bella is an incredibly talented RE and would be a phenomenal addition to any team cannot vouch enough 🫡🫡

Massive +1 on this. Bella would be an amazing asset to your team! She completed the Flare-On CTF while still in high school...

anyone that got invited to the browser company dia beta, can you dm me?

We recently looked deeper at the authentication bypass vulnerability in Next.js (CVE-2025-29927) and discovered some intelligent and comprehensive ways to check for the vulnerability. Read more in our blog post: slcyber.io/assetnote-secu…

Some IDA MCP servers can be tricked into executing arbitrary code directly from the malware sample

deobfuscated gist.github.com/voidstar0/5343…

IT support software is often exposed on the ext. internet. Auditing the code of Halo ITSM, we found a sink that led to a critical pre-authentication SQLi. We reflect on how loose typing led to this vuln when compared to the rest of the codebase. Read more: slcyber.io/assetnote-secu…

pwning my FTP server is a weird way to say you have a Crush on me but okay 🥰 anyways check out our analysis of some CrushFTP CVE-2025-31161 post exploitation activity! huntress.com/blog/crushftp-…

IP whitelisting is fundamentally broken. At Assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: github.com/assetnote/newt…

Breaking WebAuthn, FIDO2, and Forging Passkeys by celeste nullpt.rs/forging-passke…

check it out!

new blog post by yours truly

it loads so fasttttttttttt now

It’s Content Independence Day: Cloudflare, along with a majority of the world's leading publishers and AI companies, is changing the default to block AI crawlers unless they pay creators for their content. cfl.re/3TjAjeY

i've wanted to make yt videos for a while now. would you watch nullptrs content as videos? (i would likely still do both)

Whenever I audit C# code, I look for benign file operations such as File.Exists(), especially if there's a preceding Path.Combine(). Read about how we leaked NTLM hashes pre-authentication in DotNetNuke (CVE-2025-52488) due to a perfect storm of issues. slcyber.io/assetnote-secu…

When applying for a job at McDonald's, over 90% of franchises use "Olivia," an AI-powered chatbot. We (Ian Carroll and I) discovered a vulnerability that could allow an attacker to access the over 64 million chat records using the password "123456". ian.sh/mcdonalds

‼️‼️

do i learn AE + Premiere or just DaVinci Resolve

this is literally the hardest thing i've ever attempted how do people do this