Michael Stepankin @artsploit
Agent Security Engineer at @Google artsploit.blogspot.com Zurich, Switzerland Joined July 2014-
Tweets293
-
Followers7K
-
Following569
-
Likes1K
Prompt injections are a serious concern for VS Code Copilot Agent. Discover how attackers can create GitHub issues with harmful instructions and find out how to protect the coding agent effectively. github.blog/security/vulne…
The curious case of exploiting locally running web app securitylab.github.com/advisories/GHS…
The industry is ablaze w speculation around yesterday's publicly disclosed Veeam Software Backup & Replication RCE vulnerabilities (CVE-2025-23120). We reported these vulnerabilities to Veeam in early February, tracked as WT-2025-0014 and WT-2025-0015. labs.watchtowr.com/by-executive-o…
Here is the blog post: github.blog/security/vulne…
Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! Read it all below 🧵
Hyped to speak at @ekoparty in November!
Just submitted a CFP to @ekoparty where I want to talk about breaking Maven repository managers. This is the one of the craziest and fruitful research projects I've done in my career.
So happy to had the chance to present for second time at #BlackHat USA! I’m already receiving a lot of messages from people using these techniques to get some nice bounties! If you want to learn more about cache exploitation, the research is available at portswigger.net/research/gotta…
Kafka UI can be a juicy target for bug hunters, here is why: github.blog/2024-07-22-3-w…
Time to retire some content! JNDI Injection Remote Code Execution via Path Manipulation in MemoryUserDatabaseFactory: srcincite.io/blog/2024/07/2…
We take pet’s security seriously!
Mars disclosed a bug submitted by @0xdr34m14: hackerone.com/reports/2313478 #hackerone #bugbounty
🚨 New Blog Alert! 🚨 Can an attacker execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities in Ruby can be exploited and how they can be detected with CodeQL. 🔗 Read the full post: github.blog/2024-06-20-exe… Stay safe and code responsibly! 🛡️💻
The first part of the blog series: #Iconv, set the charset to RCE. We'll use #PHP filters and #CVE-2024-2961 to get a very stable code execution exploit from a file read primitive. #cnext
Iconv, set the charset to RCE: in the first blog post of this series, @cfreal_ will show a new exploitation vector to get RCE in PHP from a file read primitive, using a bug in iconv() (CVE-2024-2961) ambionics.io/blog/iconv-cve…
In this post I'll use CVE-2023-6241, a vulnerability in the Arm Mali GPU that I reported last November to gain arbitrary kernel code execution from an untrusted app on a Pixel 8 with MTE enabled. github.blog/2024-03-18-gai…
The SSRF/auth bypass affecting Ivanti Pulse Connect Secure (CVE-2024-21893), is a great example of what can be achieved with a fully blind SSRF vulnerability (RCE). Read the @assetnote blog here which includes a reliable payload and generation steps: assetnote.io/resources/rese…
Discover the latest insights from our @GHSecurityLab team’s audit on @home_assistant security! 🛡️ github.blog/2023-11-30-sec… #CodeReview
In this post I'll use CVE-2023-4069, a type confusion bug in the Maglev JIT compiler of Chrome that I reported in July, to gain RCE in the Chrome renderer sandbox: github.blog/2023-10-17-get…
Video of my PoC for CVE-2023-43641: out-of-bounds array access in libcue. libcue is used by tracker-miners, which automatically scans new files in ~/Downloads, so the bug is triggered by downloading a file.
Ben Sadeghipour @NahamSec
248K Followers 1K Following Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
Sam Curry @samwcyo
101K Followers 1K Following
Gareth Heyes \u2028 @garethheyes
38K Followers 1K Following Web security researcher at PortSwigger. Author of JS for Hackers and Hackvertor. https://t.co/e0aNEbFb9D
shubs @infosec_au
59K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
JS0N Haddix @Jhaddix
177K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. Cybersecurity + Hacking + AI + Sec Leadership @arcanuminfosec
James Kettle @albinowax
84K Followers 103 Following Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
Nicolas Krassas @Dinosn
158K Followers 776 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKZLB Posting content that I find interesting.
zseano @zseano
81K Followers 714 Following #1 Amazon Hacker. rebuilding bugbountyhunter and making bug bounties a better place for hackers. lover of hackbots
PortSwigger Research @PortSwiggerRes
121K Followers 7 Following Web security research from the team at @PortSwigger
Bug Bounty Reports Ex... @gregxsunday
54K Followers 611 Following Grzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.
Nate @nnwakelam
43K Followers 1K Following
ϻг_ϻε @steventseeley
23K Followers 560 Following Artist disguised as a logician. Pwn2Own Winner. Spiritual Alchemy. An adept in the making.
Frans Rosén @fransrosen
44K Followers 910 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
Tuan Anh Nguyen⚡️... @haxor31337
16K Followers 2K Following 30 y/o Bug Bounty Hunter and Red Team Lead at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @Bugcrowd
Louis Nyffenegger @snyff
21K Followers 605 Following Founder/CEO of @PentesterLab. Trainer, researcher, CVE archeologist. I like bugs, code review, and understanding why vulnerabilities exist.
