Zach Hanley @hacks_zach
Vulnerability Researcher | Attack Engineer @horizon3ai Raleigh, NC Joined November 2017-
Tweets420
-
Followers2K
-
Following438
-
Likes2K
We dug into DELMIA Apriso & found more than we expected. A deserialization flaw (CVE-2025-5086) let us turn a SOAP request into full RCE. Our blog breaks down: - how we traced the vulnerable code path - how we crafted the payload - why it impacts Apriso 2020–2025 Patch ASAP;…
GoAnywhere MFT, CVE-2025-10035, conspiracy theories, quiet advisory updates and IoCs with no ITW exploitation. Welcome back. labs.watchtowr.com/is-this-bad-th…
Building on @hacks_zach 's work on CVE-2024-1403, Fortra's expert exploit writer, Marcos Accossatto, demonstrates how to achieve achieve Remote Code Execution using CVE-2025-7388. Read more in his detailed blog: ow.ly/xCaJ50WRtkC
Completing the Circle: The path to CVE-2025-7388 coresecurity.com/blog/completin…
My favourite finding from @SLCyberSec's Security Research team in 2025 so far is a secondary context path traversal in Omnissa Workspace One UEM (CVE-2025-25231). Really interesting bug, and fun kill chain to RCE. slcyber.io/assetnote-secu…
I joined Sonny and added quite nice pre-auth RCE chain, which contains argument injection -> auth bypass vuln 🫡
I joined Sonny and added quite nice pre-auth RCE chain, which contains argument injection -> auth bypass vuln 🫡
Our latest disclosures for CVE-2025-8355 and CVE-2025-8356 - discovering a critical RCE in Xerox FreeFlow Core horizon3.ai/attack-researc…
Stack overflows, heap overflows, and existential dread - it must be an SSLVPN. labs.watchtowr.com/stack-overflow…
The @SLCyberSec research team is releasing our final research post for our Christmas in July efforts, two RCEs and one XXE (all pre-auth) in Adobe Experience Manager Forms. One of the RCEs and the XXE still do not have official patches: slcyber.io/assetnote-secu…
We now have a (draft) @metasploit exploit module in the pull queue for the recent Microsoft SharePoint Server unauthenticated RCE zero-day (CVE-2025-53770), based on the in-the-wild exploit published a few days ago. Check it out here: github.com/rapid7/metaspl…
We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by @_l0gg to pop SharePoint at #Pwn2Own Berlin 2025, it's really just one request! Kudos to @mwulftange
okay now that it's burned, dropping it: CVE-2025-25257: a Pre-Auth RCE in Fortinet's WAF product called FortiWeb. github.com/0xbigshaq/CVE-…
okay now that it's burned, dropping it: CVE-2025-25257: a Pre-Auth RCE in Fortinet's WAF product called FortiWeb. github.com/0xbigshaq/CVE-…
Another Falls! Fortinet PSIRT really needs to go out and touch grass ☠️
Another Falls! Fortinet PSIRT really needs to go out and touch grass ☠️ https://t.co/0D4CQ7ndhb
courtesy of @SinSinology 🫡
Whenever I audit C# code, I look for benign file operations such as File.Exists(), especially if there's a preceding Path.Combine(). Read about how we leaked NTLM hashes pre-authentication in DotNetNuke (CVE-2025-52488) due to a perfect storm of issues. slcyber.io/assetnote-secu…
Session keys and passwords aplenty, here’s our deep-dive for CVE-2025-5777, aka CitrixBleed 2. Apart from the normal root-cause analysis, we’ve doubled down on actionable steps to investigate Indicators of Compromise. horizon3.ai/attack-researc…
CVE-2025-5777, aka #CitrixBleed 2, allows leaking of memory in the response which can allow for compromising session tokens, and other sensitive information. A deep-dive to follow next week.
