Sam Stepanyan
@securestep9.bsky.social
OWASP London Chapter Leader. #OWASP Global Board Member. OWASP #Nettacker Project Leader. #AppSec Consultant, #CISSP. Follow me on Twitter/X and Mastodon https://twitter.com/securestep9 https://infosec.exchange/@securestep9
#Antgravity - an AI code editor from Google that has access to your entire codebase and terminal had a Remote Code Execution (#RCE) vulnerability - a great find and write-up by @HacktronAI earning them $10k #BugBounty!
#BugBountyTips
👇
www.hacktron.ai/blog/hacking...
#BugBountyTips
👇
www.hacktron.ai/blog/hacking...
RCE in Google's AI code editor Antigravity - $10000 Bounty
Hacktron AI Research Team discovered a critical RCE in Google’s Antigravity IDE that lets attackers take over your system just by opening a malicious website.
www.hacktron.ai
February 9, 2026 at 9:51 PM
#Antgravity - an AI code editor from Google that has access to your entire codebase and terminal had a Remote Code Execution (#RCE) vulnerability - a great find and write-up by @HacktronAI earning them $10k #BugBounty!
#BugBountyTips
👇
www.hacktron.ai/blog/hacking...
#BugBountyTips
👇
www.hacktron.ai/blog/hacking...
#ReactNative: Critical vulnerability in Metro server for #React Native CVE-2025-11953 allows unauthenticated attackers to execute arbitrary OS commands via a POST request is actively exploited - patch now!
#Metro4Shell
#SoftwareSupplyChainSecurity
👇
www.bleepingcomputer.com/news/securit...
#Metro4Shell
#SoftwareSupplyChainSecurity
👇
www.bleepingcomputer.com/news/securit...
Hackers exploit critical React Native Metro bug to breach dev systems
Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux.
www.bleepingcomputer.com
February 4, 2026 at 10:12 AM
#ReactNative: Critical vulnerability in Metro server for #React Native CVE-2025-11953 allows unauthenticated attackers to execute arbitrary OS commands via a POST request is actively exploited - patch now!
#Metro4Shell
#SoftwareSupplyChainSecurity
👇
www.bleepingcomputer.com/news/securit...
#Metro4Shell
#SoftwareSupplyChainSecurity
👇
www.bleepingcomputer.com/news/securit...
The number of startups, products and workflows built on #chatGPT-4.x models is huge!
This is your reminder that #OpenAI will be *retiring all* gpt-4.x, o4-mini and some gpt-5 models next week on February 13th, 2026 🍿:
#AIBOM
👇
help.openai.com/en/a...
This is your reminder that #OpenAI will be *retiring all* gpt-4.x, o4-mini and some gpt-5 models next week on February 13th, 2026 🍿:
#AIBOM
👇
help.openai.com/en/a...
February 3, 2026 at 11:22 PM
The number of startups, products and workflows built on #chatGPT-4.x models is huge!
This is your reminder that #OpenAI will be *retiring all* gpt-4.x, o4-mini and some gpt-5 models next week on February 13th, 2026 🍿:
#AIBOM
👇
help.openai.com/en/a...
This is your reminder that #OpenAI will be *retiring all* gpt-4.x, o4-mini and some gpt-5 models next week on February 13th, 2026 🍿:
#AIBOM
👇
help.openai.com/en/a...
#Notepad++ Official Update Mechanism Was Hijacked to Deliver Malware.
Notepad++ downloads between September 2 - December 2, 2025 were diverted to malicious servers.
#SoftwareSupplyChainSecurity
👇
Notepad++ downloads between September 2 - December 2, 2025 were diverted to malicious servers.
#SoftwareSupplyChainSecurity
👇
Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users
State-backed attackers hijacked Notepad++ update traffic via a hosting provider breach, redirecting users to malicious downloads since June 2025.
thehackernews.com
February 2, 2026 at 11:20 AM
#Notepad++ Official Update Mechanism Was Hijacked to Deliver Malware.
Notepad++ downloads between September 2 - December 2, 2025 were diverted to malicious servers.
#SoftwareSupplyChainSecurity
👇
Notepad++ downloads between September 2 - December 2, 2025 were diverted to malicious servers.