Justin Gardner @Rhynorater
38K Followers 2K Following Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 4x LHE MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️
Daphucman @daphucman
1 Followers 185 Following
Dmitry Matveev @dmitrij12550
37 Followers 391 Following
Janis Janusjavics @JJanusjavics
146 Followers 872 Following
Houssam Miliani @N0rmalizer_
35 Followers 645 Following
Morris Mutugi Kivuti @kivutimutugiKe
7 Followers 35 Following BS. Statistics and Computer Science DropOut
c01147z @c01147z
6 Followers 460 Following
Nguyen Thi Anh Duong @anhduong_hotx
2K Followers 4K Following Talent Acquisition & Growth Advisor https://t.co/TpMTStz2rt
Mr Doe @MrDoezvfa
2 Followers 69 Following
ahhwhateverah @NoSugarletsgo
0 Followers 55 Following
Bruno Iurko @IurkoBruno
2 Followers 26 Following
darccau @darccau
7 Followers 378 Following
Huy Nguyen @HuyNguy03889789
9 Followers 860 Following my account somehow got hacked and spammed. Too lazy to clean it up, so just ignore the posts
Tracebit @tracebit_com
337 Followers 5K Following The Assume Breach platform that detects intrusions in seconds. Also on https://t.co/T4VNPGjS2O
Jun Kokatsu @shhnjk
6K Followers 123 Following Hacking the Web, Browsers, and Agents. Opinions are my own.
iheb khaldi @ihebkhaldi1
22 Followers 156 Following Full stack designer and a hardcore geek graduated from holberton school as FS SWE 🧑💻
Bigidiot @abcddcb13286422
502 Followers 1K Following https://t.co/VNAH0SZkQD https://t.co/HJxliYXrXH
TN Security @tn__sec
291 Followers 206 Following TN Security is the Premium research hub and acquisition platform for zero-day exploits and vulnerability research. We offer the highest bounties
0xStr4ng3r @0xStr4ng3r
0 Followers 178 Following
_H@ckila @_Hackila
50 Followers 719 Following Pentester | Red Teamer | Trainer Active Directory and Windows environment lover ♥ Tweets are my own and not the views of my employer.
Kamikaze @BotNetKamikaze
0 Followers 752 Following
AmirHossein @0xOffSecNinja
0 Followers 541 Following
Z1aniDragon @AlrhmnBd27638
0 Followers 28 Following
Ismail Arabi @IsmailArabi18
73 Followers 2K Following
Anna marie @Annamarie173114
3 Followers 386 Following
Zero&One @Zeroandone39483
2 Followers 211 Following
kittu floras @Dinesh551201
0 Followers 41 Following
timlake @timlake252160
1 Followers 2K Following
Hunter @Hunter151913
1 Followers 270 Following
Tr0x69 @Tommieee4
3 Followers 127 Following
Intigriti @intigriti
211K Followers 668 Following Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
Ben Sadeghipour @NahamSec
248K Followers 1K Following Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
Sam Curry @samwcyo
101K Followers 1K Following
Gareth Heyes \u2028 @garethheyes
38K Followers 1K Following Web security researcher at PortSwigger. Author of JS for Hackers and Hackvertor. https://t.co/e0aNEbFb9D
PentesterLab @PentesterLab
205K Followers 0 Following Don’t just learn tools and payloads. Learn why vulnerabilities exist. Hands-on web hacking, security code review, and real-world CVE labs.
shubs @infosec_au
59K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
LiveOverflow 🔴 @LiveOverflow
160K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
bugcrowd @Bugcrowd
200K Followers 6K Following The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™
James Kettle @albinowax
84K Followers 103 Following Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
zseano @zseano
81K Followers 714 Following #1 Amazon Hacker. rebuilding bugbountyhunter and making bug bounties a better place for hackers. lover of hackbots
PortSwigger Research @PortSwiggerRes
121K Followers 7 Following Web security research from the team at @PortSwigger
Nate @nnwakelam
43K Followers 1K Following
STÖK ✌️ @stokfredrik
138K Followers 1K Following Hi.. im that hacker / creative that your friends told you about.,
ϻг_ϻε @steventseeley
23K Followers 560 Following Artist disguised as a logician. Pwn2Own Winner. Spiritual Alchemy. An adept in the making.
TrendAI Zero Day Init... @thezdi
89K Followers 18 Following TrendAI Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
Nicolas Grégoire @Agarri_FR
28K Followers 628 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricks
Frans Rosén @fransrosen
44K Followers 910 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
Tuan Anh Nguyen⚡️... @haxor31337
16K Followers 2K Following 30 y/o Bug Bounty Hunter and Red Team Lead at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @Bugcrowd
terjanq @terjanq
11K Followers 271 Following security enthusiast that loves hunting for bugs in the wild. co-founder and player of @justCatTheFish. infosec at @google. opinions are mine.
Jun Kokatsu @shhnjk
6K Followers 123 Following Hacking the Web, Browsers, and Agents. Opinions are my own.
