CommunityNews

How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack

hi, i’m daniel. i’m a 16-year-old high school senior. in my free time, i hack billion dollar companies and build cool stuff.

about a month ago, a couple of friends and I found serious critical vulnerabilities on Mintlify, an AI documentation platform used by some of the top companies in the world.

i found a critical cross-site scripting vulnerability that, if abused, would let an attacker to inject malicious scripts into the documentation of numerous companies and steal credentials from users with a single link open.

(go read my friends’ writeups (after this one))
how to hack discord, vercel, and more with one easy trick (eva)
Redacted by Counsel: A supply chain postmortem (MDL)

Read in full here:

gist.github.com

https://gist.github.com/hackermondev/5e2cdc32849405fff6b46957747a2d28

writeup.md

hi, i'm daniel. i'm a 16-year-old high school senior. in my free time, i [hack billion dollar companies](https://hackerone.com/daniel) and build cool stuff.

about a month ago, a couple of friends and I found serious critical vulnerabilities on Mintlify, an AI documentation platform used by some of the top companies in the world. 

i found a critical cross-site scripting vulnerability that, if abused, would let an attacker to inject malicious scripts into the documentation of numerous companies and steal credentials from users with a single link open.

(go read my friends' writeups (after this one)) <br>
[how to hack discord, vercel, and more with one easy trick (eva)](https://kibty.town/blog/mintlify/) <br>
[Redacted by Counsel: A supply chain postmortem (MDL)](https://heartbreak.ing/)

This file has been truncated. show original

View thread on forum

#twitter #discord #vercel #cursor

0 5 0

2025-12-19 03:36:03 UTC

Where Next?

View thread on forum

twitter

discord

vercel

cursor

Home General Dev>In The News

#twitter #discord #vercel #cursor

0 5 0

Last post

Popular General Dev topics

General Dev>In The News

Neovim nightly, v0.5.0 and v0.4.4 released!

Neovim nightly, v0.5.0 and v0.4.4 has been released. Link: Release Nvim development (prerelease) build · neovim/neovim · GitHub Link:...

github.com

#official-news /neovim

0 1719 0

2021-07-11 23:08:05 UTC

New

General Dev>In The News

Google has a secret deal with FB called “Jedi Blue” that they knew was illegal

twitter.com

#google

42 1568 15

2021-11-09 21:07:44 UTC

New

General Dev>In The News

Doom-emacs: An Emacs framework

GitHub - hlissner/doom-emacs: An Emacs framework for the stubborn martian hacker. An Emacs framework for the stubborn martian hacker - G...

github.com

/emacs #doom-emacs

55 3346 16

2022-08-11 18:02:08 UTC

New

General Dev>In The News

A career ending mistake

A career ending mistake — Bitfield Consulting. As software engineers, we’re constantly making detailed, elaborate plans for computers to...

bitfieldconsulting.com

#career

22 1549 8

2022-03-12 13:42:09 UTC

New

General Dev>In The News

Quick Start Guide for Flipper Zero

Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocol...

blog.flipperzero.one

#guide

0 1468 0

2022-05-15 13:56:21 UTC

New

General Dev>In The News

Building GitHub with Ruby on Rails

Building GitHub with Ruby and Rails | The GitHub Blog. Since the beginning, GitHub.com has been a Ruby on Rails monolith. Today, the app...

github.blog

/ruby /rails #github

1 1159 1

2023-04-08 13:18:38 UTC

New

General Dev>In The News

Why I like Clojure as a solo developer | Biff

Why I like Clojure as a solo developer | Biff. Most of the reasons fall into a few categories: data orientation, the JVM, and the REPL.

biffweb.com

/clojure

2 1519 2

2023-04-23 01:18:47 UTC

New

General Dev>In The News

Perplexica: Open-Source Perplexity Alternative

GitHub - ItzCrazyKns/Perplexica: Perplexica is an AI-powered search engine. It is an Open source alternative to Perplexity AI. Perplexic...

github.com

0 1794 0

2024-05-24 14:44:33 UTC

New

General Dev>In The News

Phlex for Rails Emails: Action Mailer without ERB

Rendering Action Mailer emails with Phlex components and layouts: Clean, Composable, and Completely Ruby - Blog post by Camillo Visini

camillovisini.com

/rails #emails

0 805 0

2025-03-11 18:50:49 UTC

New

General Dev>In The News

Introducing Sidekiq 8.0

After six months of hard work, I’m thrilled to announce the general availability of Sidekiq 8.0! :partying_face::tada: Status Sidekiq is...

mikeperham.com

/ruby /rails

1 1368 0

2025-03-20 03:23:50 UTC

New

Other popular topics

Backend>Learning Resources

Programming Machine Learning

Machine learning can be intimidating, with its reliance on math and algorithms that most programmers don't encounter in their regular wor...

pragprog.com

#pragprog #ai /python #published-book /book-programming-machine-learning #math #algorithms

6 5350 3

2023-10-03 15:08:13 UTC

New

Game Dev>Learning Resources

The Ray Tracer Challenge

Brace yourself for a fun challenge: build a photorealistic 3D renderer from scratch! In just a couple of weeks, build a ray tracer that r...

pragprog.com

#pragprog #published-book /book-the-ray-tracer-challenge #algorithms

3 6115 0

2020-09-22 14:26:56 UTC

New

Science/Tech>Tech Chat

Games! Which do you play?

Which, if any, games do you play? On what platform? I just bought (and completed) Minecraft Dungeons for my Nintendo Switch. Other than ...

#games

246 6097 101

2024-08-22 11:09:29 UTC

New

General Dev>Hardware

What monitor(s) do you have for programming?

Please tell us what is your preferred monitor setup for programming(not gaming) and why you have chosen it. Does your monitor have eye p...

#monitors #coding #programming #development

227 11362 88

2022-02-01 12:02:08 UTC

New

Backend>Learning Resources

Concurrent Data Processing in Elixir

Learn different ways of writing concurrent code in Elixir and increase your application's performance, without sacrificing scalability or...

pragprog.com

#pragprog /elixir #published-book /book-concurrent-data-processing-in-elixir

78 6059 24

2021-09-04 12:35:42 UTC

New

Backend>Learning Resources

Effective Haskell

Build efficient applications that exploit the unique benefits of a pure functional language, learning from an engineer who uses Haskell t...

pragprog.com

#pragprog /haskell #published-book /book-effective-haskell

15 10218 1

2022-02-16 10:09:51 UTC

New

General Dev>In The News

Review of Linux on Minisforum V3 AMD Ryzen Tablet

A Brief Review of the Minisforum V3 AMD Tablet. Update: I have created an awesome-minisforum-v3 GitHub repository to list information fo...

mudkip.me

#linux #review #amd

0 4635 0

2024-06-24 02:26:38 UTC

New

Backend>Official News

Node.js v22.14.0 released!

Node.js v22.14.0 has been released. Link: Release 2025-02-11, Version 22.14.0 'Jod' (LTS), @aduh95 · nodejs/node · GitHub

github.com

/nodejs #official-news

0 4251 0

2025-02-11 15:30:14 UTC

New

Backend>Learning Resources

MySQL 9 Essentials

A concise guide to MySQL 9 database administration, covering fundamental concepts, techniques, and best practices. Neil Smyth MySQL...

pragprog.com

#pragprog #published-book /mysql /book-mysql-9-essentials

2 4162 0

2025-03-12 13:05:49 UTC

New

Game Dev>In The News

Grand Theft Auto: Vice City | DOS games in browser

Open-source implementation of the classic GTA engine now running directly in your browser. Experience the reVC technology demo on DOS.Zon...

dos.zone

#games #browser

0 173 0

2025-12-20 02:36:57 UTC

New

General Dev>In The News

Scientists “bottle the sun” with a liquid battery that stores solar energy

General Dev>In The News

VoIP Brings Back Old-Fashioned Payphones to Rural Vermont

General Dev>In The News

How Unknowable Math Can Help Hide Secrets | Quanta Magazine

General Dev>In The News

3D Gaussian Splatting in a Weekend

General Dev>In The News

Fisker went bankrupt and owners built open source car company from the ashes

General Dev>In The News

Where to buy a non-Apple, non-Google smartphone

General Dev>In The News

$δ$-mem: Efficient Online Memory for Large Language Models

General Dev>In The News

Meta to cut 10% of jobs, or 8,000 employees, report says

General Dev>In The News

Microsoft offers buyout for up to 7% of US employees

General Dev>In The News

A History of IDEs at Google

General Dev>In The News

General Dev In The News ❯

Latest on Devtalk

Make Friends With Your AI Assistant

Backend>Blogs/Talks

Scientists “bottle the sun” with a liquid battery that stores solar energy

General Dev>In The News

VoIP Brings Back Old-Fashioned Payphones to Rural Vermont

General Dev>In The News

How Unknowable Math Can Help Hide Secrets | Quanta Magazine

General Dev>In The News

3D Gaussian Splatting in a Weekend

General Dev>In The News

Fisker went bankrupt and owners built open source car company from the ashes

General Dev>In The News

Preact 10.29.2 released!

Frontend>Official News

Mocks Are Your Friends, Not Your Servants

Backend>Blogs/Talks

Where to buy a non-Apple, non-Google smartphone

General Dev>In The News

$δ$-mem: Efficient Online Memory for Large Language Models

General Dev>In The News

'I thought he was going to hit me' OpenAI co-founder says of Musk

AI>In The News

US to safety test new AI models from Google, Microsoft, xAI

AI>In The News

Meta to cut 10% of jobs, or 8,000 employees, report says

General Dev>In The News

Microsoft offers buyout for up to 7% of US employees

General Dev>In The News

Crystal 1.20.2 released!

Backend>Official News

Devtalk ❯

We ❤️ helpful members!

We reward our most helpful members via our MOTM scheme - by giving away a whopping 25 books per year!

Sub Categories:

We're in Beta

About us Mission Statement See our Roadmap

How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack

CommunityNews

How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack

Where Next?

Popular General Dev topics

Neovim nightly, v0.5.0 and v0.4.4 released!

Google has a secret deal with FB called “Jedi Blue” that they knew was illegal

Doom-emacs: An Emacs framework

A career ending mistake

Quick Start Guide for Flipper Zero

Building GitHub with Ruby on Rails

Why I like Clojure as a solo developer | Biff

Perplexica: Open-Source Perplexity Alternative

Phlex for Rails Emails: Action Mailer without ERB

Introducing Sidekiq 8.0

Other popular topics

Programming Machine Learning

The Ray Tracer Challenge

Games! Which do you play?

What monitor(s) do you have for programming?

Concurrent Data Processing in Elixir

Effective Haskell

Review of Linux on Minisforum V3 AMD Ryzen Tablet

Node.js v22.14.0 released!

MySQL 9 Essentials

Grand Theft Auto: Vice City | DOS games in browser

Sponsor Spotlight

General Dev>In The News

Latest on Devtalk

We ❤️ helpful members!

Devtalk Sponsors

Categories:

Sub Categories:

Popular Portals

Devtalk Sponsors

We're in Beta