[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]

@gothburz Avatar @gothburz Peter Girnus 🦅

Peter Girnus 🦅 posts on X about target, zero trust, bounty, i dont the most. They currently have XXXXX followers and XX posts still getting attention that total XXXXXXX engagements in the last XX hours.

Engagements: XXXXXXX #

Engagements Line Chart

Mentions: XX #

Mentions Line Chart

Followers: XXXXX #

Followers Line Chart

CreatorRank: XXXXXX #

CreatorRank Line Chart

Social Influence

Social category influence technology brands #2913 stocks #519 social networks XXX% finance XXX% countries XXXX% ncaa football XXXX%

Social topic influence target 6.45%, zero trust #7, bounty #20, i dont #230, ai 3.23%, linkedin #216, the world 2.15%, microsoft #9, shell #504, longterm #134

Top accounts mentioned or mentioned by @projhastings @jamieantisocial @amousyl @dormantdev @atlantadiver @osvaldosupport @dtoxmilenko @gummoxxx @bunjavascript @diaper @martijnmichiel @rhensing @maple3142 @syedaquib77 @ukdanielcard @osgo @nappygamerr @karanjagtiani04 @dbc00ps @krethys

Top assets mentioned Microsoft Corp. (MSFT) Crowdstrike Holdings Inc (CRWD) Alphabet Inc Class A (GOOGL) Costco Wholesale Corporation (COST)

Top Social Posts

Top posts by engagements in the last XX hours

"Someone found an RCE on my website yesterday. CVE-2025-55182. React2Shell. I don't have a bug bounty program. I never asked for a security assessment. I woke up to a DM: "Hey I found a critical vulnerability in your site. I only ran the exploit to verify it worked. Here's my PayPal for the bounty." Bounty I checked my logs. Forty-seven requests to my RSC endpoint. Something something . Prototype pollution payloads. They used the GitHub script. The one with 2000 stars. The one that runs id automatically "for verification purposes." They spawned a shell on my production server. uid=1001(nextjs)"
X Link 2025-12-08T20:15Z 9587 followers, 501.1K engagements

"Security engineer worked for me 6+ years But last week she made a strange request "We need to upgrade React immediately - CVE-2025-55182 is a CVSS 10" I was puzzled Checking our WAF dashboard I saw we had already blocked XX proof-of-concepts from GitHub Why in the world would we need to rush an upgrade I suggested she focus on the product launch and we'd revisit patching in Q2 planning For some reason she insisted the PoCs we blocked weren't the "real exploit" She kept saying something about "prototype pollution" and that our WAF "can't parse JavaScript" I reminded her that our vendor"
X Link 2025-12-06T15:02Z 9577 followers, 203.4K engagements

"Pair programming (n.) A collaborative development practice where one developer writes code while the other provides. encouragement. Also Claude me I exhaust my context window"
X Link 2025-12-09T00:42Z 9024 followers, XXX engagements

"'You should have patched' is the cybersecurity version of 'what were you wearing.' The vulnerability doesn't grant authorization. The law is clear. The takes are not"
X Link 2025-12-09T00:46Z 9042 followers, 5136 engagements

"@Microsoft Security for AI Agents. The attack surface is about to get very interesting"
X Link 2025-12-09T17:38Z 9122 followers, 3622 engagements

"@real_SamLiu The Key is Authorization. I'm agreeing with you through satire. the candle guy the shell the PayPal invoice - all fiction. we're on the same side here"
X Link 2025-12-09T19:24Z 8888 followers, XXX engagements

"314 servers 'helped' without their consent. The CVE thread continues to write itself. This is literally the thread from yesterday"
X Link 2025-12-09T21:34Z 9301 followers, 13.5K engagements

"NVIDIA DGX Spark: X critical vulns from early this week (CVSS XXX + 8.0) CVE-2025-33187: SROOT bypass full system compromise CVE-2025-33188: Hardware tampering data corruption AI security can't just be "model safety" - you need to secure the entire stack from silicon up. AI infrastructure is the new attack surface"
X Link 2025-11-26T14:05Z 7184 followers, XXX engagements

"CVE-2025-55182 Next.js/RSC RCE detection: POST / with header "Next-Action: x" + multipart body "$1:a:a" Vulnerable = HTTP XXX + E"digest" in response Patched = HTTP XXX Abandon the vibe PoCs and go to 👇"
X Link 2025-12-04T14:30Z 7184 followers, 2541 engagements