Today @rapid7 is disclosing 8 new printer vulnerabilities affecting 742 models across 4 vendors. After 13 months of coordinated disclosure with Brother Industries, Ltd, we're detailing all issues including a critical auth bypass. Full details here: rapid7.com/blog/post/mult…

Nicolas Krassas @Dinosn
147K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3
John Hammond @_JohnHammond
300K Followers 3K Following Cybersecurity Researcher @HuntressLabs || Just Hacking Training @JustHackingHQ w/ @ethicalhacker || https://t.co/UtsNJiyQtS || https://t.co/narO3sz7y6
SinSinology @SinSinology
12K Followers 685 Following Pwn2Own 20{22,23,24,24.5,25,25.5}, i look for 0-Days but i find N-Days & i chase oranges 🍊
Horizon3 Attack Team @Horizon3Attack
12K Followers 56 Following @Horizon3ai Attack Team | Security Research | Exploit Dev | TTPs
Justin Elze @HackingLZ
65K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
shubs @infosec_au
56K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
Alex Plaskett @alexjplaskett
12K Followers 572 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
Florian Roth ⚡️ @cyb3rops
207K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Charlie Bromberg « ... @_nwodtuhs
15K Followers 652 Following Trying to hack the way we hack things 🏴☠️
Will Dormann is on Ma... @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. I used to be here on Twitter but now I'm here: @[email protected] https://t.co/hXggdAVkSQ
Piotr Bazydło @chudyPB
4K Followers 310 Following Principal Vulnerability Researcher at watchTowr | Previously: Zero Day Initiative | @[email protected]
DebugPrivilege @DebugPrivilege
40K Followers 2K Following Windows Nerd | Ex-MSFT | Microsoft MVP in Windows and Devices | Interested in Security, Debugging, and Windows Internals.
frycos @frycos
4K Followers 518 Following Private account! Red teamer @codewhitesec. @[email protected] @frycos.bsky.social
LMGroyper @2plash6
120 Followers 951 Following Far-right, anti-Zionist, Nietzsche-right America First! Pro-police, anti-hedonist, Save the white race! Deport illegals. Tedpilled Langan and Mangione fan.
ProjectDiscovery @pdiscoveryio
38K Followers 132 Following Detect real, exploitable vulnerabilities. Harness the power of Nuclei for fast and accurate findings without false positives.
Dummy Account @Asta_nine
2 Followers 548 Following
JudithJones @reHn5Gomyxj4p
38 Followers 2K Following
CryptoKingKa @manager9268
11 Followers 62 Following #coin8 #CEX #crypto #developer #marcketing #manager #football #future #trader
fittesi @fitteso
1 Followers 597 Following
areameye @QaZ123____
32 Followers 624 Following
ego sum ultra @banpornography
716 Followers 845 Following
kalilord1 @kalilord788
10 Followers 435 Following
Anton @h3_anton
2 Followers 21 Following Master of bending space-time and exploring black holes in spare time. Defying cosmic limits to reshape reality one paradox at a time.
Nightowl @0xfa82
0 Followers 34 Following
Oliver Steiner @OliverStei78953
0 Followers 12 Following
Zak @rev2urSelf
3 Followers 735 Following
Rezk0n @Rezk0n
226 Followers 1K Following Bug trafficking, *OSX and Android research. (I want to do all the things but time..)
Nidhall @LoussaiefNidhal
3 Followers 107 Following
aqas @Aqas__
4 Followers 313 Following
Winnona 💾 @__winn
4K Followers 2K Following @DistrictCon Founder. Harvard-Georgetown MPP/JD, @CyberStatecraft / @BelferCenter researcher, ex-Google RE / threat research. https://t.co/MJHKl7Myic 👩🏻💻
Roei Kriger @roei_kriger
3 Followers 140 Following
Anna @SengerYasm87112
100 Followers 5K Following
K_Collins @KCollinsOFL
1 Followers 120 Following 🌟Eth. Bug Hunter 🐞 | PenTester 🛡️ | OSINT Expert 🔎| Linux 💻 | CyberSec | Tech Enthusiast 🚀
mor hay @hackthisbyx
1 Followers 14 Following
kr!5n@ @krisna_2021
3 Followers 63 Following
Larryxi @1arryx1
90 Followers 221 Following
Lacoste @Lac0ste_1
1 Followers 174 Following
cydisq @cydisq
219 Followers 135 Following Afterbright on Steam: https://t.co/n5qgiOVmaT Lokaa on Steam: https://t.co/k8Avjg0Log
dexter @dexter79331247
0 Followers 2K Following
Qanon @qanonfree
0 Followers 4K Following
Vũ Tiến Hòa @_hoavt18
7 Followers 917 Following
Oowhulrarp @Oowhulrarp5535
26 Followers 1K Following
Mohamed Abdulhamid @3b7amidd
49 Followers 283 Following Securing bits migrating from inside out, checking bits coming from outside in, and making sure that what is in, is in.
