BITNET an AI model can run locally introduced by Microsoft and it can run with limited resources (cpu, ram,...) people say you can run it using your old PC
https://github.com/microsoft/BitNet
Shared by @reverseengineer101
https://github.com/microsoft/BitNet
Shared by @reverseengineer101
GitHub
GitHub - microsoft/BitNet: Official inference framework for 1-bit LLMs
Official inference framework for 1-bit LLMs. Contribute to microsoft/BitNet development by creating an account on GitHub.
👍7❤4👎1
Chinese hackers have hacked American Telecommunications Companies
In a process called Salt Typhoon, Chinese Hackers has intercepted some calls and compromised millions of metadata records after hacking the American Telecommunications Companies from 2 years before now unnoticed which make it one of the biggest security flaws have occurred.
Experts say it's mostly sponsored by the Chinese Government for spying and politics related reasons
Salt Typhoon Hacks of Telecommunications Companies and Federal Response Implications (American Congress)
@reverseengineer101
In a process called Salt Typhoon, Chinese Hackers has intercepted some calls and compromised millions of metadata records after hacking the American Telecommunications Companies from 2 years before now unnoticed which make it one of the biggest security flaws have occurred.
Experts say it's mostly sponsored by the Chinese Government for spying and politics related reasons
Salt Typhoon Hacks of Telecommunications Companies and Federal Response Implications (American Congress)
@reverseengineer101
www.congress.gov
Salt Typhoon Hacks of Telecommunications Companies and Federal Response Implications
❤11
New Critical WhatsApp Vulnerability
Immediately stop WhatsApp automatic media download, Google wars users that their devices can be hacked through WhatsApp with a 0-click Vulnerability discovered in WhatsApp
Resources:
Forbes:
https://www.forbes.com/sites/zakdoffman/2026/01/26/google-issues-whatsapp-attack-warning-for-all-android-users/
Malwarebytes:
https://www.malwarebytes.com/blog/news/2026/01/a-whatsapp-bug-lets-malicious-media-files-spread-through-group-chats
@reverseengineer101
Immediately stop WhatsApp automatic media download, Google wars users that their devices can be hacked through WhatsApp with a 0-click Vulnerability discovered in WhatsApp
Resources:
Forbes:
https://www.forbes.com/sites/zakdoffman/2026/01/26/google-issues-whatsapp-attack-warning-for-all-android-users/
Malwarebytes:
https://www.malwarebytes.com/blog/news/2026/01/a-whatsapp-bug-lets-malicious-media-files-spread-through-group-chats
@reverseengineer101
Forbes
WhatsApp Confirms Update After Google Issues ‘Attack Surface’ Warning
Why you should change your WhatsApp settings — here's what to know.
❤7
I have hit one of the dangerous mistakes a Developer can do
As you see here the API is rejecting all the requests without Authorization header but after adding a fake one it returns the data
This vulnerability is classified as BFLA/BOLA API1:2023
(Broken Function/Object Level Authorization) or a Broken Access Control (BAC) issue at all
You can read more about it on OWASP API Top 10
API1:2023 Broken Object Level Authorization
#API_Security
@reverseengineer101
As you see here the API is rejecting all the requests without Authorization header but after adding a fake one it returns the data
This vulnerability is classified as BFLA/BOLA API1:2023
(Broken Function/Object Level Authorization) or a Broken Access Control (BAC) issue at all
You can read more about it on OWASP API Top 10
API1:2023 Broken Object Level Authorization
#API_Security
@reverseengineer101
❤8👍3😢3🤯2😁1
a Threat Actor called "quellostanco" claims that he has stolen a full EgyptAir database.
