CommunityNews

How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack

hi, i’m daniel. i’m a 16-year-old high school senior. in my free time, i hack billion dollar companies and build cool stuff.

about a month ago, a couple of friends and I found serious critical vulnerabilities on Mintlify, an AI documentation platform used by some of the top companies in the world.

i found a critical cross-site scripting vulnerability that, if abused, would let an attacker to inject malicious scripts into the documentation of numerous companies and steal credentials from users with a single link open.

(go read my friends’ writeups (after this one))
how to hack discord, vercel, and more with one easy trick (eva)
Redacted by Counsel: A supply chain postmortem (MDL)

Read in full here:

gist.github.com

https://gist.github.com/hackermondev/5e2cdc32849405fff6b46957747a2d28

writeup.md

hi, i'm daniel. i'm a 16-year-old high school senior. in my free time, i [hack billion dollar companies](https://hackerone.com/daniel) and build cool stuff.

about a month ago, a couple of friends and I found serious critical vulnerabilities on Mintlify, an AI documentation platform used by some of the top companies in the world. 

i found a critical cross-site scripting vulnerability that, if abused, would let an attacker to inject malicious scripts into the documentation of numerous companies and steal credentials from users with a single link open.

(go read my friends' writeups (after this one)) <br>
[how to hack discord, vercel, and more with one easy trick (eva)](https://kibty.town/blog/mintlify/) <br>
[Redacted by Counsel: A supply chain postmortem (MDL)](https://heartbreak.ing/)

This file has been truncated. show original

View thread on forum

#twitter #discord #vercel #cursor

0 5 0

2025-12-19 03:36:03 UTC

Where Next?

View thread on forum

twitter

discord

vercel

cursor

Home General Dev>In The News

#twitter #discord #vercel #cursor

0 5 0

Last post

Popular General Dev topics

General Dev>In The News

I wired my tree with 500 LED lights and calculated their 3D coordinates

I wired my tree with 500 LED lights and calculated their 3D coordinates… If you support me on Patreon at any point in December 2020 I wi...

youtube.com

1 1744 2

2022-11-15 15:35:32 UTC

New

General Dev>In The News

Emacs Typing Tutor

Last night I re-read this Steve Yegge article about learning to type as a programmer. I can touch type, but I don’t usually manage to bre...

connorberry.com

/emacs #typing

0 1644 0

2021-09-22 05:32:49 UTC

New

General Dev>In The News

It's not what programming languages do, it's what they shepherd you to

It’s not what programming languages do, it’s what they shepherd you to. How many of you have listened, read or taken part in a discussio...

nibblestew.blogspot.com

#programming #languages

50 2055 19

2022-05-10 15:41:49 UTC

New

General Dev>In The News

Matrix web-based green code rain, made with love

GitHub - Rezmason/matrix: matrix (web-based green code rain, made with love). matrix (web-based green code rain, made with love) - GitHu...

github.com

#green

1 657 0

2022-09-24 13:47:02 UTC

New

General Dev>In The News

Declarative GNOME configuration with NixOS

Declarative GNOME configuration with NixOS. I adore tinkering with my machine, trying new tools, extensions, themes, and ideas. When I w...

hoverbear.org

/nixos

0 1557 0

2023-05-01 14:45:52 UTC

New

General Dev>In The News

Zig now has built-in HTTP server and client in std

zig/http.zig at 7cf2cbb33ef34c1d211135f56d30fe23b6cacd42 · ziglang/zig. General-purpose programming language and toolchain for maintaini...

github.com

/zig #http

0 5624 0

2023-05-19 00:35:41 UTC

New

General Dev>In The News

DreamBerd is a perfect programming language

GitHub - TodePond/DreamBerd: perfect programming language. perfect programming language. Contribute to TodePond/DreamBerd development by...

github.com

#programming

3 1734 2

2023-06-10 08:05:04 UTC

New

General Dev>In The News

The Definitive PHP 7.2, 7.3, 7.4, 8.0, and 8.1 Benchmarks (2023)