Alexander Panfilov @ ... @kotekjedi_ml
1K Followers 343 Following MATS 9.0 | PhD @ELLISInst_Tue & @MPI_IS doing AI Safety & Adversarial ML
Google DeepMind @GoogleDeepMind
1.5M Followers 277 Following The engine room of @Google. Building AI safely and responsibly to solve the world’s most complex problems. Join us: https://t.co/jUHQA27iBL
AISecHub @AISecHub
9K Followers 8K Following 🚀 AISecHub | AI & Cybersecurity | Securing AI systems, and sharing insights on emerging challenges | https://t.co/YeYtqq5tJC
Lukas Weichselbaum @we1x
2K Followers 505 Following Leading @Google's web security team. Opinions are my own. Bluesky: @webappsec.dev
Ian Goodfellow @goodfellow_ian
375K Followers 1K Following Co-founder of stealth startup. Inventor of GANs. Lead author of https://t.co/M6vl8pEQ4I Founding chairman of @pubhealthaction
Thomas Dohmke @ashtom
65K Followers 484 Following Building the world's next developer platform @EntireHQ. 🚀 Former CEO @GitHub.
GitHub Projects Commu... @GithubProjects
329K Followers 65 Following We're sharing/showcasing best of @github projects/repos. Follow to stay in loop. Promoting Open-Source Contributions. UNOFFICIAL, but followed by github
Brendan Dolan-Gavitt @moyix
33K Followers 6K Following Building offsec agents: https://t.co/G9EtnC2Gl3 PGP https://t.co/3WXr0RfRkv
SinSinology @SinSinology
13K Followers 749 Following Pwn2Own 20{22,23,24*2,25*3,26*2}, i look for 0-Days but i find N-Days & i chase oranges 🍊
radu motspan @_moradek_
129 Followers 380 Following
Luke Roberts @rookuu_
842 Followers 493 Following Red Team. macOS Security. Ex-@mwrlabs. Building @phoriontech
Lex Fridman @lexfridman
5.2M Followers 688 Following Host of Lex Fridman Podcast. Interested in robots and humans.
John Schulman @johnschulman2
78K Followers 2K Following Recently started @thinkymachines. Interested in reinforcement learning, alignment, birds, jazz music
DC4131 - DEFCON CH @defconch
1K Followers 109 Following
Oege de Moor @oegerikus
7K Followers 601 Following CEO and founder of XBOW. Previously: Founder of GitHub Next, founder of GitHub Copilot, CEO and founder of Semmle (GitHub Advanced Security), prof at Oxford.
XBOW @Xbow
12K Followers 13 Following The autonomous offensive security company redefining cyber defense for the AI era.
Nico Waisman @nicowaisman
13K Followers 975 Following CISO at @XBOW. Former CISO @Lyft. Binary entomologist
datalocaltmp @datalocaltmp
2K Followers 679 Following security engineer @meta mobile reverse engineering, vulnerability research, using lldb
s2jeff @s2jeff_gh
422 Followers 910 Following
hypr @hyprdude
3K Followers 857 Following vuln research+exploit dev | pwn2own {'24, '25}, Master of Pwn '25 | bordeaux enjoyer | friend of all cats | @SummoningTeam
Federico Kirschbaum @fede_k
7K Followers 4K Following Head of Security Lab @XBOW // co-founder @faradaysec. co founder of @ekoparty security conference, Usual suspect, Troublemaker
Ekoparty | Hacking ev... @ekoparty
25K Followers 160 Following The coolest #hacking conference and meeting point in LATAM since 2001 🏴☠️
Martin Doyhenard @tincho_508
3K Followers 225 Following Security Researcher. Speaker at BlackHat, DEF CON, RSA, Hack In The Box, Troopers, EkoParty
Charles Fol @cfreal_
4K Followers 709 Following @Synacktiv – previously @ambionics @LexfoSecurite – blogs: https://t.co/cLoNdCGPU7 https://t.co/JVMLjUzTJU https://t.co/t9a5IcOXSU
Chris Bakke @ChrisJBakke
1.1M Followers 190 Following Meandering. Founder with exits to @X @Indeed @Zillow
Zero Day Con @zerodaycon
1K Followers 451 Following @smarttech247’s Global Cybersecurity Conference. Details coming soon.
Off-By-One Conference @offbyoneconf
2K Followers 249 Following A premier gathering of offensive cybersecurity professionals, researchers, thought leaders and innovators from around the region.
Geert Wilders @geertwilderspvv
1.6M Followers 1 Following Voorzitter Tweede Kamerfractie PVV / Member of Parliament (MP) / Chairman Party for Freedom (PVV)
Universiteit Leiden @UniLeiden
35K Followers 804 Following Wij zijn niet meer actief op X. Voor het laatste nieuws zijn we te volgen op Bluesky: https://t.co/SxjLCz4HxF
Insomni'hack @1ns0mn1h4ck
9K Followers 40 Following Security conference and hacking contest founded and organized by @orangecyberch since 2008 in Lausanne, Switzerland. CFP is now LIVE!
Tytykiller @Tytykiller_
20K Followers 434 Following https://t.co/puffxN1622 Path of Exile speedrunner
Nick @withoutagout
4K Followers 75 Following CM at Grinding Gear Games for @pathofexile Opinions are my own













