Anonymous @Anonymous78088
1 Followers 87 Following
Jessica Gulick @jess_gulick
65 Followers 401 Following GET IN THE GAME. Serious gaming = Careers, @USCyberGames Commissioner; @Wicked6 Founder; @KatzcyLLC and @PlayCyber CEO; Cyber Sports Advocate; ❤️🏀🎶🐱 🖖
🍜🥢 @slavos1a
1 Followers 483 Following
WannaBeSeniorDev @WannaBeSnrDev
7 Followers 401 Following
Brandon Sorgdrager @bsord_dev
496 Followers 521 Following Let's talk AI and Cybersecurity 🤖 Senior Technical Support Engineer @horizon3ai 🛠️ Full-Stack dev ❤️ #OpenSource contributor #CKAD
Samet burada boş yap... @SametBosYapiyor
107 Followers 2K Following
abel @theoabel_
57 Followers 314 Following R&D at @FuzzingLabs - Infosec student - Programming, research and hypervisors Github : https://t.co/4cmuPnEkS5
James Ibrahim @JamesIb54140322
66 Followers 3K Following
Pooboo @Pooboo3614080
30 Followers 1K Following
vx-underground @vxunderground
377K Followers 294 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
Trend Zero Day Initia... @thezdi
83K Followers 16 Following Trend Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
chompie @chompie1337
83K Followers 1K Following hacker, weird machine mechanic, X-Force Offensive Research (XOR)
Nicolas Krassas @Dinosn
147K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3
John Hammond @_JohnHammond
300K Followers 3K Following Cybersecurity Researcher @HuntressLabs || Just Hacking Training @JustHackingHQ w/ @ethicalhacker || https://t.co/UtsNJiyQtS || https://t.co/narO3sz7y6
SinSinology @SinSinology
12K Followers 685 Following Pwn2Own 20{22,23,24,24.5,25,25.5}, i look for 0-Days but i find N-Days & i chase oranges 🍊
Ben Sadeghipour @NahamSec
235K Followers 1K Following Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
0xor0ne @0xor0ne
82K Followers 514 Following | CyberSecurity | Reverse Engineering | C and Rust | Exploit | Linux kernel | PhD | My Tweets, My Opinions :) |
Horizon3 Attack Team @Horizon3Attack
12K Followers 56 Following @Horizon3ai Attack Team | Security Research | Exploit Dev | TTPs
Justin Elze @HackingLZ
65K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
shubs @infosec_au
56K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
[email protected]... @0xdea
14K Followers 20 Following When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.
mRr3b00t @UK_Daniel_Card
114K Followers 8K Following Department of Cyber WAR CEO of everyone's email servers!
Alex Plaskett @alexjplaskett
12K Followers 572 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
Florian Roth ⚡️ @cyb3rops
207K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Charlie Bromberg « ... @_nwodtuhs
15K Followers 652 Following Trying to hack the way we hack things 🏴☠️
Anton @h3_anton
2 Followers 21 Following Master of bending space-time and exploring black holes in spare time. Defying cosmic limits to reshape reality one paradox at a time.
Winnona 💾 @__winn
4K Followers 2K Following @DistrictCon Founder. Harvard-Georgetown MPP/JD, @CyberStatecraft / @BelferCenter researcher, ex-Google RE / threat research. https://t.co/MJHKl7Myic 👩🏻💻
JPCERT/CC @jpcert_en
11K Followers 8 Following Official English Twitter account for JPCERT/CC on security alerts, blog posts, publications, etc. For Inquiries, email [email protected].
Parth Malhotra @Parth_Malhotra
7K Followers 1K Following Hacking into your servers since 2012 :) Research @pdiscoveryio
Harsh Jaiswal @rootxharsh
22K Followers 1K Following Building @hacktronai | researching at @httpvoid0x2f | auditing at @cure53berlin | prev @zomato @vimeo @pdiscoveryio
Pierluigi Paganini - ... @securityaffairs
37K Followers 5K Following Founder of Security Affairs, CYBHORUS, and Cybaze. Member Ad-Hoc Working Group on Cyber Threat Landscapes, Ethical Hacker, Security Evangelist, Security Analyst
Dohyun Lee @l33d0hyun
5K Followers 532 Following mobile / browser / microarchitectural / [email protected]
RyotaK @ryotkak
7K Followers 659 Following Security researcher? | Icon: @MelvilleTw | Private: @RyotaK_Private | Misskey: https://t.co/63E5Rpv2pk | Blog: https://t.co/c7NFQXhV90
Jessica Lyons @JessicaHrdcstle
2K Followers 2K Following Cybersecurity Editor @TheRegister / @SitPub Not posting on X but you can find me at Bluesky: @jessicalyons.bsky.social
D_K @D_K_Dev
218 Followers 138 Following IT-Security Student, @allesctf Member, Co-Founder and Security Researcher @neodyme
Chocapikk 🤘🏻 @Chocapikk_
3K Followers 267 Following Exploit Dev. CVEs for fun 🇫🇷 Security Researcher & Software Developer @leak_ix ☁️ Views are my own 🧠
Benjamin Harris @benwatchtowr
415 Followers 13 Following Everything is compromised until proven otherwise. Founder & CEO @watchTowrcyber.
Jeff Foley @jeff_foley
6K Followers 903 Following vice chair of the @owasp project committee | @owaspamass project leader | mastodon: https://t.co/5tzmNUcL6R
Khang Phan @pivik_
383 Followers 160 Following
watchTowr @watchtowrcyber
9K Followers 14 Following watchTowr enables organizations to get ahead of in-the-wild exploitation with Preemptive Exposure Management technology.
