Zach Hanley @hacks_zach
Vulnerability Researcher | Attack Engineer @horizon3ai Raleigh, NC Joined November 2017-
Tweets418
-
Followers2K
-
Following438
-
Likes2K
Building on @hacks_zach 's work on CVE-2024-1403, Fortra's expert exploit writer, Marcos Accossatto, demonstrates how to achieve achieve Remote Code Execution using CVE-2025-7388. Read more in his detailed blog: ow.ly/xCaJ50WRtkC
Completing the Circle: The path to CVE-2025-7388 coresecurity.com/blog/completin…
My favourite finding from @SLCyberSec's Security Research team in 2025 so far is a secondary context path traversal in Omnissa Workspace One UEM (CVE-2025-25231). Really interesting bug, and fun kill chain to RCE. slcyber.io/assetnote-secu…
I joined Sonny and added quite nice pre-auth RCE chain, which contains argument injection -> auth bypass vuln 🫡
I joined Sonny and added quite nice pre-auth RCE chain, which contains argument injection -> auth bypass vuln 🫡
Our latest disclosures for CVE-2025-8355 and CVE-2025-8356 - discovering a critical RCE in Xerox FreeFlow Core horizon3.ai/attack-researc…
Stack overflows, heap overflows, and existential dread - it must be an SSLVPN. labs.watchtowr.com/stack-overflow…
The @SLCyberSec research team is releasing our final research post for our Christmas in July efforts, two RCEs and one XXE (all pre-auth) in Adobe Experience Manager Forms. One of the RCEs and the XXE still do not have official patches: slcyber.io/assetnote-secu…
We now have a (draft) @metasploit exploit module in the pull queue for the recent Microsoft SharePoint Server unauthenticated RCE zero-day (CVE-2025-53770), based on the in-the-wild exploit published a few days ago. Check it out here: github.com/rapid7/metaspl…
We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by @_l0gg to pop SharePoint at #Pwn2Own Berlin 2025, it's really just one request! Kudos to @mwulftange
okay now that it's burned, dropping it: CVE-2025-25257: a Pre-Auth RCE in Fortinet's WAF product called FortiWeb. github.com/0xbigshaq/CVE-…
okay now that it's burned, dropping it: CVE-2025-25257: a Pre-Auth RCE in Fortinet's WAF product called FortiWeb. github.com/0xbigshaq/CVE-…
Another Falls! Fortinet PSIRT really needs to go out and touch grass ☠️
Another Falls! Fortinet PSIRT really needs to go out and touch grass ☠️ https://t.co/0D4CQ7ndhb
courtesy of @SinSinology 🫡
Whenever I audit C# code, I look for benign file operations such as File.Exists(), especially if there's a preceding Path.Combine(). Read about how we leaked NTLM hashes pre-authentication in DotNetNuke (CVE-2025-52488) due to a perfect storm of issues. slcyber.io/assetnote-secu…
Session keys and passwords aplenty, here’s our deep-dive for CVE-2025-5777, aka CitrixBleed 2. Apart from the normal root-cause analysis, we’ve doubled down on actionable steps to investigate Indicators of Compromise. horizon3.ai/attack-researc…
CVE-2025-5777, aka #CitrixBleed 2, allows leaking of memory in the response which can allow for compromising session tokens, and other sensitive information. A deep-dive to follow next week.
Today @rapid7 is disclosing 8 new printer vulnerabilities affecting 742 models across 4 vendors. After 13 months of coordinated disclosure with Brother Industries, Ltd, we're detailing all issues including a critical auth bypass. Full details here: rapid7.com/blog/post/mult…
Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by @yaumn_ and @wil_fri3d. synacktiv.com/publications/n…
We don’t talk about it much, but @Horseman and I also tackle some hard problems on the software eng side too. We’ve built the post-exploitation and implant orchestration framework the last few years here. Take a look at some of that work James wrote up: horizon3.ai/attack-researc…

Nicolas Krassas @Dinosn
146K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3
John Hammond @_JohnHammond
298K Followers 3K Following Cybersecurity Researcher @HuntressLabs || Just Hacking Training @JustHackingHQ w/ @ethicalhacker || https://t.co/UtsNJiyQtS || https://t.co/narO3sz7y6
SinSinology @SinSinology
13K Followers 674 Following Pwn2Own 20{22,23,24,24.5,25,25.5}, i look for 0-Days but i find N-Days & i chase oranges 🍊
Horizon3 Attack Team @Horizon3Attack
12K Followers 56 Following @Horizon3ai Attack Team | Security Research | Exploit Dev | TTPs
Justin Elze @HackingLZ
65K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
shubs @infosec_au
56K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
Alex Plaskett @alexjplaskett
12K Followers 571 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
Florian Roth ⚡️ @cyb3rops
206K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Charlie Bromberg « ... @_nwodtuhs
15K Followers 653 Following Trying to hack the way we hack things 🏴☠️
Will Dormann is on Ma... @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. I used to be here on Twitter but now I'm here: @[email protected] https://t.co/hXggdAVkSQ
Piotr Bazydło @chudyPB
4K Followers 307 Following Principal Vulnerability Researcher at watchTowr | Previously: Zero Day Initiative | @[email protected]
DebugPrivilege @DebugPrivilege
40K Followers 2K Following Windows Nerd | Ex-MSFT | Microsoft MVP in Windows | Interested in Security, Debugging, and Windows Internals.
