Alabama Man Hacks SEC, Securing $50,500 Bounty Through Software Supply Chain Exploit and Posting Fake Crypto Scam

An Alabama man has admitted to hacking the U.S. Securities and Exchange Commission (SEC) by exploiting a software supply chain vulnerability, resulting in a $50,500 bounty. The individual revealed that he used a remote code execution (RCE) method to compromise developers, pipelines, and production servers. This breach allowed him to access the SEC's Twitter account, where he posted a fake cryptocurrency scam. The incident highlights ongoing concerns regarding cybersecurity and the effectiveness of current protective measures. In related developments, research from Scale AI introduced a new vulnerability testing method called 'Jailbreaking-to-Jailbreak,' achieving an attack success rate of up to 94% using a large language model (LLM).