Rippling sued @Deel today. Our lawsuit alleges Deel cultivated a spy at Rippling & orchestrated a long-running trade-secret theft. The spy searched “deel” in our systems 23 times per day on avg, letting him spy on Deel’s own customers who were considering a switch to Rippling.

We heard you needed some more time, so we wanted to let you cook. We decided to push the Phrack 72 CFP deadline back until June 15th. Stay tuned for upcoming Phrack events. Print this flyer out and give it to someone IRL!!

I’ve been getting a lot of weird messages from people like this asking to hack both Chinese and American companies. They have offered to send thousands of dollars in advance to prove they are legit. I haven’t really looked into it too much but none of it ever makes sense.

the research paper is out: Next.js and the corrupt middleware: the authorizing artifact result of a collaboration with inzo that led to CVE-2025-29927 (9.1-critical) zhero-web-sec.github.io/research-and-t… enjoy the read!

Our security research team recently analyzed the authentication bypass vulnerability in Next.js (CVE-2025-29927). Our blog post details how to detect this vulnerability with more reliability. Read more here: slcyber.io/assetnote-secu…

Pretty crazy to look back on this as we just hit $8M ARR + 500k MAU! Seats.aero is still fully bootstrapped, but I think we are going to have to hire soon. Have hit the limit on being "solo" where you start hampering your own progress. Even just support is quite difficult now

v happy to finally share my slides for my REcon 2024 talk “GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev” Really proud of this talk+v grateful to the amazing REcon team for another incredible con🖤 github.com/ic3qu33n/REcon…

Hacking (2025)

i can't believe the last stage of using linux is using macos

Just published my write-up on exacerbating XSS via an "Iframe Sandwich" Shoutout to Justin Gardner for helping me pop the bug! coopergyoung.com/exacerbating-c…

$64k in #bugbounty for finding basic secrets in predictable places because teams skipped Git 101 and proper .gitignore hygiene. Good on the reporter for cashing in on the perpetual lack of fundamental version control understanding. medium.com/@sharon.brizin…

Does anyone have any fun home automation projects? I'm looking for some inspiration while fixing some flood damage to my basement.

Shoutout to Martin Doyhenard for the research! All this and more is in his @portswigger blog👇 portswigger.net/research/gotta…

1/ In late 2023 a former Yuga Labs security researcher was stopped at the airport after law enforcement mistakenly linked them to a $1.1M phishing theft from a Bored Ape owner. Here’s an investigation into where the stolen funds went and who’s actually responsible.

Don’t even TRY securing a computer if you’re not starting by growing your own sand for the silicon

Demo of our new drop plugin - instantly share Replay tabs with your friends!

NEW: You’ve got to love the internet before you can hate on it, Molly White told EFF’s Cindy Cohn and Jay Sherman’s March on the latest episode of “How to Fix the Internet.” eff.org/deeplinks/2025…

I've made nearly 3 millions from bug bounty in the past ~5 years, reported hundreds of bugs but i still think this shit isn't for me. Is it me or this field is actually not worth spending your life for, am i actually making a difference or in a loop checking developers mistakes ?

Sitting at the computer is a lot less fun than it was a few years ago.