The database mentioned has 104K records related to HR section including sensitive employees data as he say
@reverseengineer101
The database mentioned has 104K records related to HR section including sensitive employees data as he say
@reverseengineer101
❤6🤯5🤔4🤩1
Intigriti Challenge 0226
CTF solved ✓
The write up will be disclosed ASAP the challenge finishes 🏁
@reverseengineer101
CTF solved ✓
The write up will be disclosed ASAP the challenge finishes 🏁
@reverseengineer101
❤8🔥1👏1
Now The Challenge Is Finished ! 🔥
You Can Watch The Full Walkthrough Video on YouTube
https://youtu.be/fDLTvOayNEk
Or You Can Read The Writeup On Medium
https://medium.com/@mohamedabozaid961/intigriti-challenge-0226-write-up-dbf9146dc1f4
#CTF #Cybersecurity #intigriti
@reverseengineer101
You Can Watch The Full Walkthrough Video on YouTube
https://youtu.be/fDLTvOayNEk
Or You Can Read The Writeup On Medium
https://medium.com/@mohamedabozaid961/intigriti-challenge-0226-write-up-dbf9146dc1f4
#CTF #Cybersecurity #intigriti
@reverseengineer101
YouTube
Intigriti Challenge 0226 Walkthrough Video @intigriti
Intigriti Challenge 0226 Full Walkthrough Video
Write Up on Medium https://medium.com/@mohamedabozaid961/intigriti-challenge-0226-write-up-dbf9146dc1f4
Write Up on Medium https://medium.com/@mohamedabozaid961/intigriti-challenge-0226-write-up-dbf9146dc1f4
❤8
reverse engineering
Now The Challenge Is Finished ! 🔥 You Can Watch The Full Walkthrough Video on YouTube https://youtu.be/fDLTvOayNEk Or You Can Read The Writeup On Medium https://medium.com/@mohamedabozaid961/intigriti-challenge-0226-write-up-dbf9146dc1f4 #CTF #Cybersecurity…
Happy to say that I have won 🎉 🥳
My write-up came as the second best write-up
Check the post comments on X
https://x.com/i/status/2026660723707855146
Check all the write-ups here (mine is the 5th)
https://bugology.intigriti.io/intigriti-monthly-challenges/0226
@reverseengineer101
My write-up came as the second best write-up
Check the post comments on X
https://x.com/i/status/2026660723707855146
Check all the write-ups here (mine is the 5th)
https://bugology.intigriti.io/intigriti-monthly-challenges/0226
@reverseengineer101
👏11❤7🔥4👍2
SaveAny-Bot 🗃️
Save Any Telegram File to Anywhere 📂 (Alist, Disk, Webdav, S3, Rclone...) . Support restrict saving content and files beyond telegram.
https://github.com/krau/SaveAny-Bot
Shared by @reverseengineer101
Save Any Telegram File to Anywhere 📂 (Alist, Disk, Webdav, S3, Rclone...) . Support restrict saving content and files beyond telegram.
🎯 Features
1- Support documents / videos / photos / stickers… and even Telegraph
2- Bypass "restrict saving content" media
3- Batch download
4- Streaming transfer
5- Multi-user support
6- Auto organize files based on storage rules
7- Watch specified chats and auto-save messages, with filters
8- Transfer files between different storage backends
9- Integrate with yt-dlp to download and save media from 1000+ websites
10- Aria2 integration to download files from URLs/magnets and save to storages
11- Write JS parser plugins to save files from almost any website
12- Storage backends:
- Alist
- S3
- WebDAV
- Local filesystem
- Rclone (via command line)
- Telegram (re-upload to specified chats)
https://github.com/krau/SaveAny-Bot
Shared by @reverseengineer101
GitHub
GitHub - krau/SaveAny-Bot: Save Any Telegram File to Anywhere 📂 (Alist, Disk, Webdav, S3, Rclone...) . Support restrict saving…
Save Any Telegram File to Anywhere 📂 (Alist, Disk, Webdav, S3, Rclone...) . Support restrict saving content and files beyond telegram. - krau/SaveAny-Bot
🔥5❤4
We are now in the age of Vibe Coding, it's great and everyone in tech feild should use AI in his work and if not he will not equalify his mates in the field or lose his job
But, when it comes to security concerns every developer or organization shall not relay on the AI code generated because it really can cause massive damages or manipulations on their business logic or lose thousands of dollars
The screenshots here is showing a real case found on the wild (my own security researchs) where the developer stored AES Encryption Keys in different places in the code without obfuscation which are responsible to encrypt and decrypt sensitive information like PIN used to unlock users' wallets and other storage that shall be secure by encryption algorithms but unfortunately the keys are exposed
Usually when I see emojis inside a code (like ✅ and ❌❎) I understand it was written by AI or this code wasn't written by a professional developer so I start my investigations from that point
@reverseengineer101
But, when it comes to security concerns every developer or organization shall not relay on the AI code generated because it really can cause massive damages or manipulations on their business logic or lose thousands of dollars
