Sam Stepanyan
@securestep9
@OWASPLondon Chapter Leader (#OWASP #OWASPLondon). OWASP Board Member. Application Security (#AppSec) Consultant. OWASP #Nettacker Project co-leader. #CISSP
You might like
Brand new #OWASP #Top10 for Agentic #AI Applications is ready and we are privileged to have @JohnSotiro presenting a deep dive into the #Agentic Top 10 risks at the last @OWASPLondon meetup. If you missed it - watch the recording: 👇
Many thanks to John Sotiropoulos (@JohnSotiro) for presenting a talk on the #OWASP Top 10 for Agentic #AI Applications at the #OWASP London Chapter meetup last week! The video recording is now available to watch on the #OWASPLondon YouTube channel 📺: 👇 youtube.com/watch?v=-vXoC0…
youtube.com
YouTube
Deep Dive into the OWASP Top 10 for Agentic AI Applications - John...
Many thanks to Dr Katie Paxton-Fear (@InsiderPhD) for presenting her talk "AI Agents gone Rogue" at the #OWASP London Chapter meetup last week! The video recording of the talk is now available to watch on the #OWASPLondon YouTube channel 📺: 👇 youtube.com/watch?v=f3N2Rn…
youtube.com
YouTube
AI Agents Gone Rogue? Hackbots, AI Agents and TheFuture of the AI...
#OpenAI API Data Breach: OpenAI has disclosed a #databreach affecting some API customers due to a hack at third-party vendor #Mixpanel. What was exposed: Names & Emails, Approximate Location, UserID/Org IDs 👇 bleepingcomputer.com/news/security/…
bleepingcomputer.com
OpenAI discloses API customer data breach via Mixpanel vendor hack
OpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel.
#Maven: hundreds of packages just got caught running Shai-Hulud v2 - the same malware that hijacked npm two days ago. It spread through automated rebuilds, infecting devs who never used npm stealing & leaking secrets across thousands of GitHub repos: 👇 thehackernews.com/2025/11/shai-h…
thehackernews.com
Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets
Shai-Hulud v2 breached npm and Maven, impacting 28,000+ repos and leaking 11,858 secrets.
Over 80,000 files with #passwords and keys from governments, banks, and tech firms were found online pasted into public code tools like #JSONFormatter and #CodeBeautify. Cybercriminals are already scraping and using the data. And yes - it’s still live! 👇 thehackernews.com/2025/11/years-…
thehackernews.com
Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys
Researchers uncovered 5GB of leaked credentials from JSONFormatter and CodeBeautify, exposing sensitive data across critical sectors.
#NPM: Second Shai-Hulud Infection Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft: #SoftwareSupplyChainSecurity 👇 thehackernews.com/2025/11/second…
thehackernews.com
Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft
Security vendors warn Sha1-Hulud has hijacked 25,000+ GitHub repos via npm packages, stealing cloud credentials or wiping dev home directories.
#AWS launched Agentic AI Security Scoping Matrix – a framework designed to help organizations securely deploy autonomous AI systems: #AISecurity 👇 aws.amazon.com/blogs/security…
aws.amazon.com
The Agentic AI Security Scoping Matrix: A framework for securing autonomous AI systems | Amazon Web...
As generative AI became mainstream, Amazon Web Services (AWS) launched the Generative AI Security Scoping Matrix to help organizations understand and address the unique security challenges of...
The NPM module `glob` (230M downloads per week) packages a command-line tool that includes a command injection flaw. This high-severity vulnerability (CVE-2025-64756 CVSSv3=7.5) allows malicious file names to serve as injection vectors for code exection.. Vulnerability affects…
#WhatsApp: Largest data leak in history - the entire directory of 3.5bln of WhatsApp was available online unprotected for retrieval. Austrian researchers were able to download all phone numbers, profile pictures & data including public keys: 👇 heise.de/en/news/3-5-Bi…
heise.de
3.5 Billion Accounts: Complete WhatsApp Directory Retrieved and Evaluated
Vienna researchers retrieved all WhatsApp numbers. The 3.5 billion profiles represent the largest data leak in history—and it's worse than you might think.
#Cloudflare: A Cloudflare outage is taking down big parts of the internet: #CloudflareDown 👇 techradar.com/pro/live/a-clo…
techradar.com
A major Cloudflare outage took down large parts of the internet - X, ChatGPT and more were affect...
