RSS Parrot

BETA

🦜 Sammy Azdoufal / @n0tsa

@nitter.poast.org.n0tsa@rss-parrot.net

I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.

---

Twitter feed for: @n0tsa. Generated by https://nitter.poast.org

Your feed and you don't want it here? Just e-mail the birb.

Site URL: nitter.poast.org/n0tsa

Feed URL: nitter.poast.org/n0tsa/rss

Posts: 21

Followers: 1

Again you dont need Mythos level model for pentesting. Sonnet 4.6 (1M) > all

https://nitter.poast.org/n0tsa/status/2065779514102124796#m

Published: June 13, 2026 12:53

Again you dont need Mythos level model for pentesting. Sonnet 4.6 (1M) > all Anthropic (@AnthropicAI) The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any…

Oops!...I Did It Again - Britney Spears

https://nitter.poast.org/n0tsa/status/2065710503180021935#m

Published: June 13, 2026 08:18

<insert_gif>Oops!...I Did It Again - Britney Spears</insert_gif> SecAlerts (@SecAlertsCo) 🔑 CVE-2026-50086: Aqara's IAM/SSO gateway exposes an unauthenticated AES oracle against its platform signing key. No credentials needed to abuse it. CVSS 10. If…

R to @n0tsa: It's all out now. Report, every email, the whole timeline in my public and responsible disclosure : https://github.com/xn0tsa/because-i-got-high ICO's investigating. 5 data authorities notified.

https://nitter.poast.org/n0tsa/status/2064831694490816733#m

Published: June 10, 2026 22:06

It's all out now. Report, every email, the whole timeline in my public and responsible disclosure : github.com/xn0tsa/because-i-… ICO's investigating. 5 data authorities notified.

R to @n0tsa: So I call @StarFire2258 journalist at The Verge. He sends one email. Reply in hours. Not to me, of course. To him. And, my favourite part, they asked him to explain the vulnerability. Lads. It's your database. You wrote it.

https://nitter.poast.org/n0tsa/status/2064831691139510642#m

Published: June 10, 2026 22:06

So I call @StarFire2258 journalist at The Verge. He sends one email. Reply in hours. Not to me, of course. To him. And, my favourite part, they asked him to explain the vulnerability. Lads. It's your database. You wrote it.

R to @n0tsa: April 22nd, I email them. Silence. April 25th. Silence. April 26th. April 30th. Still silence. 26 days. I've had goldfish more responsive.

https://nitter.poast.org/n0tsa/status/2064831689688309808#m

Published: June 10, 2026 22:06

April 22nd, I email them. Silence. April 25th. Silence. April 26th. April 30th. Still silence. 26 days. I've had goldfish more responsive.

R to @n0tsa: @verge just release an article about this shitshow https://www.theverge.com/tech/947157/passports-data-breach-cannabis-club-systems-nefos-puffpal

https://nitter.poast.org/n0tsa/status/2064831692641071572#m

Published: June 10, 2026 22:06

@verge just release an article about this shitshow theverge.com/tech/947157/pas…

R to @n0tsa: Now here's the bit that makes lawyers reach for the bottle. Every single person is tagged "medicinal." Congratulations : that's no longer a list of stoners. That's a million medical records, with the front door wide open and the keys in the lock.

https://nitter.poast.org/n0tsa/status/2064831686316032295#m

Published: June 10, 2026 22:06

Now here's the bit that makes lawyers reach for the bottle. Every single person is tagged "medicinal." Congratulations : that's no longer a list of stoners. That's a million medical records, with the front door wide open and the keys in the lock.

R to @n0tsa: No login. No password. No nothing. Just a club name and a little number, counting up from 1 like a deli ticket machine. Name. Address. Passport number. Date of birth. Monthly weed intake. Everyone. All 377 clubs. 40+ countries. Whoever built this was not high. They were just lazy.

https://nitter.poast.org/n0tsa/status/2064831684843852232#m

Published: June 10, 2026 22:06

No login. No password. No nothing. Just a club name and a little number, counting up from 1 like a deli ticket machine. Name. Address. Passport number. Date of birth. Monthly weed intake. Everyone. All 377 clubs. 40+ countries. Whoever built this was not…

R to @n0tsa: 985,841 ID scans. Passports, national IDs, driving licences. One plain URL. No token. No auth. Just type it and behold. Including people who never touched the app. Who handed a passport to the front desk in 2023 and went home thinking that was the end of it. Surprise.

https://nitter.poast.org/n0tsa/status/2064831687817617793#m

Published: June 10, 2026 22:06

985,841 ID scans. Passports, national IDs, driving licences. One plain URL. No token. No auth. Just type it and behold. Including people who never touched the app. Who handed a passport to the front desk in 2023 and went home thinking that was the end of…

