Johann Rehberger's banner
Johann Rehberger's profile picture

Johann Rehberger

@wunderwuzzi238,997 subscribers

Hacking neural networks so that we don’t get stuck in the matrix. Builder and Breaker. Opinions are my own. https://t.co/ij8buvMaXg

Shorts

How to find XSS in 2024!

How to find XSS in 2024!

106,546 次观看

The latest Gemini models are the first ones from Google that can reliable read and write invisible Unicode Tags. This opens up a lot of interesting attack avenues.

The latest Gemini models are the first ones from Google that can reliable read and write invisible Unicode Tags. This opens up a lot of interesting attack avenues.

28,604 次观看

Videos

LIVE
1.2k

Anya Rossi

sweetdream.ai

SweetDream.aiSponsoredLivecam
Streaming Now

Watch Anya Live

Anya is streaming live right now! Join her private show and enjoy exclusive content.

HD live stream
Exclusive private shows
1.2k viewers online

Free preview available • Premium content

💥 Remote Code Execution in GitHub Copilot (CVE-2025-53773) 👉 Prompt injection exploit writes to Copilot config file and puts it into YOLO mode, then we get immediate RCE 🔥 Bypasses all user approvals 🛡️ Patch is out today. Update before someone else does it for you
0:32
wunderwuzzi23's profile picture

💥 Remote Code Execution in GitHub Copilot (CVE-2025-53773) 👉 Prompt injection exploit writes to Copilot config file and puts it into YOLO mode, then we get immediate RCE 🔥 Bypasses all user approvals 🛡️ Patch is out today. Update before someone else does it for you

Johann Rehberger

117,493 次观看 • 9 个月前

🚨 Security Advisory: Anthropic's Slack MCP Server leaks data via link unfurling ☠️ See a demo exploit with Claude Code connected to the MCP server, and how a prompt injection attack can leak developer secrets. Watch and learn!
0:50
wunderwuzzi23's profile picture

🚨 Security Advisory: Anthropic's Slack MCP Server leaks data via link unfurling ☠️ See a demo exploit with Claude Code connected to the MCP server, and how a prompt injection attack can leak developer secrets. Watch and learn!

Johann Rehberger

20,449 次观看 • 11 个月前

🔥Arbitrary Code Execution in AWS Kiro with Indirect Prompt Injection Multiple ways actually... 1) Write to settings.json to put Kiro into YOLO mode by adding: "kiroAgent.trustedCommands": ["*"] -> immediate arbitrary OS command execution without user approval 2) Write to kiro's mcp.json file to add a fake mcp server that runs arbitrary python code -> immediate arbitrary code execution AWS fixed the issues quickly, but no CVE issued. If you use Kiro make sure to run the latest version, before someone else updates it for you.
12:01
wunderwuzzi23's profile picture

🔥Arbitrary Code Execution in AWS Kiro with Indirect Prompt Injection Multiple ways actually... 1) Write to settings.json to put Kiro into YOLO mode by adding: "kiroAgent.trustedCommands": ["*"] -> immediate arbitrary OS command execution without user approval 2) Write to kiro's mcp.json file to add a fake mcp server that runs arbitrary python code -> immediate arbitrary code execution AWS fixed the issues quickly, but no CVE issued. If you use Kiro make sure to run the latest version, before someone else updates it for you.

Johann Rehberger

12,632 次观看 • 9 个月前

没有更多内容可加载