Sublime

An inspiration engine for ideas

AllPeopleCollectionsArticlesAudioBooksFilesHighlightsImagesLinksNotesTextTweetsVideosSocial

It's hard to go into depth since this is an arms race situation. At a high-level though, aside from hardening your auth, there are 4 things you can do: 1) Use a rate limiter against IP and user ids 2) Block traffic from bad acting nation states 3) Only allow requests from real... See more

Jared Palmer x.com

By now, you're probably heard about the exploit in several of ThirdWeb's contracts involving a popular open source library. It's not the easiest exploit to understand so I'm going to provide: - An explanation as if you were 5 - A more technical deep dive Let's... See more

cygaar

x.com

so i put up a proxy on their app and guess what 270k coinbase engineers are calculating user's usage on client side. i blocked their log_tokens api and now i can access their all models without any usage restriction lol??? https://t.co/kU32lcd9Zk

bharat

x.com

This is "Flipper ZERO" This can break into your house 💀. Here are some CRAZY examples. https://t.co/sr8PAlukML

Alif Hossain

x.com

I just hacked multiple @lovable_dev 'top launched' sites Wait—what? In less time than it took me to finish my lunch (47 mins), I extracted from live production apps: 💰Personal debt amounts 🏠Home Addresses 🗝️API keys (admin access)... See more

Danial Asaria x.com

apple sherlocked 1Password today, so i'd like to remind you that your Apple ID is only as secure as your carrier. if you have 2FA on and get SIM swapped, attackers can lock you out of it PERMANENTLY. last month it happened to me. make sure it doesn't happen to you: 🧵

Siqi Chen x.com

Thumbnail of www-x-com-pencilflip-status-1483880018858201090-d70c5dfb38494b56

.@armaniferrante recently published a great repository of 10 vulnerabilities to avoid when writing Solana programs. Here's the quick rundown if you don't feel like digging into the code 👇 https://t.co/PSNzzZwafB https://t.co/VdR2XuVxu4

pencilflip 🍄

x.com

Yesterday, I tried to find out where the Deepseek servers are located, but I couldn't because they are Cloudflare-protected. Just now, someone randomly sent me a link to: "CF-Hero is a reconnaissance tool that uses multiple data sources to discover the origin IP addresses of Cloudflare-protected web applications"

Tom Dörr

x.com

⚠️ PSA for Cursor AI users that... - install random .cursorrules from directories - enable yolo mode in cursor settings - connect to MCP servers you found on discord - use web search to and get prompt injected by @elder_plinius This means @cursor_ai can literally... See more

ILIAS ISM x.com