frycos @frycos
4K Followers 518 Following Private account! Red teamer @codewhitesec. @[email protected] @frycos.bsky.social
ego sum ultra @banpornography
724 Followers 749 Following
kalilord1 @kalilord788
9 Followers 437 Following
Annette @meadeannette89
237 Followers 3K Following
Kim @rosario_kim46
302 Followers 3K Following
Anton @h3_anton
1 Followers 11 Following Engineer @Horizon3ai | Member of @Horizon3Attack | Retired Green Beret
Gina @gina_simmons28
295 Followers 3K Following
Nightowl @0xfa82
0 Followers 33 Following
Oliver Steiner @OliverStei78953
0 Followers 9 Following
Zak @rev2urSelf
1 Followers 736 Following
Rezk0n @Rezk0n
226 Followers 1K Following Bug trafficking, *OSX and Android research. (I want to do all the things but time..)
Nidhall @LoussaiefNidhal
3 Followers 106 Following
aqas @Aqas__
5 Followers 292 Following
Winnona 💾 @__winn
4K Followers 2K Following @DistrictCon Founder. Harvard-Georgetown MPP/JD, @CyberStatecraft / @BelferCenter researcher, ex-Google RE / threat research. https://t.co/MJHKl7Myic 👩🏻💻
Roei Kriger @roei_kriger
4 Followers 136 Following
Anna @SengerYasm87112
89 Followers 4K Following
K_Collins @KCollinsOFL
1 Followers 119 Following 🌟Eth. Bug Hunter 🐞 | PenTester 🛡️ | OSINT Expert 🔎| Linux 💻 | CyberSec | Tech Enthusiast 🚀
mor hay @hackthisbyx
2 Followers 9 Following
kr!5n@ @krisna_2021
2 Followers 63 Following
Larryxi @1arryx1
89 Followers 214 Following
Lacoste @Lac0ste_1
0 Followers 174 Following
cydisq @cydisq
223 Followers 134 Following Afterbright on Steam: https://t.co/n5qgiOVmaT Lokaa on Steam: https://t.co/k8Avjg0Log
dexter @dexter79331247
0 Followers 2K Following
Qanon @qanonfree
0 Followers 4K Following
Vũ Tiến Hòa @_hoavt18
7 Followers 884 Following
Oowhulrarp @Oowhulrarp5535
22 Followers 1K Following
Margaret @GloysloufSu7Tl
30 Followers 2K Following I may be the kind of person you like, but I am not the kind of person you like https://t.co/S7Lugx9Lz9
Mohamed Abdulhamid @3b7amidd
52 Followers 279 Following Securing bits migrating from inside out, checking bits coming from outside in, and making sure that what is in, is in.