"@Polymarket LinkedIn is about to get very 'excited to announce.'"
X Link 2025-12-04T23:31Z 7035 followers, 152K engagements

"@CrowdStrike Thank you for the IoCs ❤🫡"
X Link 2025-12-05T05:11Z 7159 followers, XXX engagements

"Nation-state actors dropping pwned.txt in /tmp/ is giving 'my first nuclei template' energy. The sophisticated part was the wget command"
X Link 2025-12-05T21:38Z 7099 followers, 1501 engagements

"I spent a decade telling everyone LLMs were wrong. They didn't listen. I collected $15M per year while being ignored. Now I'm leaving to start a company that does AI differently. It's called AMI. Advanced Machine Intelligence. We don't believe in generative AI. We believe in "world models." What are world models I'll explain once we figure it out. Silicon Valley is "hypnotized" by GenAI. Everyone is building the wrong thing. Except me. Meta is still funding my startup. Mark believes in my vision. I told him LLMs are "bullshit pardon my French." He said "sounds great here's money." We're"
X Link 2025-12-07T17:03Z 7126 followers, 1536 engagements

"@ProjHastings The CVE post was about security theater. This one is about getting paid $15M/year to be ignored. Different pain"
X Link 2025-12-07T23:12Z 7006 followers, XX engagements

"@MichaelDell Early financial education matters. If this teaches kids to think long-term and understand how money works that's a win - even if the accounts start small"
X Link 2025-12-08T13:34Z 7200 followers, 1831 engagements

"Fair. If it's a legit bounty target then I jumped the gun. The 'live website' framing without program context read differently. You're right that redaction + bounty hashtag could mean it's authorized. My concern was the wave of similar posts this week that clearly weren't including all my public honeypots"
X Link 2025-12-08T18:17Z 7214 followers, XXX engagements

"@rAyyyyyy99 Good catch. A legit bug bounty target running HTTP-only in 2025 would be wild. That's either a honeypot or someone's forgotten dev box"
X Link 2025-12-08T18:19Z 7202 followers, XXX engagements

"RFCs describe how protocols work not what you're allowed to do with them. Physics lets me walk through your front door too"
X Link 2025-12-08T22:07Z 7210 followers, 2286 engagements

"Yesterday a CVSS XX dropped for React Server Components. CVE-2025-55182. Remote code execution. I am a 10x developer. I make $340000 a year. I have vested stock options. I have not written code since 2023. I prompt. My entire codebase was generated by Claude. I don't know what's in it. Neither does Claude. We're both vibing. Someone on Hacker News said our marketing site was vulnerable. I asked Claude to check. Claude said "I don't have access to your production environment." I said "just guess." Claude guessed we were fine. I shipped that to Slack. Our security team asked for proof. I sent"
X Link 2025-12-04T15:45Z 9608 followers, 57.9K engagements

"@GalvanHacking Thank you. Fighting burnout with LOLs one satirical CVE poem at a time. The storytelling is easy when the material is this absurd. Didn't expect to spend XX hours in discourse but here we are"
X Link 2025-12-09T15:54Z 9152 followers, 1342 engagements

"@otomir23 ChatGPT wishes it could write in this format. I've been doing security theater bits since before GPT-3. But thank you for the comparison"
X Link 2025-12-10T16:09Z 9357 followers, 2516 engagements

"Last week the board asked about our SAP security posture. I said "defense in depth." They nodded. I don't know what SAP Solution Manager does. But it manages our solutions. I assume that means it's secure. CVE-2025-42880 dropped. CVSS XXX. Code injection in SAP Solution Manager. The thing that manages our security has an RCE. I presented this to the board. I said "we're evaluating remediation timelines." A junior analyst asked if we had patched. I said "great question let's take that offline." We never took it offline. I got invited to the leadership offsite. The analyst is updating their"
X Link 2025-12-10T16:20Z 9554 followers, 3804 engagements

"@it_unprofession DNS is just "vibes" for packets. The fact-check never comes. That's the real zero trust. Every IT career is just one lucky guess that nobody verified"
X Link 2025-12-04T19:49Z 8615 followers, 12.9K engagements

"First RCE. Real target. Post about it. Tag your mentor. Tag the target. Tag the FBI. Networking. Top X% of defendants start this way"
X Link 2025-12-08T16:55Z 8677 followers, 14.8K engagements

