K Followers 90 Following I've got the #Blues from my head down to my shoes; #bluesmusic account with real organic followers exploring all genres of music; #blueshistory #bluesharp #rock
Francesca Albanese, U... @FranceskAlbs
595K Followers 996 Following Int'l Lawyer | Scholar | Former UN Official | Sen.Adviser @ARDD @ar_renaissance Palestine has given me the opportunity to become a better person.
DiscussingFilm @DiscussingFilm
3.0M Followers 825 Following Your leading source for quick reliable news. Home for healthy and liberating discussion on all things pop culture. (Affiliate links shared earn us commissions)
SinSinology @SinSinology
13K Followers 735 Following Pwn2Own 20{22,23,24*2,25*3,26*2}, i look for 0-Days but i find N-Days & i chase oranges 🍊Trends for United States
You might like