#SoftwareSupplyChainSecurity
👇
#AI on Australian travel company website sends tourists to nonexistent hot springs, describing a non-existing site as a “tranquil haven" rated “favourite among hikers", causing "droves of tourists" turning up in places with no services/cell coverage:
AI on Australian travel company website sends tourists to nonexistent hot springs | CNN
An AI-generated blog on a tour company’s website has landed tourists in hot water — and not the kind they were looking for — after it emerged the “tranquil” northern Tasmania hot springs it recommended don’t actually exist.
edition.cnn.com
January 30, 2026 at 11:44 PM
#AI on Australian travel company website sends tourists to nonexistent hot springs, describing a non-existing site as a “tranquil haven" rated “favourite among hikers", causing "droves of tourists" turning up in places with no services/cell coverage:
#Ivanti: Two Ivanti EPMM #ZeroDay Unauthenticated #RCE Vulnerabilities CVE-2026-1281 & CVE-2026-1340 Actively Exploited, Patch Now!
👇
thehackernews.com/2026/01/two-...
👇
thehackernews.com/2026/01/two-...
Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released
Ivanti released fixes for two actively exploited EPMM zero-day RCE flaws, including CVE-2026-1281 added to CISA’s KEV, affecting versions before 12.8.
thehackernews.com
January 30, 2026 at 9:41 AM
#Ivanti: Two Ivanti EPMM #ZeroDay Unauthenticated #RCE Vulnerabilities CVE-2026-1281 & CVE-2026-1340 Actively Exploited, Patch Now!
👇
thehackernews.com/2026/01/two-...
👇
thehackernews.com/2026/01/two-...
#OpenSSL Critical Vulnerabilities Allow Remote Attackers to Execute Malicious Code (CVE-2025-15467). Patches released:
👇
cybersecuritynews.com/openssl-vuln...
👇
cybersecuritynews.com/openssl-vuln...
Critical OpenSSL Vulnerabilities Allow Remote Attackers to Execute Malicious Code
OpenSSL patched 12 vulnerabilities on January 27, 2026, including one high-severity flaw that could lead to remote code execution. Most issues cause denial-of-service attacks but highlight risks in pa...
cybersecuritynews.com
January 29, 2026 at 4:28 PM
#OpenSSL Critical Vulnerabilities Allow Remote Attackers to Execute Malicious Code (CVE-2025-15467). Patches released:
👇
cybersecuritynews.com/openssl-vuln...
👇
cybersecuritynews.com/openssl-vuln...
Reposted by Sam Stepanyan
Many thanks to Rishi C (@rxerium.com) for presenting his talk: "DNS Based #OSINT Techniques for Product and Service Discovery" at our meetup last week.
The video recording of the talk is available to watch 📺 on the #OWASPLondon YouTube Channel [PLEASE SUBSCRIBE!]:
👇
www.youtube.com/watch?v=lGO3...
The video recording of the talk is available to watch 📺 on the #OWASPLondon YouTube Channel [PLEASE SUBSCRIBE!]:
👇
www.youtube.com/watch?v=lGO3...
DNS Based OSINT Techniques for Product and Service Discovery - Rishi C
YouTube video by OWASP London
www.youtube.com
January 25, 2026 at 11:25 AM
Many thanks to Rishi C (@rxerium.com) for presenting his talk: "DNS Based #OSINT Techniques for Product and Service Discovery" at our meetup last week.
The video recording of the talk is available to watch 📺 on the #OWASPLondon YouTube Channel [PLEASE SUBSCRIBE!]:
👇
www.youtube.com/watch?v=lGO3...
The video recording of the talk is available to watch 📺 on the #OWASPLondon YouTube Channel [PLEASE SUBSCRIBE!]:
👇
www.youtube.com/watch?v=lGO3...
#ESA: European Space Agency's cybersecurity in freefall as yet another breach exposes spacecraft and mission data:
#databreach
👇
#databreach
👇
European Space Agency's cybersecurity in freefall as yet another breach exposes spacecraft and mission data
It has just been a few weeks since we reported on the Christmas cyber attack suffered by the European Space Agency (ESA), and the situation has already become worse.
www.bitdefender.com
January 23, 2026 at 6:15 PM
#ESA: European Space Agency's cybersecurity in freefall as yet another breach exposes spacecraft and mission data:
#databreach
👇
#databreach
👇
#Python : Malicious #PyPI Package called 'sympy-dev' Impersonates #SymPy, Deploys XMRig Miner on Linux Hosts:
#SoftwareSupplyChainSecurity
👇
#SoftwareSupplyChainSecurity
👇
Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts
A fake sympy-dev package on PyPI impersonates the SymPy library to download and run XMRig cryptominers on Linux using in-memory execution.
