This tweet is about a critical WAF bypass exploit chain discovered that affects Cloudflare's WAF protecting global financial institutions. The exploit reportedly leads to leaks of Personally Identifiable Information (PII) and Face ID data, which is extremely sensitive. The person reporting attempts to disclose this vulnerability to Cloudflare through official channels but faces difficulties as their HackerOne account was flagged as a new user and blocked, preventing responsible vulnerability reporting. They are asking Cloudflare to enable direct messages or provide an urgent security contact to communicate about this critical security issue. This highlights challenges in vulnerability disclosure processes and the need for accessible communication for security researchers reporting critical security flaws.
For more details, check out the original tweet here: https://twitter.com/isujin933380/status/2033242657414418712