CommunityNews

How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack

hi, i’m daniel. i’m a 16-year-old high school senior. in my free time, i hack billion dollar companies and build cool stuff.

about a month ago, a couple of friends and I found serious critical vulnerabilities on Mintlify, an AI documentation platform used by some of the top companies in the world.

i found a critical cross-site scripting vulnerability that, if abused, would let an attacker to inject malicious scripts into the documentation of numerous companies and steal credentials from users with a single link open.

(go read my friends’ writeups (after this one))
how to hack discord, vercel, and more with one easy trick (eva)
Redacted by Counsel: A supply chain postmortem (MDL)

Read in full here:

gist.github.com

https://gist.github.com/hackermondev/5e2cdc32849405fff6b46957747a2d28

writeup.md

hi, i'm daniel. i'm a 16-year-old high school senior. in my free time, i [hack billion dollar companies](https://hackerone.com/daniel) and build cool stuff.

about a month ago, a couple of friends and I found serious critical vulnerabilities on Mintlify, an AI documentation platform used by some of the top companies in the world. 

i found a critical cross-site scripting vulnerability that, if abused, would let an attacker to inject malicious scripts into the documentation of numerous companies and steal credentials from users with a single link open.

(go read my friends' writeups (after this one)) <br>
[how to hack discord, vercel, and more with one easy trick (eva)](https://kibty.town/blog/mintlify/) <br>
[Redacted by Counsel: A supply chain postmortem (MDL)](https://heartbreak.ing/)

This file has been truncated. show original

View thread on forum

#twitter #discord #vercel #cursor

0 5 0

2025-12-19 03:36:03 UTC

Where Next?

View thread on forum

twitter

discord

vercel

cursor

Home General Dev>In The News

#twitter #discord #vercel #cursor

0 5 0

Last post

Popular General Dev topics

General Dev>In The News

SkiftOS: Simple, handmade operating system for the x86 platform

skiftOS is a simple, handmade operating system for the x86 platform, aiming for clean and pretty APIs while keeping the spirit of UNIX. s...

github.com

#skiftos

2 1996 3

2021-01-28 14:47:06 UTC

New

General Dev>In The News

SPWN – A programming language that compiles to Geometry Dash levels

SPWN is a programming language that compiles to Geometry Dash levels. What that means is that you can create levels by using not only the...

github.com

#programming

0 2217 0

2021-08-31 16:10:33 UTC

New

General Dev>In The News

LG 28-inch 16:18 DualUp Monitor

LG 28-inch 16:18 DualUp Monitor with Ergo Stand and USB Type-C™ (28MQ780-B) | LG USA. Shop LG 28MQ780-B on the official LG.com website ...

lg.com

12 2239 12

2022-09-01 19:28:37 UTC

New

General Dev>In The News

Tim Cook to take 50% pay hit after shareholder feedback

Apple’s Tim Cook to take 50% pay hit after shareholder feedback. ‘Target compensation’ for CEO down from $99.4m in 2022 to an expected $...

theguardian.com

#feedback

0 1856 0

2023-01-13 17:12:56 UTC

New

General Dev>In The News

Zig now has built-in HTTP server and client in std

zig/http.zig at 7cf2cbb33ef34c1d211135f56d30fe23b6cacd42 · ziglang/zig. General-purpose programming language and toolchain for maintaini...

github.com

/zig #http

0 5624 0

2023-05-19 00:35:41 UTC

New

General Dev>In The News

Two US lawyers fined for submitting fake court citations from ChatGPT

Two US lawyers fined for submitting fake court citations from ChatGPT. Law firm also penalised after chatbot invented six legal cases th...

theguardian.com

#chatgpt

0 2231 3

2024-01-29 11:33:13 UTC

New

General Dev>In The News

Why Python is terrible

Why Python is terrible… Nice language, but unsuitable for most professional purposes

josvisser.substack.com

/python

8 1314 6

2024-04-06 04:17:41 UTC

New

General Dev>In The News

To avoid being replaced by LLMs, do what they can't

To avoid being replaced by LLMs, do what they can’t. What LLM’s can’t do yet

seangoedecke.com

18 1109 7

2025-04-14 19:56:29 UTC

New

General Dev>In The News

I'm a neuroscientist. Here's the surprising truth about TikTok 'brain rot'

What did the study find? They scanned the brains of more than a hundred undergrad students and had them complete a questionnaire about th...

sciencefocus.com

#tiktok

1 463 0

2025-03-10 18:02:25 UTC

New

General Dev>In The News

TrueSkill 2: An improved Bayesian skill rating system - Microsoft Research

Online multiplayer games, such as Gears of War and Halo, use skill-based matchmaking to give players fair and enjoyable matches. They dep...

microsoft.com

#microsoft

0 1031 0

2025-04-14 06:01:41 UTC

New

Other popular topics

Linux>Questions

AMD or Intel for Programming with Linux as the OS?

I am thinking in building or buy a desktop computer for programing, both professionally and on my free time, and my choice of OS is Linux...

#mobile #android #web-development #linux #desktop-computer #mobile-development

36 6006 10

2020-07-12 20:50:05 UTC

New

Backend>Questions

Can someone explain the -t option/flag in docker run command?

I know that -t flag is used along with -i flag for getting an interactive shell. But I cannot digest what the man page for docker run com...

#docker

7 10261 2

2020-09-01 07:19:16 UTC

New

General Dev>Hardware

Seen any cool new keyboards?

We have a thread about the keyboards we have, but what about nice keyboards we come across that we want? If you have seen any that look n...

