Olivia
Online
heige
@80vul
(a.k.a. SuperHei) ZoomEye SeeBug KCon AiPy 0x557
Joined March 2011
1.4K Following
11.4K Followers
2.3K Posts
Pinned Tweet
Anthropic Cowork looks great, but it’s Claude Max + macOS only for now. AiPy has been doing "AI works on your computer" ("Vibe Working") for ~1 year — free + Windows/macOS/Linux.
EN: https://t.co/atRRh3mwO9 | ZH: https://t.co/zRFuZiWX3P | CLI: https://t.co/HbwZjoRiUF @AiPyapp
I filed this as a bug with major browsers ~14 years ago, but it still seems to work in desktop Chrome, Firefox, Brave, and Edge, right?
https://t.co/ZJhmE41K84
As in, you end up at a bank website and get a download with no indication it's coming from somewhere else?
We’ve now seen at least four nginx RCEs that require non-default configs: nginx rift, nginx poolslip, and two of our own (including the one in the last tweet).
The configs involved are unusual, which raises the obvious question: do these attacks actually work in real-world deployments?
We asked Claude to download and analyze more than 4,000 nginx config files from GitHub.
The result was embarrassing: none of them were vulnerable to nginx rift or our own attacks. We can’t say anything about nginx poolslip yet, since it hasn’t been published.
So don't worry about your nginx yet.
Moral of the story: AI can generate FUD, but also help fight FUD. Embrace it!
Here's the PoC for Nginx CVE-2026-42945 which works against vanilla Ubuntu (and any other distro?) + Nginx with ASLR enabled. I have included all iterations of the PoC the LLM was kicked to improve.
TL;DR: We can use an LFI/file-read primitive to leak enough details from /proc/<nginx-worker>/mem to bypass ASLR and achieve reliable RCE, in most cases at first shot.
There are still other ways to make it work, with even less subtle primitives. If you ask Geppetto nicely, he will help you ;)
https://t.co/VawjqrMisN
Early this week, we had a meeting at Apple Park in Cupertino. While there, we also shared with Apple our latest vulnerability research report: the first public macOS kernel memory corruption exploit on M5 silicon, surviving MIE. It was laser printed, in honor of our hacker friends.
Full story: https://t.co/AmKMGUmWPt
分享个来自 @80vul 做的图,方便大体了解昨天这起经典的 AI Agent 被提示词注入导致被被盗币事件。
不过几个细节这里补充优化下:
1. 所谓 Grok 钱包(被盗钱包),其实和 Grok 官方无关,可以认为本质属于 @bankrbot 为 X 号 @grok 生成的钱包,私钥权限在 Bankr 依赖的三方钱包服务那。BaseScan 也纠正了标记(Grok -> Bankr 1)https://t.co/z3Hg6RBKKR
2. 被盗钱包的 Bankr Club 会员确实被开通了,但不是直接给个 NFT 就开通,应该是中心化机制,所以这部分链上没证据,但是有来自 Bankr 的开通确认:https://t.co/Gv1qEKHfHM
3. 提示词注入最点睛之笔是借 @grok 之力来打了 @bankrbot ,被盗 tx https://t.co/PamMVlZpbI
案例很经典,所以细节更需严谨对待。至于是不是剧本,没法完全说不是。Grok 确实被借力且被太多人乱扣了被盗大帽子,但事件主角并不是 Grok…
This is a very detailed analysis. My previous analysis approached the issue from the vulnerability itself, rather than patch diffing. In my view, “prototype pollution” was only an exploitation Tips the real root cause still lies inside ANFancyAlertImpl. https://t.co/DQqIVY8Kf8
Brand new blog post by @streypaws
Three Adobe Reader prototype pollution bugs chained into arbitrary file read, first identified by @HaifeiLi of @EXPMON_
Check it out
https://t.co/ALQh1fa7Z2
Our talk at #BHASIA @BlackHatEvents 2026 has successfully concluded. It's been a great pleasure to explore Ghost Bits together with my co-author @1ue1166323
and present this research on stage. Also, thanks to all the friends who provided help for our briefing:
@chun_springX
Cast Attack: A New Threat Posed by Ghost Bits in Java https://t.co/ONEFy2Yibv
very interesting research
ChatGPT prompt:“根据你对我的认知 给我生成一个“你认识的我”的 图片 ” 看起来是gpt-image-2?