thehackernews.com
January 23, 2026 at 10:43 AM
#Python : Malicious #PyPI Package called 'sympy-dev' Impersonates #SymPy, Deploys XMRig Miner on Linux Hosts:
#SoftwareSupplyChainSecurity
👇
#SoftwareSupplyChainSecurity
👇
Reposted by Sam Stepanyan
January 21, 2026 at 6:58 PM
#telnet: Critical telnetd #Vulnerability CVE-2026-24061 Lets Attackers Bypass Login and Gain Root Access on systems running GNU InetUtils since version 1.9.3 up to and including version 2.7.
The vulnerability went unnoticed for nearly 11 years.
👇
The vulnerability went unnoticed for nearly 11 years.
👇
Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access
A 9.8-severity flaw (CVE-2026-24061) in GNU InetUtils telnetd allows remote authentication bypass and root access in versions 1.9.3 to 2.7.
thehackernews.com
January 22, 2026 at 9:50 PM
#telnet: Critical telnetd #Vulnerability CVE-2026-24061 Lets Attackers Bypass Login and Gain Root Access on systems running GNU InetUtils since version 1.9.3 up to and including version 2.7.
The vulnerability went unnoticed for nearly 11 years.
👇
The vulnerability went unnoticed for nearly 11 years.
👇
#jsPDF: Critical Path Traversal Vulnerability (CVE-2025-68428) in jsPDF - a widely-adopted #npm package for generating PDF documents in JavaScript applications allows attackers to read & exfiltrate arbitrary files from the local filesystem:
👇
👇
CVE-2025-68428: Critical Path Traversal in jsPDF | Blog | Endor Labs
Critical path traversal in jsPDF (<= 3.0.4) allows arbitrary file read via Node.js builds. Upgrade to 4.0.0 to remediate CVE-2025-68428.
www.endorlabs.com
January 7, 2026 at 5:43 PM
Reposted by Sam Stepanyan
The next OWASP London Chapter in-person Meetup will take place on January 21st, 2026, kindly sponsored by @nuaware_tech with raffle prizes kindly sponsored by @GitGuardian and @Docker
Register to attend this event here:
👇
Register to attend this event here:
👇
OWASP London Chapter Meetup [IN-PERSON], Wed, Jan 21, 2026, 6:00 PM | Meetup
**This event is kindly sponsored by Nuaware.**
**Raffle prizes are kindly sponsored by GitGuardian and Docker.**
**There is limited seating available for in-person attende
www.meetup.com
January 7, 2026 at 12:37 PM
The next OWASP London Chapter in-person Meetup will take place on January 21st, 2026, kindly sponsored by @nuaware_tech with raffle prizes kindly sponsored by @GitGuardian and @Docker
Register to attend this event here:
👇
Register to attend this event here:
👇
#TrustWallet: in a potential supply chain attack TrustWallet browser extension is compromised in the latest update with injected malicious code quietly sending the wallet's seed phrase to malicious domain named "metrics-trustwallet(.)com"- registered only a few days ago
👇
www.ccn.com/education/cr...
👇
www.ccn.com/education/cr...
How Trust Wallet Crypto Users Lost $6M+ in a Browser Extension Incident
$6M+ in BTC, ETH, and SOL was lost via a Trust Wallet browser extension incident, prompting an urgent user warning.
www.ccn.com
December 26, 2025 at 7:53 AM
#TrustWallet: in a potential supply chain attack TrustWallet browser extension is compromised in the latest update with injected malicious code quietly sending the wallet's seed phrase to malicious domain named "metrics-trustwallet(.)com"- registered only a few days ago
👇
www.ccn.com/education/cr...
👇
www.ccn.com/education/cr...
#MongoDB and MongoDB Server multiple versions are vulnerable to Remote Code Execution (#RCE) #vulnerability CVE-2025-14847 and may be abused by unauthenticated threat actors in low-complexity attacks that don't require user interaction. Patch now!
👇
www.bleepingcomputer.com/news/securit...
👇
www.bleepingcomputer.com/news/securit...