The screenshots here is showing a real case found on the wild (my own security researchs) where the developer stored AES Encryption Keys in different places in the code without obfuscation which are responsible to encrypt and decrypt sensitive information like PIN used to unlock users' wallets and other storage that shall be secure by encryption algorithms but unfortunately the keys are exposed
Usually when I see emojis inside a code (like ✅ and ❌❎) I understand it was written by AI or this code wasn't written by a professional developer so I start my investigations from that point
@reverseengineer101
❤5🔥4🤣4👍3
Today one of the Biggest Critical Security Breaches happened, anthropic claude code CLI source code has been breached by someone who says it was a security research (I don't think that was a legit one)
How the breach happened:
- who has leaked the source code says it was publicly noted that Claude Code source material was reachable through a .map file exposed in the npm package:
- who is involved in the leak Chaofan Shou (@Fried_rice)
The scary part:
- anthropic knows that claude hallucinates and not giving you accurate answers while it has the capability to do
- claude has massive power but it's restricted to you but not to the employees in anthropic
- they are trying to keep you consuming and paying for tokens that runs out quickly due to the stupid answers you get
- anthropic is developing more powerful agents but keeps everything undercover
- claude has modes that can be switched to, to do specific tasks based on the job/task type but that's not for you as well
The funny part:
- I have found the same vulnerability not too far from now in some service provider, where I found source maps also exposed logs that contains data about the databases and administrators
- days before I heard some security professional says that the AI bubble is near to burst or vanish
The leak repository:
- Can be found on github
That's why I am always warning about these security vulnerabilities specially for developers
Thank you for reading ♥️
@reverseengineer101
How the breach happened:
- who has leaked the source code says it was publicly noted that Claude Code source material was reachable through a .map file exposed in the npm package:
"Claude code source code has been leaked via a map file in their npm registry!"
- who is involved in the leak Chaofan Shou (@Fried_rice)
The scary part:
- anthropic knows that claude hallucinates and not giving you accurate answers while it has the capability to do
- claude has massive power but it's restricted to you but not to the employees in anthropic
- they are trying to keep you consuming and paying for tokens that runs out quickly due to the stupid answers you get
- anthropic is developing more powerful agents but keeps everything undercover
- claude has modes that can be switched to, to do specific tasks based on the job/task type but that's not for you as well
The funny part:
- I have found the same vulnerability not too far from now in some service provider, where I found source maps also exposed logs that contains data about the databases and administrators
- days before I heard some security professional says that the AI bubble is near to burst or vanish
The leak repository:
- Can be found on github
That's why I am always warning about these security vulnerabilities specially for developers
Thank you for reading ♥️
@reverseengineer101
X (formerly Twitter)
Chaofan Shou (@Fried_rice) on X
intern @solayer_labs @fuzzland_
❤9👍2🤯2
Telegram's latest update added AI to their chat app, which can fix, summarize, and make text context-based. Additionally, in channels, you can get a summary of long posts using the AI.
I see this as a good step that offers more flexibility and time-saving features, although adding new features could introduce new vulnerabilities, especially nowadays with AI. 😂
I see this as a good step that offers more flexibility and time-saving features, although adding new features could introduce new vulnerabilities, especially nowadays with AI. 😂
🔥4😁4❤2👎1🥰1
reverse engineering
Today one of the Biggest Critical Security Breaches happened, anthropic claude code CLI source code has been breached by someone who says it was a security research (I don't think that was a legit one) How the breach happened: - who has leaked the source…
Json Haddix went wild 😂
Btw, the attached photo is showing the hidden features/modes you aren't meant to use
Btw, the attached photo is showing the hidden features/modes you aren't meant to use
❤2😁2🤨1
Qwen3.6-plus is released 🔥
◉ a 1M context window by default
◉ significantly improved agentic coding capability
◉ better multimodal perception and reasoning ability
Official release article:
https://qwen.ai/blog?id=qwen3.6
@reverseengineer101
◉ a 1M context window by default
◉ significantly improved agentic coding capability
◉ better multimodal perception and reasoning ability
Official release article:
https://qwen.ai/blog?id=qwen3.6
Note: you can use Qwen3.6-plus on the android chat app now
@reverseengineer101
🔥6❤2😨1