https://t.co/Peh2e0PHjM
估计是说的:global.reindeer() 里的 Object.prototype.__defineGetter__("swConn", () => {
return ob;
});
这个点吧,这个点确实也算是官方说的原型链污染,只是在漏洞角度 这个算是利用的一个tips了 人口还是在ANFancyAlertImpl
估计是说的:global.reindeer() 里的 Object.prototype.__defineGetter__("swConn", () => {
return ob;
});
这个点吧,这个点确实也算是官方说的原型链污染,只是在漏洞角度 这个算是利用的一个tips了 人口还是在ANFancyAlertImpl
@willJ_LSG 我这个点是肯定存在的 至于官方说的原型链的问题 我没有看到 ,不过RCE的链是缺失的 final_js 没找到
@willJ_LSG 我这个点是肯定存在的 至于官方说的原型链的问题 我没有看到 ,不过RCE的链是缺失的 final_js 没找到
CVE-2026-34621 Root cause:
ANFancyAlertImpl() buttons parameter injection
for(var i in buttons) { ...
desc[bid] = eval("(function(dialog) { dialog.end('" + bid + "'); })");}
...
app.beginPriv();
var result = app.execDialog(desc);
app.endPriv();
return result;
![80vul's tweet photo. CVE-2026-34621 Root cause:
ANFancyAlertImpl() buttons parameter injection
for(var i in buttons) { ...
desc[bid] = eval("(function(dialog) { dialog.end('" + bid + "'); })");}
...
app.beginPriv();
var result = app.execDialog(desc);
app.endPriv();
return result; https://t.co/Ga6K2xkLIV](https://pbs.twimg.com/media/HF4MiHFbcAAALId.jpg)
https://t.co/KOdjVw7yor
Friday night product launch is not a good idea, but here is v1.0.0 release
npm i -g igf
Prebuilt single execuatbles are also available on GitHub release page. Please give a 🌟 if you like this tool, maybe I can beg for some free coding tokens with it
u need aipy 😚 EN: https://t.co/vgDmNmYOQF | ZH: https://t.co/2qGKRPKQZV | CLI: https://t.co/HbwZjoRiUF
Capture Coruna samples using Zoomeye and AiPy https://t.co/h5qwpvIy4B (Chinese)
AiPy + Gemini 3, It directly restored the obfuscated JavaScript in one go and identified all dynamically loaded JavaScript modules.
Using Windows Paint to draw a small car is a classic test in the AiPy benchmark suite. It is a very interesting test case: OpenClaw + Gemini failed the test completely (neither managed to draw it), while AiPy + Gemini performed very well. https://t.co/atRRh3mwO9
Unmasking SilverFox’s New Trends: Decoding Evasion Tactics, Domain Impersonation, and Mass-Generated Fake Software https://t.co/lHWkdj6GOD by Knownsec 404 Advanced Threat Intelligence Team
🚨 Don't let AI Skills become your "Insider Threat"!
Recent monitoring by Knownsec has identified 1,200+ active malicious Skills, fueling 63% of data-layer attacks and 31% of execution-layer threats.
As traditional defenses fail in the AI era, we are proud to launch TrustTools—the secure, trusted distribution platform for AI Skills. We’re here to guard your AI Agent supply chain with rigorous admission standards!
🔗Link: https://t.co/Mn1ufjxF5P
📖 Deep Dive: Read our full analysis on the AI Agent supply chain security: https://t.co/NiJCOAAA4y
#Openclaw #Skills #CyberSecurity #TrustTools
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers