📜 Post with us on Reddit
📝 Create a new article
🏭 Create a company page
🇬🇧 - in English
🇫🇷 - en Français (FR)
🇵🇹 - em Português (PT)
🇩🇪 - auf Deutsch (DE)
🇯🇵 - 日本語で (JA)
Sponsored articles

You can edit almost every page by Creating an account and confirming your email.

Celeste Jessin

From EverybodyWiki Bios & Wiki




Celeste Jessin
Celeste Jessin in 2025
Celeste Jessin in 2025
Celeste Jessin in 2025
Jessin in 2025
Born (2006-01-27) January 27, 2006 (age 20)
Paris, France
🏳️ NationalityFrench
Other namesvmfunc; lillie
💼 Occupation
Known forSIF framework; WebAuthn research; Hacktivism; vulnerability commentary
🌐 Websitevmfunc.gg

Celeste "vmfunc" Jessin (born January 27, 2006) is a French ethical hacker, entrepreneur, and software developer who goes by the online handle vmfunc and sometimes lillie. Jessin gained recognition for security research contributing to tooling used for the discovery of CVE-2024-45489, a critical vulnerability in the Arc browser that received coverage in major technology publications.[1][2] Jessin created the penetration-testing framework SIF, has published work on the FIDO2/WebAuthn ecosystem, and has engaged in digital privacy and AI alignment and has been recognized by established cybersecurity organizations including vx-underground.[3] . According to its personal site, it is “mostly known for exploit/security research works, but currently doing stuff with AI and alignment.”[4] Jessin funded Lunchcat, described as "the AI-Powered security company."[5]

Early life

Jessin was born on January 27, 2006, in Paris, France. According to their profile, Jessin began making video-game cheats in their youth before shifting focus toward broader security research and AI alignment.[6] Jessin became involved with Internet Relay Chat (IRC) networks during their early teenage years and has lived in the United States, Switzerland, and Germany.

Career and research

Security research and vulnerability discovery

In June 2024, Jessin flagged privacy concerns with the Arc browser’s logging practices alongside researcher @xyz3va.[7]. Jessin contributed to tooling that allowed security research that identified privacy concerns with the Arc browser's logging practices, working alongside researcher xyz3va.[8] The related vulnerability (CVE-2024-45489) was disclosed and confirmed by The Browser Company in an official incident report.[9] The vulnerability received coverage from major technology publications including The Verge, ZDNet, and other technology media outlets.[10][11][12] Commentary using Jessin’s visuals appeared in content by @firesip_dev. [13]

Professional affiliations and recognition

Jessin has been recognized by vx-underground for contributions to CSS injection vulnerability research.[14] Following the initial CSS injection discovery in GitHub by security researcher cloud11665, Jessin identified additional attack vectors within GitHub's README file system.[15][16] The vulnerability exploited MathJax's LaTeX rendering system and received widespread attention in the cybersecurity community.[17] [18]

The Supabase official blog has featured Jessin's work, describing their role at "Lunchcat, the AI-Powered security company" in the context of security tooling and responsible disclosure contributions.[19]

Jessin has worked at established technology companies including Turing Pi and Thales Group, and according to their profile, has "funded an AI company."[20]

Software development

In 2024, Jessin created SIF (Security Inspection Framework), a penetration-testing suite written in Go.[21][22] The project was first hosted under the Lunchcat GitHub organization before moving to their personal account.[22] Jessin has described it as its intellectual property. [citation needed]

Technical publications and research

Jessin maintains a technical blog at vmfunc.gg featuring research posts including work on ARM64 hypervisor internals and transformer architectures.[23] They are a member of Nullpt.rs, a collaborative technical research blog.[24]

Lunchcat, Inc.

The SIF project is associated with the Lunchcat organization on GitHub.[21] Supabase's official blog references Lunchcat as "the AI-Powered security company [Jessin] works for," in the context of SIF-related hardening work.[25] Lunchcat is listed on LinkedIn under computer/network security.[26]

Bug bounty and security groups

Jessin co-led the bug bounty group Kenshu and is a founder of UD2.RIP, described as a non-profit reverse engineering and "flag hatching" group.[27][28]

Other projects

PsyLog (psylog.net) is a journaling and tracking application developed by Jessin that allows users to record personal data such as medications and substances; the site states it is free to use and that "all data remains on your device."[29]

