Claude "File creation" is actually a sandboxed code execution environment and has full internet access.

This is great for me, since we now have code execution in chats, and a wild security risk for users of the actual feature that is advertized. pic.twitter.com/aICOBcjzhc

— Tjaden Hess (@tjade273) September 9, 2025

Every lens leaves a blur signature—a hidden fingerprint in every photo.

In our new #TPAMI paper, we show how to learn it fast (5 mins of capture!) with Lens Blur Fields ✨

With it, we can tell apart ‘identical’ phones by their optics, deblur images, and render realistic blurs. pic.twitter.com/rIcuMsL2QL

— Esther Lin (@estheroate) September 9, 2025

In my book it’s ok to do this to cyber criminals, or when it’s rad/funny. https://t.co/3vwS3XeDHs

— Dr. Wesley McGrew (@McGrewSecurity) September 10, 2025

Do we respect the privacy of threat actors when they leave an open directory on the internet?

Should we not RE their proprietary implants when they get uploaded onto VT? Perhaps they should DMCA their malware leaks?

— Justin Elze (@HackingLZ) September 10, 2025

The issue isn't as much RC4 as it is bad passwords. While RC4 isn't good, other encryption does *not* prevent Kerberoasting. AES128 and AES256 just slow down the attack by ~100-170x. If the password is really bad, 170x is meaningless.@matthew_d_greenhttps://t.co/0gRZsuRO7K

— Tim Medin @timmedin.bsky.social 🇺🇦 (@TimMedin) September 10, 2025

Yes EDR is a rootkit you pay people to watch your computer with https://t.co/ENnHzH787t

— SwiftOnSecurity (@SwiftOnSecurity) September 10, 2025

If you’re interested in understanding MTE and pointer tagging, I have written a detailed blog post on using tagged pointers in Arm64 to build an address sanitizer for closed-source macOS kernel extensions.https://t.co/FpPqYzKFRH https://t.co/LwidljQJZv

— . (@R00tkitSMM) September 9, 2025

Some of the things I was up to at @starlabs_sg... https://t.co/rSVQYH6dzG

— Gerrard Tai (@gerrard_tai) September 10, 2025

Working on a video about this, probably won't be released until Friday. @HuntressLabs were super helpful answering my questions, and I wanted to highlight 2 points that I think add some important context:

1. The Huntress Agent was installed on the threat actor's computer for a… https://t.co/e8AAGuiPt3

— Tib3rius (@0xTib3rius) September 10, 2025

one last thing before flying
my latest blog post #redteam #infosec #opsec https://t.co/TTAgCul0fp

— BlackSnufkin (@BlackSnufkin42) September 10, 2025

Check out our newest blog about how we took advantage of a WebGPU feature to turn an integer underflow bug into an arbitrary read in Chrome’s WebGPU. This bug was fixed by Google long ago, but our ticket is still restricted.https://t.co/vYvVPtF2PP
by @lanleft_ + @__suto

— Qrious Secure (@qriousec) September 10, 2025

Bug Bounty Tool:

ParamSpider fetches URLs related to your target from Wayback archives.

Great for finding interesting paths and parameters.

Use it here: https://t.co/v2LG4ANgOM

— Behi (@Behi_Sec) September 10, 2025

Guys, I found an arbitrage opportunity pic.twitter.com/qRkS8nwleX

— Mark Friedenbach 🏴‍☠️ (@MarkFriedenbach) September 10, 2025

DefCon Finals Challenge solved with LLMshttps://t.co/CukMcY6Jb4

Credits @cl4sm#infosec

— 0xor0ne (@0xor0ne) September 10, 2025