MongoDB warns admins to patch severe RCE flaw immediately
MongoDB has warned IT admins to immediately patch a high-severity vulnerability that may be exploited in remote code execution (RCE) attacks targeting vulnerable servers.
www.bleepingcomputer.com
December 26, 2025 at 6:47 AM
#MongoDB and MongoDB Server multiple versions are vulnerable to Remote Code Execution (#RCE) #vulnerability CVE-2025-14847 and may be abused by unauthenticated threat actors in low-complexity attacks that don't require user interaction. Patch now!
👇
www.bleepingcomputer.com/news/securit...
👇
www.bleepingcomputer.com/news/securit...
Reposted by Sam Stepanyan
🎉 Big news! Early Bird tickets for OWASP Global AppSec Vienna 2026 are here!
25 years of OWASP ✨ Stunning Vienna 🇦🇹 World-class training 🧠 & a conference like no other 🔥
Why wait? Register now for early bird pricing: owasp.glueup.com/eve...
#appsec #owasp #cybersecurity #securebydesign
25 years of OWASP ✨ Stunning Vienna 🇦🇹 World-class training 🧠 & a conference like no other 🔥
Why wait? Register now for early bird pricing: owasp.glueup.com/eve...
#appsec #owasp #cybersecurity #securebydesign
December 19, 2025 at 2:48 PM
🎉 Big news! Early Bird tickets for OWASP Global AppSec Vienna 2026 are here!
25 years of OWASP ✨ Stunning Vienna 🇦🇹 World-class training 🧠 & a conference like no other 🔥
Why wait? Register now for early bird pricing: owasp.glueup.com/eve...
#appsec #owasp #cybersecurity #securebydesign
25 years of OWASP ✨ Stunning Vienna 🇦🇹 World-class training 🧠 & a conference like no other 🔥
Why wait? Register now for early bird pricing: owasp.glueup.com/eve...
#appsec #owasp #cybersecurity #securebydesign
#n8n: Critical CVSS 10.0 Remote Code Execution (#RCE) #Vulnerability in n8n via expression injection. Users advised to upgrade to version 1.122.0 or later immediately:
github.com/n8n-io/n8n/s...
github.com/n8n-io/n8n/s...
Remote Code Execution via Expression Injection
### Impact
n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users dur...
github.com
December 21, 2025 at 9:51 AM
#n8n: Critical CVSS 10.0 Remote Code Execution (#RCE) #Vulnerability in n8n via expression injection. Users advised to upgrade to version 1.122.0 or later immediately:
github.com/n8n-io/n8n/s...
github.com/n8n-io/n8n/s...
#Gemini Zero-Click #Vulnerability Let Attackers Access Gmail, Calendar, and Docs. No clicks or warnings were needed. An attacker simply shared a poisoned Google Doc, Calendar invite, or email embedding hidden prompt injections.
#AISecurity
👇 cybersecuritynews.com?p=135749
#AISecurity
👇 cybersecuritynews.com?p=135749
Gemini Zero-Click Vulnerability Let Attackers Access Gmail, Calendar, and Docs
A critical zero-click vulnerability dubbed "GeminiJack" in Google Gemini Enterprise and previously Vertex AI Search that let attackers siphon sensitive corporate data from Gmail, Calendar, and Docs wi...
cybersecuritynews.com
December 12, 2025 at 8:20 AM
#Gemini Zero-Click #Vulnerability Let Attackers Access Gmail, Calendar, and Docs. No clicks or warnings were needed. An attacker simply shared a poisoned Google Doc, Calendar invite, or email embedding hidden prompt injections.
#AISecurity
👇 cybersecuritynews.com?p=135749
#AISecurity
👇 cybersecuritynews.com?p=135749
If you missed @shehackspurple.bsky.social 's talk "30 Tips for Secure #JavaScript" at the @owasplondon.bsky.social meetup last week - you can watch the recording on the #OWASPLondon YouTube channel [please subscribe!]:
Many thanks to @shehackspurple.bsky.social for presenting her talk: "30 Tips for Secure JavaScript" at the #OWASP London Chapter Meetup last Friday!