Anonymous @Anonymous78088
1 Followers 87 Following
Jessica Gulick @jess_gulick
59 Followers 393 Following GET IN THE GAME. Serious gaming = Careers, @USCyberGames Commissioner; @Wicked6 Founder; @KatzcyLLC and @PlayCyber CEO; Cyber Sports Advocate; ❤️🏀🎶🐱 🖖
🍜🥢 @slavos1a
1 Followers 480 Following
WannaBeSeniorDev @WannaBeSnrDev
4 Followers 400 Following
Brandon Sorgdrager @bsord_dev
497 Followers 523 Following Let's talk AI and Cybersecurity 🤖 Senior Technical Support Engineer @horizon3ai 🛠️ Full-Stack dev ❤️ #OpenSource contributor #CKAD
Samet burada boş yap... @SametBosYapiyor
105 Followers 2K Following
abel @theoabel_
58 Followers 313 Following R&D at @FuzzingLabs - Infosec student - Programming, research and hypervisors Github : https://t.co/4cmuPnEkS5
James Ibrahim @JamesIb54140322
55 Followers 3K Following
Pooboo @Pooboo3614080
35 Followers 1K Following
H4Xt @K1llx_official
4 Followers 386 Following
Rafroy @RafroyYTA
23 Followers 2K Following Try to be gentle with yourself, you are just a child of the universe, no different from beautiful plants and stars
vx-underground @vxunderground
368K Followers 290 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
Trend Zero Day Initia... @thezdi
83K Followers 16 Following Trend Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
chompie @chompie1337
83K Followers 1K Following hacker, weird machine mechanic, X-Force Offensive Research (XOR)
Nicolas Krassas @Dinosn
146K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3
John Hammond @_JohnHammond
298K Followers 3K Following Cybersecurity Researcher @HuntressLabs || Just Hacking Training @JustHackingHQ w/ @ethicalhacker || https://t.co/UtsNJiyQtS || https://t.co/narO3sz7y6
SinSinology @SinSinology
13K Followers 674 Following Pwn2Own 20{22,23,24,24.5,25,25.5}, i look for 0-Days but i find N-Days & i chase oranges 🍊
Ben Sadeghipour @NahamSec
233K Followers 1K Following Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
0xor0ne @0xor0ne
81K Followers 514 Following | CyberSecurity | Reverse Engineering | C and Rust | Exploit | Linux kernel | PhD | My Tweets, My Opinions :) |
Horizon3 Attack Team @Horizon3Attack
12K Followers 56 Following @Horizon3ai Attack Team | Security Research | Exploit Dev | TTPs
Justin Elze @HackingLZ
65K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
shubs @infosec_au
56K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
[email protected]... @0xdea
14K Followers 19 Following When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.
Alex Plaskett @alexjplaskett
12K Followers 571 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
Florian Roth ⚡️ @cyb3rops
206K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Charlie Bromberg « ... @_nwodtuhs
15K Followers 653 Following Trying to hack the way we hack things 🏴☠️
Anton @h3_anton
1 Followers 11 Following Engineer @Horizon3ai | Member of @Horizon3Attack | Retired Green Beret
Winnona 💾 @__winn
4K Followers 2K Following @DistrictCon Founder. Harvard-Georgetown MPP/JD, @CyberStatecraft / @BelferCenter researcher, ex-Google RE / threat research. https://t.co/MJHKl7Myic 👩🏻💻
JPCERT/CC @jpcert_en
11K Followers 8 Following Official English Twitter account for JPCERT/CC on security alerts, blog posts, publications, etc. For Inquiries, email [email protected].
Parth Malhotra @Parth_Malhotra
7K Followers 1K Following Hacking into your servers since 2012 :) Research @pdiscoveryio
Harsh Jaiswal @rootxharsh
22K Followers 1K Following Building @hacktronai | researching at @httpvoid0x2f | auditing at @cure53berlin | prev @zomato @vimeo @pdiscoveryio
Pierluigi Paganini - ... @securityaffairs
37K Followers 5K Following Founder of Security Affairs, CYBHORUS, and Cybaze. Member Ad-Hoc Working Group on Cyber Threat Landscapes, Ethical Hacker, Security Evangelist, Security Analyst
RyotaK @ryotkak
7K Followers 662 Following Security researcher? | Icon: @MelvilleTw | Private: @RyotaK_Private | Misskey: https://t.co/63E5Rpv2pk | Blog: https://t.co/c7NFQXhV90
Jessica Lyons @JessicaHrdcstle
2K Followers 2K Following Cybersecurity Editor @TheRegister / @SitPub Not posting on X but you can find me at Bluesky: @jessicalyons.bsky.social
D_K @D_K_Dev
221 Followers 138 Following IT-Security Student, @allesctf Member, Co-Founder and Security Researcher @neodyme
Chocapikk 🤘🏻 @Chocapikk_
3K Followers 264 Following Pentester. Exploit Dev. CVEs for fun 🇫🇷 Security Researcher & Software Developer @leak_ix ☁️ (soon) Views are my own 🧠
Benjamin Harris @benwatchtowr
416 Followers 13 Following Everything is compromised until proven otherwise. Founder & CEO @watchTowrcyber.
Jeff Foley @jeff_foley
6K Followers 903 Following vice chair of the @owasp project committee | @owaspamass project leader | mastodon: https://t.co/5tzmNUcL6R
Khang Phan @pivik_
382 Followers 160 Following
watchTowr @watchtowrcyber
9K Followers 13 Following watchTowr enables organizations to get ahead of in-the-wild exploitation with Preemptive Exposure Management technology.
