🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

You know what else is interesting about Kong? Alvaro Muñoz 🇺🇦 reported an Actions injection (which is probably still viable) that the Kong security team claimed was not a valid report. securitylab.github.com/advisories/GHS…

December was my last month at GitHub, and after a refreshing Xmas break, I’m thrilled to announce that I’ll be starting a new adventure at XBOW! 🚀 Grateful for all the memories and experiences at GitHub, and can’t wait to help shaping the future of security testing!

Dont miss the cool things we are building so make sure to follow XBOW for some mind blowing traces! 🤯

The detailed version of our #WorstFit attack is available now! 🔥 Check it out! 👉 blog.orange.tw/posts/2025-01-… cc: splitline 👁️🐈‍⬛

How to secure your GitHub Actions workflows with CodeQL. Dive into this actionable supply chain security research from Alvaro Muñoz 🇺🇦 . This work resulted in dozens of high impact supply chain findings and, most importantly, added CodeQL support for your GitHub workflows!

If you maintain GitHub Actions workflows for any open source project of consequence you owe it to yourself and anyone who uses your software to read through and understand this blog post: github.blog/security/appli…

The most important takeaway is that CodeQL taint support and a swarm of queries for GitHub Actions by Alvaro Muñoz 🇺🇦 are in Public Review. Be sure to use it! github.blog/changelog/2024…

¿Cuáles son los desafíos principales de trabajar en #ciberseguridad en GitHub ? 🤔 Alvaro Muñoz 🇺🇦, Security Researcher en GitHub Security Lab, pasó por el Lado B de la #EKO2024 y nos contó todo sobre su trabajo: retos, vulnerabilidades descubiertas, y cómo enfrenta trabajar en un

American Veteran has a word for Trump and Zelensky. Take two mins…

I’m thrilled to announce that I’ll be joining the brilliant minds at the XBOW team next week! After 10 years of breaking things for a living, it’s time to get back to building… this time, building an AI product that breaks things in a scalable, safe, and automated way 🦾

One of the benefits of working at XBOW, is you get to see first hand some amazing traces on how XBOW autonomously find new zero days. Trust me, Alvaro Muñoz 🇺🇦 is not easy to impress

For the first time in history, the #1 hacker in the US is an AI. (1/8)

One of the great privileges of XBOW is having the opportunity to work with talented individuals like djurado Niemand Alvaro Muñoz 🇺🇦 Nicolas Trippar Lean and Javi! x.com/xbow/status/19…

Real security is POC||GTFO – and XBOW agrees. We’re releasing technical deep-dives on cool findings from our journey to the top of the HackerOne US leaderboard. The first is a zero-day XSS in Palo Alto Networks GlobalProtect by Alvaro Muñoz 🇺🇦 xbow.com/blog/xbow-glob…

One of the things I’m proud of at @XBOW is that we try to be open about the technical details - there’s a lot of AI hype and it’s reasonable to be skeptical! Here’s Nico Waisman going into the details of our climb to the top of the US H1 leaderboard:

We’re doing deep dives on individual, particularly cool vulnerabilities XBOW found in live targets over the next few weeks. The first, Alvaro Muñoz 🇺🇦’s writeup of an XSS that turned out to be a 0day in Palo Alto Networks GlobalProtectVPN, is live now! x.com/xbow/status/19…

This seems like a big deal