Technical infrastructure and advocacy

According to their site, Jessin operates their own ASN and ISP.[30] Jessin has maintained a user page under the name “Lillie” on the wiki of Metalab, a hackerspace that is part of the CCC, and has advocated for digital privacy and user rights.[31][32]. It has also advocated for digital privacy and user rights, including authoring an open letter addressed to the President of France in 2025.[33]

References

  1. "Researcher reveals 'catastrophic' security flaw in the Arc browser". The Verge. 2024-09-20. Retrieved 2025-09-15.
  2. "A catastrophic browser flaw is patched almost immediately". ZDNet. 2024-09-24. Retrieved 2025-09-15.
  3. "vx-underground Twitter recognition". X. 2024-06-07. Retrieved 2025-09-15.
  4. "Profile: vmfunc.gg". vmfunc.gg. Retrieved 2025-09-15.
  5. "Supabase Security Suite". Supabase. 2024-07-10. Retrieved 2025-09-15.
  6. "Profile: vmfunc.gg". vmfunc.gg. Retrieved 2025-09-15.
  7. ""your 'privacy-friendly' arc browser relies on firebase …"". X. 2024-06-12. Retrieved 2025-09-15.
  8. ""your 'privacy-friendly' arc browser relies on firebase …"". X. 2024-06-12. Retrieved 2025-09-15.
  9. "CVE-2024-45489 Incident Report". Arc Browser. 2024-09-19. Retrieved 2025-09-15.
  10. "Researcher reveals 'catastrophic' security flaw in the Arc browser". The Verge. 2024-09-20. Retrieved 2025-09-15.
  11. "A catastrophic browser flaw is patched almost immediately". ZDNet. 2024-09-24. Retrieved 2025-09-15.
  12. "Researcher discovers Arc browser vulnerability that could expose user data". The Indian Express. 2024-09-20. Retrieved 2025-09-15.
  13. "Firesip_dev video reference". X. 2024-06-01. Retrieved 2025-09-15.
  14. "vx-underground recognition of security research". X. 2024-06-07. Retrieved 2025-09-15.
  15. "diving into mathjax css injection attack". kennethnym.com. 2024-06-08. Retrieved 2025-09-15.
  16. "Github's CSS Injection Exploit Was Incredible!". YouTube. 2024-06-10. Retrieved 2025-09-15.
  17. "The GitHub CSS vulnerability saga". tinker.ph. 2024-06-08. Retrieved 2025-09-15.
  18. "This GitHub CSS Exploit Is WILD". youtube.com. 2024-06-11. Retrieved 2025-09-15.
  19. "Supabase Security Suite". Supabase. 2024-07-10. Retrieved 2025-09-15.
  20. "Profile: vmfunc.gg". vmfunc.gg. Retrieved 2025-09-15.
  21. 21.0 21.1 "lunchcat/sif repo". GitHub. Retrieved 2025-09-15.
  22. 22.0 22.1 "vmfunc/sif repo". GitHub. Retrieved 2025-09-15.
  23. "Blog: vmfunc.gg". vmfunc.gg. Retrieved 2025-09-15.
  24. "Nullpt.rs author page". Nullpt.rs. 20 June 2025. Retrieved 2025-09-15.
  25. "Supabase Security Suite". Supabase. 2024-07-10. Retrieved 2025-09-15.
  26. "Lunchcat company page". LinkedIn. Retrieved 2025-09-15.
  27. "UD2 members (archived)". Wayback Machine. 2025-08-27. Archived from the original on 2025-08-27. Retrieved 2025-09-15. Unknown parameter |url-status= ignored (help)
  28. "UD2 X profile (archived)". Wayback Machine. 2024-09-19. Archived from the original on 2024-09-19. Retrieved 2025-09-15. Unknown parameter |url-status= ignored (help)
  29. "PsyLog official site". psylog.net. Retrieved 2025-09-15.
  30. "Profile: vmfunc.gg". vmfunc.gg. Retrieved 2025-09-15.
  31. "Metalab user page: Lillie". metalab.at. 2024-01-17. Retrieved 2025-09-15.
  32. "Digital rights advocacy". X. 2025-08-28. Retrieved 2025-09-15.
  33. "Open letter tweet". X. 2025-08-28. Retrieved 2025-09-15.

External links


This article "Celeste Jessin" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Celeste Jessin. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.


Retrieved from "https://en.everybodywiki.com/index.php?title=Celeste_Jessin&oldid=5287562"
License CC BY-SA 3.0
Powered by MediaWiki