/keyboards #mechanical-keyboards

49 5910 39

2025-05-10 22:54:44 UTC

New

Backend>Chat

How to install Ruby 3 with ASDF

In case anyone else is wondering why Ruby 3 doesn’t show when you do asdf list-all ruby :man_facepalming: do this first: asdf plugin-upd...

/ruby #asdf

11 5961 4

2021-02-02 08:02:13 UTC

New

Science/Tech>Health & Diet

David Sinclair's new Lifespan podcast

We’ve talked about his book briefly here but it is quickly becoming obsolete - so he’s decided to create a series of 7 podcasts, the firs...

#health #podcasts #bio-hackers #david-sinclair

87 6790 49

2022-04-12 16:27:36 UTC

New

General Dev>In The News

Zig now has built-in HTTP server and client in std

zig/http.zig at 7cf2cbb33ef34c1d211135f56d30fe23b6cacd42 · ziglang/zig. General-purpose programming language and toolchain for maintaini...

github.com

/zig #http

0 5624 0

2023-05-19 00:35:41 UTC

New

AI>Chat

Post your DeepSeek results

Curious what kind of results others are getting, I think actually prefer the 7B model to the 32B model, not only is it faster but the qua...

/deepseek

15 4275 15

2025-03-06 23:29:12 UTC

New

Backend>Learning Resources

MySQL 9 Essentials

A concise guide to MySQL 9 database administration, covering fundamental concepts, techniques, and best practices. Neil Smyth MySQL...

pragprog.com

#pragprog #published-book /mysql /book-mysql-9-essentials

2 4162 0

2025-03-12 13:05:49 UTC

New

AI>Questions

What are the best text-to-speech ai generation tools that you can run locally?

Background Lately I am in a quest to find a good quality TTS ai generation tool to run locally in order to create audio for some videos I...

#ai #text-to-speech

6 12337 3

2025-03-24 16:48:39 UTC

New

General Dev>Reviews

Keyboard Review: UHK60V2 vs Defy vs Voyager vs Glove80 vs Svalboard

Ok, well here are some thoughts and opinions on some of the ergonomic keyboards I have, I guess like mini review of each that I use enoug...

/keyboards #uhk60v2 #defy #voyager #glove80 #svalboard

5 5681 7

2025-04-21 21:44:45 UTC

New

General Dev>In The News

The Case for Physical Media Ownership

General Dev>In The News

Fusion Programming Language

General Dev>In The News

It’s a bad time to want a new computer

General Dev>In The News

YouTube updates Shorts to make it even more like TikTok

General Dev>In The News

Europe is pushing back on Washington’s chip war

General Dev>In The News

What can wonky APIs tell us about the web?

General Dev>In The News

A Little Explanation of Little's Law

General Dev>In The News

Valve describes just how brutal RAM negotiations are in 2026

General Dev>In The News

WhatsApp gets new chief as Meta taps India’s CRED founder Kunal Shah and invests $900M in startup

General Dev>In The News

NHTSA investigating alleged Tesla Autopilot crash that killed woman in her home

General Dev>In The News

General Dev In The News ❯

Latest on Devtalk

Linux on Older Hardware: The Complete Revival Guide (2026)

Linux>In The News

Beer CSS – Build material design in record time

Frontend>In The News

The Case for Physical Media Ownership

General Dev>In The News

Cybersecurity in the post-mythos era: Keep calm and carry on!

AI>In The News

Symfony v8.0.14 and v7.4.14 released!

Backend>Official News

Why GTA 6 will launch without a disc - and what it means for gamers

Game Dev>In The News

Fusion Programming Language

General Dev>In The News

What it Means to Be a Mathematician When AI Does the Math

AI>In The News

WebSharper 10.1.6.676 released!

Backend>Official News

It’s a bad time to want a new computer

General Dev>In The News

YouTube updates Shorts to make it even more like TikTok

General Dev>In The News

AI was supposed to kill engineering jobs, but new data suggests they’re the most resilient

AI>In The News

Europe is pushing back on Washington’s chip war

General Dev>In The News

React Native v0.83.10 released!

Hybrid>Official News

What can wonky APIs tell us about the web?

General Dev>In The News

Devtalk ❯

We ❤️ helpful members!

We reward our most helpful members via our MOTM scheme - by giving away a whopping 25 books per year!

Sub Categories:

We're in Beta

About us Mission Statement See our Roadmap

How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack

CommunityNews

How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack

Where Next?

Popular General Dev topics

SkiftOS: Simple, handmade operating system for the x86 platform

SPWN – A programming language that compiles to Geometry Dash levels

LG 28-inch 16:18 DualUp Monitor

Tim Cook to take 50% pay hit after shareholder feedback

Zig now has built-in HTTP server and client in std

Two US lawyers fined for submitting fake court citations from ChatGPT

Why Python is terrible

To avoid being replaced by LLMs, do what they can't

I'm a neuroscientist. Here's the surprising truth about TikTok 'brain rot'

TrueSkill 2: An improved Bayesian skill rating system - Microsoft Research

Other popular topics

AMD or Intel for Programming with Linux as the OS?

Can someone explain the -t option/flag in docker run command?

Seen any cool new keyboards?

How to install Ruby 3 with ASDF

David Sinclair's new Lifespan podcast

Zig now has built-in HTTP server and client in std

Post your DeepSeek results

MySQL 9 Essentials

What are the best text-to-speech ai generation tools that you can run locally?

Keyboard Review: UHK60V2 vs Defy vs Voyager vs Glove80 vs Svalboard

Sponsor Spotlight

General Dev>In The News

Latest on Devtalk

We ❤️ helpful members!

Devtalk Sponsors

Categories:

Sub Categories:

Popular Portals

Devtalk Sponsors

We're in Beta