bearsyankees's submissions

1.		Securing a DoD contractor: Finding a multi-tenant authorization vulnerability (strix.ai)
		221 points by bearsyankees 40 days ago \| past \| 101 comments
2.		Context.ai seemingly cause of Vercel breach (twitter.com/jaimeblascob)
		3 points by bearsyankees 55 days ago \| past
3.		Open Source Isn't Dead (strix.ai)
		356 points by bearsyankees 59 days ago \| past \| 186 comments
4.		Show HN: Greptile for Security (open source) (strix.ai)
		2 points by bearsyankees 60 days ago \| past
5.		We love open source: finding a critical auth bypass in etcd (CVE-2026-33413) (strix.ai)
		4 points by bearsyankees 61 days ago \| past
6.		What Now (and What's Next) (strix.ai)
		11 points by bearsyankees 61 days ago \| past
7.		Yale senior hacks United, gets 2.6M miles (yaledailynews.com)
		5 points by bearsyankees 68 days ago \| past
8.		CVE-2026-33413 found in ETCD by open source AI agent (strix.ai), 8.8 CVSS (wiz.io)
		1 point by bearsyankees 81 days ago \| past
9.		Caido partners with Strix for the best of both worlds in AI penstesting (strix.ai)
		3 points by bearsyankees 88 days ago \| past \| 1 comment
10.		First Impressions on Open-Source Claude Security (Strix) (theartificialq.github.io)
		8 points by bearsyankees 3 months ago \| past \| 1 comment
11.		Strix Is an Open-Source Claude Code Security (strix.ai)
		5 points by bearsyankees 3 months ago \| past
12.		Finding a Cross-Tenant Vulnerability in GCP's Apigee (omeramiad.com)
		1 point by bearsyankees 4 months ago \| past
13.		Reverse Engineering US Airline's PNR System and Accessing All Reservations (alexschapiro.com)
		134 points by bearsyankees 5 months ago \| past \| 63 comments
14.		Reverse engineering a $1B Legal AI tool exposed 100k+ confidential files (alexschapiro.com)
		821 points by bearsyankees 6 months ago \| past \| 288 comments
15.		Pwning OpenAI Atlas Through Exposed Browser Internals (hacktron.ai)
		2 points by bearsyankees 6 months ago \| past \| 1 comment
16.		Low PNR Entropy: I accessed all airline bookings via simple math (alexschapiro.com)
		4 points by bearsyankees 6 months ago \| past \| 1 comment
17.		Airline Left All Passenger Data Vulnerable Due to Missing Last-Name Check (alexschapiro.com)
		6 points by bearsyankees 6 months ago \| past
18.		Hacktron Hacks Supabase (hacktron.ai)
		7 points by bearsyankees 6 months ago \| past
19.		Nobel Peace Prize Sparks Insider Trading Questions on Prediction Sites (forbes.com/sites/brandonkochkodin)
		3 points by bearsyankees 8 months ago \| past \| 3 comments
20.		New investment bank is almost entirely powered by AI -- and it works (ft.com)
		2 points by bearsyankees 10 months ago \| past \| 2 comments
21.		The ancient invention that ignited game play (2021) (bbc.com)
		9 points by bearsyankees 11 months ago \| past \| 2 comments
22.		Xfinity using WiFi signals in your house to detect motion (xfinity.com)
		668 points by bearsyankees 11 months ago \| past \| 501 comments
23.		GerriScary: Hacking the Supply Chain of Popular Google Products (tenable.com)
		1 point by bearsyankees 12 months ago \| past
24.		Netflix Vulnerability: Dependency Confusion in Action (landh.tech)
		1 point by bearsyankees on June 11, 2025 \| past
25.		I hacked a dating app (and how not to treat a security researcher) (alexschapiro.com)
		570 points by bearsyankees on May 12, 2025 \| past \| 311 comments
26.		I hacked a dating app (Total account takeover) (alexschapiro.com)
		4 points by bearsyankees on May 6, 2025 \| past
27.		Student exposes scary vulnerabilities in popular dating app (yaledailynews.com)
		1 point by bearsyankees on April 29, 2025 \| past
28.		Hacking a Dating App: Private Chats, Passports and More Exposed (alexschapiro.com)
		2 points by bearsyankees on April 29, 2025 \| past
29.		Student exposes scary vulnerabilities in popular dating app (yaledailynews.com)
		2 points by bearsyankees on April 24, 2025 \| past
30.		Hacking a Dating App: Private Chats, Passports and More Exposed (alexschapiro.com)
		3 points by bearsyankees on April 24, 2025 \| past
		More

HN For You