The Definitive PHP 7.2, 7.3, 7.4, 8.0, and 8.1 Benchmarks (2023). We tested the performance of 14 PHP platforms (WordPress, Drupal, Lara...

kinsta.com

/php

0 1888 0

2023-09-10 13:37:51 UTC

New

General Dev>In The News

Apple Patents Suggest Future AirPods Could Monitor Biosignals and Brain Activity

Apple Patents Suggest Future AirPods Could Monitor Biosignals & Brain Activity - AppleMagazine. The US Patent & Trademark Office...

applemagazine.com

#apple #monitor

0 1477 0

2023-10-11 01:56:37 UTC

New

General Dev>In The News

Review of Linux on Minisforum V3 AMD Ryzen Tablet

A Brief Review of the Minisforum V3 AMD Tablet. Update: I have created an awesome-minisforum-v3 GitHub repository to list information fo...

mudkip.me

#linux #review #amd

0 4635 0

2024-06-24 02:26:38 UTC

New

Other popular topics

Game Dev>Learning Resources

The Ray Tracer Challenge

Brace yourself for a fun challenge: build a photorealistic 3D renderer from scratch! In just a couple of weeks, build a ray tracer that r...

pragprog.com

#pragprog #published-book /book-the-ray-tracer-challenge #algorithms

3 6115 0

2020-09-22 14:26:56 UTC

New

Backend>Chat

What is the reason behind Rust’s web framework, Rocket, not performing as well as expected in the Techempower benchmarks?

I know that these benchmarks might not be the exact picture of real-world scenario, but still I expect a Rust web framework performing a ...

#web-frameworks /rust

36 7463 11

2020-06-21 10:50:02 UTC

New

Game Dev>Learning Resources

Apple Game Frameworks and Technologies

Design and develop sophisticated 2D games that are as much fun to make as they are to play. From particle effects and pathfinding to soci...

pragprog.com

#pragprog #ios #game-dev #macos /swift #published-book #apple /book-apple-game-frameworks-and-technologies

30 7995 10

2021-04-22 16:51:02 UTC

New

General Dev>Hardware

Planck vs Preonic vs Subatomic (Keyboards)

I ended up cancelling my Moonlander order as I think it’s just going to be a bit too bulky for me. I think the Planck and the Preonic (o...

/keyboards #mechanical-keyboards #ortholinear #planck #preonic

105 17596 47

2021-05-28 21:32:35 UTC

New

Linux>Questions

What is the most minimalist Linux server distro?

I am asking for any distro that only has the bare-bones to be able to get a shell in the server and then just install the packages as we ...

#linux #servers

66 25846 24

2022-04-13 13:30:03 UTC

New

Backend>Learning Resources

Programming WebRTC

Use WebRTC to build web applications that stream media and data in real time directly from one user to another, all in the browser. ...

pragprog.com

#pragprog #published-book /js #webrtc /book-programming-webrtc

27 6969 6

2021-11-20 19:03:04 UTC

New

Backend>Chat

Data Structures and Algorithms with Elixir

This is going to be a long an frequently posted thread. While talking to a friend of mine who has taken data structure and algorithm cou...

/elixir #algorithms #data-structures

108 11869 31

2024-11-14 02:14:00 UTC

New

AI>In The News

How to fix the eyes in AI-generated images

aidemos.info

0 4508 0

2022-09-10 13:54:33 UTC

New

General Dev>In The News

Review of Linux on Minisforum V3 AMD Ryzen Tablet

A Brief Review of the Minisforum V3 AMD Tablet. Update: I have created an awesome-minisforum-v3 GitHub repository to list information fo...

mudkip.me

#linux #review #amd

0 4635 0

2024-06-24 02:26:38 UTC

New

Backend>Learning Resources

Risk-First Software Development, Second Edition

As digital systems increasingly run the world, mastery of the recurring patterns of software development risk is the key to fast and effe...