The video recording of the talk is now available to watch 📺️ on the #OWASPLondon YouTube Channel
👇️
The video recording of the talk is now available to watch 📺️ on the #OWASPLondon YouTube Channel
👇️
30 Tips for Secure JavaScript - Tanya Janca
"30 Tips for Secure JavaScript" - Tanya Janca
In this talk, we will cover 30 tips for writing more secure JavaScript, emphasizing what to do, what NOT to do, and utilizing open-source tooling to enhance security. JavaScript is not only the most popular web programming language, but it also faces se
youtu.be
December 8, 2025 at 12:24 AM
If you missed @shehackspurple.bsky.social 's talk "30 Tips for Secure #JavaScript" at the @owasplondon.bsky.social meetup last week - you can watch the recording on the #OWASPLondon YouTube channel [please subscribe!]:
#Swiss government urges citizens to ditch #Microsoft365 and other #Cloud providers due to lack of proper E2E encryption citing US Cloud Act requirement to hand over data to US authorities, even if it’s stored in Switzerland:
#DataSecurity
👇
www.techradar.com/pro/security...
#DataSecurity
👇
www.techradar.com/pro/security...
Swiss government urges people to ditch Microsoft 365 and others due to lack of proper encryption
Switzerland is worried about data privacy
www.techradar.com
December 3, 2025 at 8:36 AM
#Swiss government urges citizens to ditch #Microsoft365 and other #Cloud providers due to lack of proper E2E encryption citing US Cloud Act requirement to hand over data to US authorities, even if it’s stored in Switzerland:
#DataSecurity
👇
www.techradar.com/pro/security...
#DataSecurity
👇
www.techradar.com/pro/security...
#Wordpress: 100,000+ WordPress Websites Affected by Remote Code Execution (#RCE) #vulnerability in Advanced Custom Fields Plugin:
👇
www.wordfence.com/blog/2025/12...
👇
www.wordfence.com/blog/2025/12...
December 2, 2025 at 10:40 PM
#Wordpress: 100,000+ WordPress Websites Affected by Remote Code Execution (#RCE) #vulnerability in Advanced Custom Fields Plugin:
👇
www.wordfence.com/blog/2025/12...
👇
www.wordfence.com/blog/2025/12...
#VSCode: 24 malicious VS Code and #OpenVSX extensions are stealing developer credentials - spreading through popular names like Flutter, React, and Tailwind.
Full list of malicious VSCode extensions in the article below:
#SoftwareSupplyChainSecurity
👇
Full list of malicious VSCode extensions in the article below:
#SoftwareSupplyChainSecurity
👇
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
GlassWorm spreads again using 24 fake extensions across Visual Studio Marketplace and Open VSX, hiding Rust implants & Solana-based C2 to target devs.
thehackernews.com
December 2, 2025 at 3:17 PM
#VSCode: 24 malicious VS Code and #OpenVSX extensions are stealing developer credentials - spreading through popular names like Flutter, React, and Tailwind.
Full list of malicious VSCode extensions in the article below:
#SoftwareSupplyChainSecurity
👇
Full list of malicious VSCode extensions in the article below:
#SoftwareSupplyChainSecurity
👇
#npm: Malicious NPM Package eslint-plugin-unicorn-ts-2 Uses Hidden Prompt and Script to Evade #AI Security Tools:
#SoftwareSupplyChainSecurity
👇
#SoftwareSupplyChainSecurity
👇
Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools
Malicious npm package mimics an ESLint plugin, embeds an AI-tricking prompt, and steals environment variables via a post-install script.
thehackernews.com
December 2, 2025 at 3:06 PM
#npm: Malicious NPM Package eslint-plugin-unicorn-ts-2 Uses Hidden Prompt and Script to Evade #AI Security Tools:
#SoftwareSupplyChainSecurity
👇
#SoftwareSupplyChainSecurity
👇
#OpenAI API Data Breach: OpenAI has disclosed a #databreach affecting some API customers due to a hack at third-party vendor #Mixpanel.
What was exposed: Names & Emails, Approximate Location, UserID/Org IDs
👇
What was exposed: Names & Emails, Approximate Location, UserID/Org IDs
👇
OpenAI discloses API customer data breach via Mixpanel vendor hack
OpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel.
www.bleepingcomputer.com
November 27, 2025 at 4:42 PM
#OpenAI API Data Breach: OpenAI has disclosed a #databreach affecting some API customers due to a hack at third-party vendor #Mixpanel.
What was exposed: Names & Emails, Approximate Location, UserID/Org IDs
👇
What was exposed: Names & Emails, Approximate Location, UserID/Org IDs
👇