DebugPrivilege @DebugPrivilege
40K Followers 2K Following Windows Nerd | Ex-MSFT | Microsoft MVP in Windows and Devices | Interested in Security, Debugging, and Windows Internals.
Ken Gannon (伊藤 �... @Yogehi
2K Followers 289 Following 95% random tweets, 5% security related tweets. Pwn2Own 2023/2024. YayTweetsAreMyOwnYay
Markus Wulftange @mwulftange
3K Followers 196 Following Principal Security Researcher and Pâtissier at @codewhitesec
Ryan Emmons @the_emmons
462 Followers 531 Following Security Researcher, P2O ‘24. This profile is my own, and my tweets don't represent my employer :) https://t.co/D9PuJ9Ur9m
Bryan Smith @securekomodo
685 Followers 827 Following Security Researcher | Founder @cyberredline | @0xc7f313 Admin | 2x OSINT #BlackBadge Winner | Metal AF 🤘| NɅTIVE #MISEC
Shift @Shiftreduce
2K Followers 1K Following
Ax Sharma @Ax_Sharma
5K Followers 1K Following Infosec Researcher, Journalist | 📰 Bylines + seen on 📸 BBC, BleepingComputer, Channel 5, TechCrunch, WIRED | 🦋 Bluesky: https://t.co/7LQOdDSG1o | ✉️ [email protected]
Lawrence Abrams @LawrenceAbrams
18K Followers 835 Following Ransomware, Online Security, and Malware. Owner, Editor in Chief of @bleepincomputer. DM on Signal: LawrenceA.11 * https://t.co/LXVRoICs8Z
Tom Clement @Tom_Clement
688 Followers 611 Following Soft & hardware dev | #badgelife design | orga @MCH2022Camp | Founder @ Curious Supplies & New Dawn Bio | https://t.co/lZkhlkL9h4
Joshua J. Drake @jduck
27K Followers 2K Following Securing the future through modern technology. Founder and Software Security Specialist at @magnetitesec
Byte Insight @ByteInsight
197 Followers 246 Following Embedded Security Researcher, pwn2own contestant 2022/2023/2024, Senior Vulnerability Researcher at Trend Micro 2024
RET2 Systems @ret2systems
12K Followers 1 Following We strive to reimagine vulnerability research, program analysis, and security education as it exists today. An @RPISEC corporation.
Vincent Yiu @vysecurity
29K Followers 254 Following Director, Red Team, Offensive Security. Help organizations safeguard their businesses from the bad guys.
𝚊𝚕𝚔𝚊𝚕�... @alkalinesec
3K Followers 548 Following mobile security / symbolic execution. opinions are mine. @[email protected] . he / him
Volexity @Volexity
8K Followers 7 Following A security firm providing Incident Response, Proactive Threat Assessments, Trusted Advisory, and Threat Intelligence
John Cutler @johncutlefish
118K Followers 11 Following I like the beautiful mess of product development.| newsletter: https://t.co/tCLvCkCdiS
{oz} @OguzhanTopgul
875 Followers 924 Following #MobileSecurity #MobileMalware #WebSecurity #PenetrationTesting
Jason Lang @curi0usJack
16K Followers 201 Following @TrustedSec Red Team lead | Hi-Fidelity trolling | Privacy Enthusiast | Putting the "no" in nano | Avatar: https://t.co/3XHmKR8nCk
esjay @esj4y
742 Followers 797 Following Shell horticulturist @codewhitesec - blog @ https://t.co/TAuhn27aSX
exploits.club @exploitsclub
2K Followers 111 Following A VR, RE, and Exploit Dev weekly newsletter | Join the club Contact: [email protected]
Boris Larin @oct0xor
18K Followers 658 Following Former console hacker (PS3/PS4). Hunting in the wild 0-days at Kaspersky GReAT. All tweets are my own.
Jordy Zomer @pwningsystems
3K Followers 258 Following Security Engineer @ Google, likes fuzzing, static analysis and VR. The opinions stated here are my own, not those of my company.
Aliz (they/them pls) @AlizTheHax0r
1K Followers 1K Following Also https://t.co/Aq1HjG2fFq +same at bluesky. Curiosity/divergence/general hackery. Quite trans. they/them. Nonbinary, happily married.