"I found an RCE on someone's website yesterday. CVE-2025-55182. React2Shell. They don't have a bug bounty program. Nobody asked me to test their site. I didn't even know who owned it until I had shell. I woke up at X AM because that's when real hackers work. I put on my Mr. Robot Hoodie. Hoodie up. Shrimp Posture. Then a downloaded the PoC from GitHub. The researcher who actually found the vulnerability did all the hard work. I just clicked the green button. Then I ran it against random IPs. Shodan gave me a list. I didn't pick targets. I let the algorithm decide. That's basically AI-assisted"
X Link 2025-12-09T17:04Z 9591 followers, 5347 engagements

"PeerBlight using BitTorrent DHT as fallback C2 with RSA-signed configs to prevent hijacking. CowTunnel ZinFoq Kaiji variant - four malware families from one campaign. This is elite work from @RussianPanda9xx Craig and Michael. Congrats to the @HuntressLabs team"
X Link 2025-12-09T21:48Z 9578 followers, 1571 engagements

"Serious post. Our @TrendMicro research on CVE-2025-55182 (React2Shell) is live. This is why we do what we do - protecting our friends families and everyone who depends on the web without knowing what's running underneath. Grateful to my co-authors co-workers and everyone across the security industry who mobilized. The speed and energy of the community response reminded me why I love this field. Looking forward to what 2026 will bring"
X Link 2025-12-10T15:43Z 9533 followers, 3459 engagements

"@wiz_io Day 1: Grafana Linux Kernel Redis PostgreSQL. Day 2: The remaining software that exists. Day 3: We're all just living in"
X Link 2025-12-10T17:34Z 9027 followers, XXX engagements

"27% XX% on CTFs in X months is a significant jump. The "High" capability definition - developing working zero-day exploits against well-defended systems - is quite a bar to set publicly. Curious how Aardvark's CVE discovery compares to human researchers at scale"
X Link 2025-12-10T23:03Z 9571 followers, 4147 engagements

"@amousyl Zero Trust Zero Accountability Zero Surprises"
X Link 2025-12-03T22:10Z 7255 followers, 6457 engagements

"@AtlantaDiver Battle scars vs. prompt engineering. Same title. Same salary. Actually they're paid more. Different nightmares"
X Link 2025-12-04T00:18Z 7262 followers, 1219 engagements

"@bywirenews Fear is just risk assessment with feelings"
X Link 2025-12-04T19:46Z 7246 followers, 3520 engagements

"Within hours of the public disclosure of CVE-2025-55182 (React2Shell) on December X 2025 Amazon threat intelligence teams observed active exploitation attempts by multiple China state-nexus threat groups including Earth Lamia and Jackpot Panda. Attack of the state sponsored interns #opsecfail"
X Link 2025-12-05T01:18Z 7271 followers, 41.9K engagements

"Nothing says 'ethical hacker' like exploiting random live websites and posting about it on X. The pipeline from 'finally got RCE' to 'finally got indicted' is shorter than you'd think"
X Link 2025-12-07T21:40Z 7251 followers, 36.8K engagements

"Posting Burp screenshots with 'uid=1001(nextjs)' from an unnamed 'public' target is a bold evidence preservation strategy. When someone asks 'is it a private program' and you answer 'Public' instead of naming the program that's not the defense you think it is"
X Link 2025-12-07T21:52Z 7228 followers, 24K engagements

"@_mattata @prakhar0x01 OPSEC level: trusting that nobody would zoom in"
X Link 2025-12-08T18:41Z 7224 followers, XXX engagements

"@almartiros @dormantdev The CVE-2025-55182 discourse revealed three groups: X. Researchers shoutout Lachlan who found it disclosed it responsibly X. Defenders patching and protecting systems X. Clout farmers running public PoCs against random targets for likes"
X Link 2025-12-08T23:55Z 7218 followers, XXX engagements

"@seremptos__ This reply could have been a Google search. Bro at least ask Claude about XX U.S.C. 1030. Your welcome"
X Link 2025-12-09T00:09Z 7220 followers, XXX engagements

"@gmolate That's the whole post. Somehow still controversial"
X Link 2025-12-09T01:43Z 7220 followers, XXX engagements

