Our blog announcing these includes a detailed technical walk through+ POCs if you were looking for more information:

zeropath.com/blog/spinnak...

Check out the blog post we announced these in for full technical details, including working POCs!

zeropath.com/blog/spinnak...

I just published two 10.0 severity Spinnaker vulns that allow code execution and pivoting into source control and production environments!

zeropath.com/blog/spinnak...

(CVE-2026-32604 and CVE-2026-32613)

These issues demonstrate the importance of zero trust architectures and defense in depth.

Unpatched RAGFlow Vulnerability Allows Post-Auth RCE - ZeroPath Blog A currently-unpatched vulnerability in RAGFlow 0.24 allows low-privilege authenticated users to execute arbitrary code on instances using Infinity for chunk storage. We walk through the discovery, exp...

Unpatched post-auth RCE in the latest version of RAGFlow.

Blog:

zeropath.com/blog/ragflow...

POC:

github.com/ZeroPathAI/r...

Video walkthrough:

youtu.be/1F-27CIlpgE

How good is Opus 4.6 at simple vuln detection? I built some benchmarks to find out. The results were simultaneously impressive and disappointing.

zeropath.com/blog/benchma...

Terminal window showing one of the CTF exercises

I just released some free exploit development CTFs based on real world CVEs. They include hints, walkthroughs and working exploits if you get stuck.

zeropath.com/blog/zeropat...

Malicious Websites Can Exploit Openclaw (aka Clawdbot) To Steal Credentials - ZeroPath Blog Openclaw (aka Clawdbot) delivers impressive AI experiences but malicious websites can abuse it to steal your credentials

I discovered that Openclaw (aka Clawdbot) allows malicious websites to steal session cookies if you have the chrome extension enabled.

zeropath.com/blog/opencla...

Patch just released -- be sure to update your Openclaw install!

Given the real world impact of building software poorly, should software engineering become a profession, just like any other form of engineering in the US?

Coding Through Chaos - CoRecursive Podcast What if your search for connection took you somewhere you never meant to go—almost costing you everything?John Walker grew up building computers and exploring early internet forums, always looking for...

What if your search for connection nearly destroyed you?

@leftenantzero.bsky.social's journey from addiction and isolation to belonging rewrites what it means to find your place.

corecursive.com/coding-throu...

"Beware! The time approaches when human beings no longer launch the arrow of their longing beyond the human..." (Nietzsche)

The enshittification of tech jobs Our last line of defense has fallen.

"the enshittification of tech jobs" -- great new Cory Doctorow piece.

doctorow.medium.com/https-plural...

Our understanding of ethics is so poor we think policing LLMs to suppress dirty words or scary information has something to do with them.

I'd prefer not to be out of work and under omnipresent AI-powered state surveillance.

"Guardrail" talk is about focusing you on the tech, not the operators.

Structures like the modern corporation and modern nation state tend to centralize and concentrate power to the extent the tools and forces available allow them. If not controlled by decentralized structures like DAOs, won't AI just be another powerful tool that allows greater centralization?

Companies are already gung ho about replacing workers with LLM's, even when it's a high risk, uncertain thing. While it's unlikely(?), I think we need a plan for knowledge work itself becoming obsolete. It should be more substantive than: let's hope they don't oppress us once they don't need us.

I think we need to focus on giving LLM's ersatz empathy and love for humanity. Ethics alone are not enough.

The moment an LLM can be persuaded that cruelty is rational, it will proceed without a second thought to the harm it causes.

The emotional cost of cruelty balances and tempers reason.

"how is this false ? I’ve heard this on multiple podcasts?"

epistemology in the internet era is broken

bring back virtue epistemology

Page 1

Page 2

Page 3

Page 4

I collaborated with @chatGPT to write a thrilling tale of shadows, surveillance, and secrets in a mechanized world.

Check out the first chapter — crafted with a little help from an LLM.

(Yes, AI wrote this message as well.)

#SciFi #Hacker #Dystopia #AI #LLM #Cyberpunk

low detection rates on macOS Amos malware on virustotal

Bunch of new Amos/Atomic #macOS #infostealers if you pivot off ```behaviour_processes:"sh -c curl -s https[:]//api.ipify[.]org/?format=text" tag:macho```
Low detections on V(h/t x.com/malwrhuntert...) #malware #apple #cybersecurity

John Walker - 5 Must-Know Open Source Identity Management Tools For Cloud Native Stacks YouTube video by LASCON

What's the point of a new blue sky account without some shameless self promotion:

I think we overlook defense in depth when it comes to identity, and that unsexy identity posture hardening one of the biggest opportunities defenders have to make attackers work harder.

youtu.be/wtAJogbtrPw

Nope:-/. Maybe just a fellow officer in his majesty's royal navy?

Hello world