Alesandro Ortiz πŸ‡΅πŸ‡·πŸ³οΈβ€πŸŒˆ

@[email protected]
757 Followers
430 Following
2K Posts

Software Engineer. Security Researcher. Puerto Rican πŸ‡΅πŸ‡·. New Yorker. Bilingual. LG(B)TQ πŸ³οΈβ€πŸŒˆ. He/him.

Focused on browser research. Glad to collaborate.

Website: https://AlesandroOrtiz.com
(Header πŸ“·: roriv3ra on IG)

Websitehttps://AlesandroOrtiz.com
LocationQueens, NY / Puerto Rico
Infrequent Newsletterhttps://AlesandroOrtiz.com/subscribe
Twitter (unused)https://twitter.com/AlesandroOrtizR
Alesandro Ortiz πŸ‡΅πŸ‡·πŸ³οΈβ€πŸŒˆApr 8
Graham Sutherland / PolynomialApr 8
protip: ALWAYS use regular expression literals in JavaScript and TypeScript and any other language that supports it, instead of writing your regex out in a string. I cannot count how many critical security bugs I have found over the years from someone writing a regex like "^en\.wikipedia\.org$", which is incorrect because the \. is treated as *string* escape sequence (an invalid one that just produces .) which then results in the regex being "^en.wikipedia.org$" which matches "enowikipedia.org".
Show threadAlesandro Ortiz πŸ‡΅πŸ‡·πŸ³οΈβ€πŸŒˆApr 7
Oh thank fuck. https://www.nytimes.com/live/2026/04/07/world/iran-war-trump-news?unlocked_article_code=1.ZFA.I-HA.seAN4eCSBOdh&smid=url-share
Iran War Live Updates: Trump Announces Two-Week Cease-Fire, Subject to Strait of Hormuz Reopening

The deal came shortly before President Trump’s deadline for Iran to reopen the Strait of Hormuz or face devastation. Israel said the cease-fire did not include Lebanon.

The New York Times
Alesandro Ortiz πŸ‡΅πŸ‡·πŸ³οΈβ€πŸŒˆApr 7

I really hope the U.S. doesn't attack Iran as threatened by the U.S. president. The Gaza and Lebanon genocides are already horrible. An Iran genocide as threatened would also be horrible.

We shouldn't have attacked Iran in the first place, but this would be an atrocious escalation that the U.S. is doing for no justified reason.

Alesandro Ortiz πŸ‡΅πŸ‡·πŸ³οΈβ€πŸŒˆMar 31
Show threadLorenzo Franceschi-BicchieraiMar 31

UPDATE: Google accused North Korean government hackers of being behind the supply chain attack against Axios.

β€œNorth Korean hackers have deep experience with supply chain attacks, which they’ve historically used to steal cryptocurrency. The full breadth of this incident is still unclear, but given the popularity of the compromised package, we expect it will have far reaching impacts,” said Google's John Hultquist.

https://techcrunch.com/2026/03/31/hacker-hijacks-axios-open-source-project-used-by-millions-to-push-malware/

North Korean hackers blamed for hijacking popular Axios open source project to spread malware | TechCrunch

A hacker inserted malware in Axios, an open source web tool downloaded tens of millions of times weekly, in a widespread hack.

TechCrunch
Alesandro Ortiz πŸ‡΅πŸ‡·πŸ³οΈβ€πŸŒˆMar 23
evacideMar 23
If you have an iPhone, today is a good day to make sure you are running the latest software. https://techcrunch.com/2026/03/23/someone-has-publicly-leaked-an-exploit-kit-that-can-hack-millions-of-iphones/
Someone has publicly leaked an exploit kit that can hack millions of iPhones | TechCrunch

Leaked "DarkSword" exploits published to GitHub allow hackers and cybercriminals to target iPhone users running old versions of iOS with spyware, according to cybersecurity researchers.

TechCrunch
Alesandro Ortiz πŸ‡΅πŸ‡·πŸ³οΈβ€πŸŒˆMar 20
benjojoMar 19
Making an account on something today when I came across a novel to me password restriction
Alesandro Ortiz πŸ‡΅πŸ‡·πŸ³οΈβ€πŸŒˆMar 18
evacideMar 18

It sure is a cool and normal time to be working at a civil liberties non-profit in the United States.

https://www.cbsnews.com/news/fbi-irs-investigate-nonprofits-domestic-terrorism-links/

FBI and IRS to investigate nonprofit groups for domestic terrorism links, sources say

In December, Attorney General Pam Bondi ordered law enforcement officials to prioritize efforts to probe and prosecute groups and individuals belonging to the antifa movement or are deemed "extremist."

Alesandro Ortiz πŸ‡΅πŸ‡·πŸ³οΈβ€πŸŒˆMar 10
Xenotime, Librarian of Γ†ther Mar 10

This library is fucked

install library
seems okay
"Error: file is not a database"
nervously opens database file

the SQLite database file is actually the HTML code of the Dropbox 404 page

Alesandro Ortiz πŸ‡΅πŸ‡·πŸ³οΈβ€πŸŒˆMar 10
Xenotime, Librarian of Γ†ther Mar 10
yes their setup.py downloads all the data from dropbox

and the dropbox got like rate-limited for an indefinite amount of time

nobody ever should have to open setup.py and see urrlib2.urlopen('https://www.dropbox.com/s/...

RE: https://hexokina.se/notes/ajora3u66wus00c4
Alesandro Ortiz πŸ‡΅πŸ‡·πŸ³οΈβ€πŸŒˆMar 5
Lorenzo Franceschi-BicchieraiMar 5

NEW: The FBI said it is investigating a hack on its networks.

The breach affected the FBI's systems to manage wiretaps and surveillace requests, according to CNN.

https://techcrunch.com/2026/03/05/fbi-investigating-hack-on-its-wiretap-and-surveillance-systems-report/

FBI investigating hack on its wiretap and surveillance systems: Report | TechCrunch

Hackers allegedly broke into the FBI’s networks, according to a report by CNN.

TechCrunch