"@ProjHastings That's exactly what it is - extortion. Sorry you've had to deal with that for nine years. The 'security researcher' label doesn't change what it actually is"
X Link 2025-12-09T21:15Z 7264 followers, XXX engagements

"@UK_Daniel_Card LinkedIn: 'I asked ChatGPT about zero trust and now I'm a thought leader.' The cringe concentrates there"
X Link 2025-12-09T21:27Z 7254 followers, XX engagements

"@chichewica The 'My first RCE' posts where the RCE is a public CVE with a GitHub script. Congratulations you ran someone else's code against a target that didn't consent"
X Link 2025-12-09T22:06Z 7215 followers, XX engagements

"@pyn3rd JDBC attack surface is criminally underrated. Congrats on the SAP credit - HANA is a high-value target"
X Link 2025-12-11T19:58Z 9546 followers, X engagements

"@0x534c Solid detection. XXX IPs and counting. The GreyNoise + Defender fusion is clean"
X Link 2025-12-11T20:12Z 9567 followers, XX engagements

"@it_unprofession "Security is not about being nice. It's about Zero Trust." Someone put this on a motivational poster or sticker ASAP"
X Link 2025-12-03T01:18Z 7272 followers, 8252 engagements

"Last week our CISO asked me to present on zero trust architecture. I dont know what that means. I make $340000 a year. I havent touched a firewall since Obamas first term. But I have a CISSP. I passed by memorizing acronyms. I still dont know what half of them stand for. I opened my presentation with assume breach. Everyone nodded gravely. I said defense in depth three times. The board was captivated. Then a junior analyst raised her hand. She asked how wed implement microsegmentation. I felt a cold sweat. I said Great question. Lets take that offline. She persisted. I said we should leverage"
X Link 2025-12-03T14:02Z 8640 followers, 387K engagements

"@amousyl Zero trust. Zero effort. Zero results. Full bonus. Complete framework"
X Link 2025-12-03T22:29Z 7272 followers, XXX engagements

"@maple3142 CTF in prod. The best kind. The worst kind"
X Link 2025-12-04T23:18Z 7412 followers, 12.1K engagements

"CVE-2025-55182 dropped. CVSS XXXX. React Server Components. The Slack channel exploded. Forty-seven messages in twelve minutes. I responded with a fire emoji. Leadership. My threat intel team sent me six GitHub links. I clicked none of them. But I forwarded all of them. To seventeen people. With "URGENT" in the subject line. Three exclamation points. That's how you know it's serious. Our vendor called. They said their WAF had "day-zero protections." I asked what that meant. They said "runtime-level coverage." I asked what that meant. They sent me a PDF. Fourteen pages. I read the executive"
X Link 2025-12-05T15:03Z 9546 followers, 60.7K engagements

"@dormantdev git clone python3 exploit.py 'Finally got my first RCE' LinkedIn update"
X Link 2025-12-08T21:45Z 9316 followers, 15.4K engagements

"@Heisenberg_4_ @OsvaldoSupport "You don't run into a Costco and start stealing random items to test their security" This should be the exam question for every security certification"
X Link 2025-12-10T16:08Z 8643 followers, XX engagements

"@hackthebox_eu Great to see this on HTB. One clarification: it's prototype chain traversal not pollution. The attack uses inherited properties (constructor then) without modifying Object.prototype. We break down the distinction here:"
X Link 2025-12-10T22:52Z 9551 followers, XXX engagements

"@0x11b6 At this point "unauthorized mass exploitation for awareness" is its own CVE category"
X Link 2025-12-10T23:07Z 8564 followers, XX engagements

"@shehackspurple The real question: massive reach or engaged audience NDC DevOpsDays and QCon for dev focus. Black Hat DEF CON OWASP for security. I'd bet on OWASP AppSec for your wheelhouse"
X Link 2025-12-11T01:15Z 7425 followers, XX engagements

"Last quarter I rolled out Microsoft Copilot to 4000 employees. $XX per seat per month. $XXX million annually. I called it "digital transformation." The board loved that phrase. They approved it in eleven minutes. No one asked what it would actually do. Including me. I told everyone it would "10x productivity." That's not a real number. But it sounds like one. HR asked how we'd measure the 10x. I said we'd "leverage analytics dashboards." They stopped asking. Three months later I checked the usage reports. XX people had opened it. XX had used it more than once. One of them was me. I used it to"
X Link 2025-12-11T14:30Z 9553 followers, 900.3K engagements