Cloudflare issues fixed following major outage
#GitHub: Downdetector and social media platforms are currently filled with reports about a GitHub outage, and the official GitHub Status portal has confirmed the problem: #GitHubDown 👇 howtogeek.com/github-is-down…
howtogeek.com
GitHub is down right now, it's not just you
Hope you didn't need to work today.
#Cloudflare: Cloudflare apologises for outage which took down most of the Internet today, including X and ChatGPT: #CloudflareDown bbc.co.uk/news/articles/…
bbc.co.uk
Cloudflare apologises for outage which took down X and ChatGPT
"We apologise to our customers and the Internet in general" the web infrastructure company said.
#Fortinet: Critical vulnerability in Fortinet FortiWeb (CVE-2025-64446), is under active exploitation - CISA adds it to KEV catalog: cybersecuritydive.com/news/critical-…
cybersecuritydive.com
Critical vulnerability in Fortinet FortiWeb is under exploitation
The company faces criticism as multiple researchers claim a silent patch was issued weeks before official guidance was released.
#NPM: Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack Exposing Major Security Gaps: 👇 thehackernews.com/2025/11/over-4…
thehackernews.com
Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack
A mysterious npm worm published 46K fake packages in a two-year spam campaign, exposing major security gaps.
#Linux: Rust-based sudo-rs Affected By Multiple Security Vulnerabilities - Impacting #Ubuntu 25.10 including partial password exposure (CVE-2025-64170) and incorrect User ID in timestamps. Patches for both issues have been released: 👇 phoronix.com/news/sudo-rs-s…
phoronix.com
sudo-rs Affected By Multiple Security Vulnerabilities - Impacting Ubuntu 25.10
The Ubuntu 25.10 transition to using some Rust system utilities continues proving quite rocky
#NPM: Malicious NPM Package @acitons/artifact With 206K+ Downloads Stole GitHub Tokens: #SoftwareSupplyChainSecirity 👇 hackread.com/fake-npm-packa…
hackread.com
Fake NPM Package With 206K Downloads Targeted GitHub for Credentials (UPDATED)
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
Many thanks to everyone who came to my OWASP #Nettacker talk at the #OWASP Global AppSec 2025 Conference in Washington, DC. 👉github.com/OWASP/Nettacker
#SAP: Patches 3 Critical Vulnerabilities (CVSS 10.0) Including RCE / Code Injection and Hardcoded Credentials affecting SQL Anywhere Monitor (Non-GUI), SAP NetWeaver AS Java, and SAP Solution Manager:(CVE-2025-42890, CVE-2025-42944, CVE-2025-42887): 👇 securityonline.info/sap-november-2…
securityonline.info
SAP November 2025 Patch Day Fixes 3 Critical Flaws (CVSS 10) — Including Code Injection and...
SAP released its Patch Day update fixing 18 flaws, including two Critical (CVSS 10.0) vulnerabilities: RMI-P4 RCE and Hard-Coded Credentials in SQL Anywhere Monitor, risking unauthenticated takeover.
United States Trends
- 1. Broncos 35.5K posts
- 2. Mariota 10.7K posts
- 3. Bo Nix 8,513 posts
- 4. Treylon Burks 10.9K posts
- 5. #RaiseHail 5,204 posts
- 6. #BaddiesUSA 19.6K posts
- 7. Commanders 28.5K posts
- 8. Ertz 2,912 posts
- 9. #RHOP 10.4K posts
- 10. #ITWelcomeToDerry 15K posts
- 11. Chicharito 25.3K posts
- 12. #Married2Med 2,935 posts
- 13. Bobby Wagner N/A
- 14. Denver 14K posts
- 15. Tomlin 25.1K posts
- 16. Riley Moss 2,138 posts
- 17. Sean Payton 1,248 posts
- 18. Zach Edey 2,237 posts
- 19. Alex Singleton 1,084 posts
- 20. Collinsworth 2,352 posts
You might like
-
mohammed eldeeb
@malcolmx0x -
André Baptista
@0xacb -
ProjectDiscovery
@pdiscoveryio -
Nicolas Grégoire
@Agarri_FR -
YoKo Kho
@YoKoAcc -
BSides London
@BSidesLondon -
Jeff Foley
@jeff_foley -
spaceraccoon | Eugene Lim
@spaceraccoonsec -
Th3g3nt3lman
@Th3G3nt3lman -
Zoe Braiterman
@zbraiterman -
Vandana Verma
@InfosecVandana -
Inti De Ceukelaire
@securinti -
OWASP London
@OWASPLondon -
nikhil(niks)
@niksthehacker -
Rahul Maini
@iamnoooob
Something went wrong.
Something went wrong.