DebugPrivilege @DebugPrivilege
40K Followers 2K Following Windows Nerd | Ex-MSFT | Microsoft MVP in Windows | Interested in Security, Debugging, and Windows Internals.
Ken Gannon (伊藤 �... @Yogehi
2K Followers 287 Following 95% random tweets, 5% security related tweets. Pwn2Own 2023/2024. YayTweetsAreMyOwnYay
Markus Wulftange @mwulftange
3K Followers 195 Following Principal Security Researcher and Pâtissier at @codewhitesec
Ryan Emmons @the_emmons
458 Followers 532 Following Security Researcher, P2O ‘24. This profile is my own, and my tweets don't represent my employer :) https://t.co/D9PuJ9Ur9m
Bryan Smith @securekomodo
687 Followers 828 Following Security Researcher | Founder @cyberredline | @0xc7f313 Admin | 2x OSINT #BlackBadge Winner | Metal AF 🤘| NɅTIVE #MISEC
Shift @Shiftreduce
2K Followers 1K Following
Ax Sharma @Ax_Sharma
5K Followers 1K Following Infosec Researcher, Journalist | 📰 Bylines + seen on 📸 BBC, BleepingComputer, Channel 5, TechCrunch, WIRED | 🦋 Bluesky: https://t.co/7LQOdDSG1o | ✉️ [email protected]
Lawrence Abrams @LawrenceAbrams
18K Followers 837 Following Ransomware, Online Security, and Malware. Owner, Editor in Chief of @bleepincomputer. DM on Signal: LawrenceA.11 * https://t.co/LXVRoICs8Z
Tom Clement @Tom_Clement
688 Followers 611 Following Soft & hardware dev | #badgelife design | orga @MCH2022Camp | Founder @ Curious Supplies & New Dawn Bio | https://t.co/lZkhlkL9h4
Joshua J. Drake @jduck
28K Followers 2K Following Securing the future through modern technology. Founder and Software Security Specialist at @magnetitesec
Byte Insight @ByteInsight
198 Followers 246 Following Embedded Security Researcher, pwn2own contestant 2022/2023/2024, Senior Vulnerability Researcher at Trend Micro 2024
RET2 Systems @ret2systems
12K Followers 1 Following We strive to reimagine vulnerability research, program analysis, and security education as it exists today. An @RPISEC corporation.
Vincent Yiu @vysecurity
29K Followers 308 Following Director, Red Team, Offensive Security. Help organizations safeguard their businesses from the bad guys.
𝚊𝚕𝚔𝚊𝚕�... @alkalinesec
3K Followers 551 Following mobile security / symbolic execution. opinions are mine. @[email protected] . he / him
Volexity @Volexity
8K Followers 7 Following A security firm providing Incident Response, Proactive Threat Assessments, Trusted Advisory, and Threat Intelligence
John Cutler @johncutlefish
119K Followers 11 Following I like the beautiful mess of product development.| newsletter: https://t.co/tCLvCkCdiS
{oz} @OguzhanTopgul
874 Followers 924 Following #MobileSecurity #MobileMalware #WebSecurity #PenetrationTesting
Jason Lang @curi0usJack
16K Followers 200 Following @TrustedSec Red Team lead | Hi-Fidelity trolling | Privacy Enthusiast | Putting the "no" in nano | Avatar: https://t.co/3XHmKR8nCk
esjay @esj4y
745 Followers 795 Following Shell horticulturist @codewhitesec - blog @ https://t.co/TAuhn27aSX
exploits.club @exploitsclub
2K Followers 110 Following A VR, RE, and Exploit Dev weekly newsletter | Join the club Contact: [email protected]
Boris Larin @oct0xor
18K Followers 655 Following Former console hacker (PS3/PS4). Hunting in the wild 0-days at Kaspersky GReAT. All tweets are my own.
Jordy Zomer @pwningsystems
3K Followers 258 Following Security Engineer @ Google, likes fuzzing, static analysis and VR. The opinions stated here are my own, not those of my company.
Aliz (they/them pls) @AlizTheHax0r
1K Followers 1K Following Also https://t.co/Aq1HjG2fFq +same at bluesky. Curiosity/divergence/general hackery. Quite trans. they/them. Nonbinary, happily married.