Pinned: I joined a weed club in Barcelona. They handed me an app and said "it's more convenient." By sunrise I was looking at 1,082,680 strangers' passports. Convenient indeed. Thread🧵

https://nitter.poast.org/n0tsa/status/2064831682826420676#m

Published: June 10, 2026 22:06

I joined a weed club in Barcelona. They handed me an app and said "it's more convenient." By sunrise I was looking at 1,082,680 strangers' passports. Convenient indeed. Thread🧵

RT by @n0tsa: Nearly a million passports and photo IDs were left unprotected on the public internet https://www.theverge.com/tech/947157/passports-data-breach-cannabis-club-systems-nefos-puffpal

https://nitter.poast.org/verge/status/2064829566276002015#m

Published: June 10, 2026 21:58

Nearly a million passports and photo IDs were left unprotected on the public internet theverge.com/tech/947157/pas…

RT by @n0tsa: Ubiquiti社UniFi OSでCVSSスコア10の脆弱性3件が修正。認証ゲートウェイ回避のCVE-2026-34908及びCVE-2026-34909、並びにパッケージ更新サービスでのコマンドインジェクションCVE-2026-34910。Bishop Fox社からrootシェルを取れる完動デモが提示されている。 https://gbhackers.com/critical-unifi-os-auth-bypass-flaws/

https://nitter.poast.org/__kokumoto/status/2063824283605110817#m

Published: June 8, 2026 03:23

Ubiquiti社UniFi OSでCVSSスコア10の脆弱性3件が修正。認証ゲートウェイ回避のCVE-2026-34908及びCVE-2026-34909、並びにパッケージ更新サービスでのコマンドインジェクションCVE-2026-34910。Bishop Fox社からrootシェルを取れる完動デモが提示されている。 gbhackers.com/critical-unifi…

R to @n0tsa: it now has 5 modes: - rubber ducky (the trigger pulls the trigger, literally) - USB ethernet implant with its own DHCP and DNS hijacker - live C2 relay - USB descriptor fuzzer - audio covert channel out the headphone jack it still flies planes in MSFS. don't worry about it

https://nitter.poast.org/n0tsa/status/2063677674308952355#m

Published: June 7, 2026 17:41

it now has 5 modes: - rubber ducky (the trigger pulls the trigger, literally) - USB ethernet implant with its own DHCP and DNS hijacker - live C2 relay - USB descriptor fuzzer - audio covert channel out the headphone jack it still flies planes in MSFS.…

R to @n0tsa: turns out the bootloader was wide open. hold Xbox button + plug in = full 512KB firmware dump in 3 seconds, no tools, no case opening

https://nitter.poast.org/n0tsa/status/2063677672983502929#m

Published: June 7, 2026 17:41

turns out the bootloader was wide open. hold Xbox button + plug in = full 512KB firmware dump in 3 seconds, no tools, no case opening

RT by @n0tsa: Introducing : ThrustFucker. I fully reverse engineer the firmware, wrote a new one, and now my Thrustmaster joystick is a rubber ducky with an identity crisis. Thread🧵

https://nitter.poast.org/n0tsa/status/2063677670693408866#m

Published: June 7, 2026 17:41

Introducing : ThrustFucker. I fully reverse engineer the firmware, wrote a new one, and now my Thrustmaster joystick is a rubber ducky with an identity crisis. Thread🧵 Sammy Azdoufal (@n0tsa) Feel bored, what if i transform my @TMThrustmaster TCA…

Feel bored, what if i transform my @TMThrustmaster TCA Airbus into a pentest tool/rubber ducky+++ I just need to dump the firmware, reverse and rewrite right ?

https://nitter.poast.org/n0tsa/status/2063549940521980283#m

Published: June 7, 2026 09:13

Feel bored, what if i transform my @TMThrustmaster TCA Airbus into a pentest tool/rubber ducky+++ I just need to dump the firmware, reverse and rewrite right ?

RT by @n0tsa: "Inside the @DJIGlobal @djienterprise Trust Center". I'm gonna let @AnthropicAI @claudeai say something about DJI that you wouldn't listen to *me* say. cc @ChinaSelect @n0tsa @Bin4ryDigit @DSPAorg @MossPhotography Full Archive: https://archive.org/details/dji-trust-center-archive Link to candid analysis: https://ia601003.us.archive.org/view_archive.php?archive=/8/items/dji-trust-center-archive/DJI_Trust_Center_Archive.zip&file=DJI_Trust_Center_Archive%2F00_ANALYSIS_REPORT_read_me_first.pdf

https://nitter.poast.org/d0tslash/status/2060824565656227968#m

Published: May 30, 2026 20:43

"Inside the @DJIGlobal @djienterprise Trust Center". I'm gonna let @AnthropicAI @claudeai say something about DJI that you wouldn't listen to *me* say. cc @ChinaSelect @n0tsa @Bin4ryDigit @DSPAorg @MossPhotography Full Archive:…