pragprog.com

#pragprog #published-book /book-risk-first-software-development-second-edition

12 4217 8

2025-09-19 12:27:58 UTC

New

General Dev>In The News

Beyond Instagram: Introducing the next generation of social apps

General Dev>In The News

News about Raspberry Pi 6 and Microcontroller Development

General Dev>In The News

Cleaner tech job search · Caio

General Dev>In The News

Strangely, Matrix Multiplications on GPUs Run Faster When Given "Predictable" Data! [short]

General Dev>In The News

What is a Direct Attach Copper (DAC) Cable?

General Dev>In The News

More than a decade later, the team behind N++ is back with a multiplayer sequel

General Dev>In The News

Transformers Are Inherently Succinct

General Dev>In The News

Kevin O’Leary agrees to downsize massive Utah data center

General Dev>In The News

I Made a Million Dollar Product from My Dorm Room

General Dev>In The News

Trillions of miles of data: Your car is spying on you, and it's only just the beginning

General Dev>In The News

General Dev In The News ❯

Latest on Devtalk

Nest v11.1.25 released!

Backend>Official News

Beyond Instagram: Introducing the next generation of social apps

General Dev>In The News

The gamers taking on the industry to stop it switching off games

Game Dev>In The News

News about Raspberry Pi 6 and Microcontroller Development

General Dev>In The News

Using Tailscale with an OrbStack VM on macOS

macOS>In The News

Postgres-backed Durable Workflow Execution | DBOS

Backend>In The News

Cleaner tech job search · Caio

General Dev>In The News

Sam Altman and Dario Amodei are both walking back their AI jobs apocalypse prophecies as they eye blockbuster IPOs | Fortune

AI>In The News

Various LLM smells

AI>In The News

Introducing Claude Opus 4.8

AI>In The News

Introducing dynamic workflows | Claude

AI>In The News

Social Animus

AI>In The News

How are you structuring Seedance 2.0 prompts for stable video output?

AI>Blogs/Talks

Strangely, Matrix Multiplications on GPUs Run Faster When Given "Predictable" Data! [short]

General Dev>In The News

What is a Direct Attach Copper (DAC) Cable?

General Dev>In The News

Devtalk ❯

We ❤️ helpful members!

We reward our most helpful members via our MOTM scheme - by giving away a whopping 25 books per year!

Sub Categories:

We're in Beta

About us Mission Statement See our Roadmap

How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack

CommunityNews

How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack

Where Next?

Popular General Dev topics

I wired my tree with 500 LED lights and calculated their 3D coordinates

Emacs Typing Tutor

It's not what programming languages do, it's what they shepherd you to

Matrix web-based green code rain, made with love

Declarative GNOME configuration with NixOS

Zig now has built-in HTTP server and client in std

DreamBerd is a perfect programming language

The Definitive PHP 7.2, 7.3, 7.4, 8.0, and 8.1 Benchmarks (2023)

Apple Patents Suggest Future AirPods Could Monitor Biosignals and Brain Activity

Review of Linux on Minisforum V3 AMD Ryzen Tablet

Other popular topics

The Ray Tracer Challenge

What is the reason behind Rust’s web framework, Rocket, not performing as well as expected in the Techempower benchmarks?

Apple Game Frameworks and Technologies

Planck vs Preonic vs Subatomic (Keyboards)

What is the most minimalist Linux server distro?

Programming WebRTC

Data Structures and Algorithms with Elixir

How to fix the eyes in AI-generated images

Review of Linux on Minisforum V3 AMD Ryzen Tablet

Risk-First Software Development, Second Edition

Sponsor Spotlight

General Dev>In The News

Latest on Devtalk

We ❤️ helpful members!

Devtalk Sponsors

Categories:

Sub Categories:

Popular Portals

Devtalk Sponsors

We're in Beta