Olivia
Online
Danielle Aminov
@AminovDanielle
Threat researcher @wiz_io
Joined February 2019
180 Following
1.6K Followers
123 Posts
Pinned Tweet
We have been reverse engineering the XZ Utils backdoor and are sharing some initial findings: we've identified multiple hooking options to adapt to different environments, and a hardcoded fake public key that can appear in verbose SSH logs depending on attacker-controlled flags.
🎙️ NEW PODCAST: AI just uncovered a #Linux bug hiding since 2017 👀
Eden & @AmitaiCo sit with @tjbecker & Jacob Newman from @xint_official to unpack CopyFail, the privilege escalation flaw their autonomous AI agents discovered affecting Linux machines worldwide.
Jenkins.. still building code, leaking secrets, and keeping security teams busy 😈
My new research on the Jenkins threat landscape 🔍☁️
Exposed instances, deprecated plugins, CI/CD attack paths… and based on TeamPCP’s recent activity, I think they read it too 👀 https://t.co/POfAjCQRt9
🚨 Meet "Dirty Frag": a new Linux kernel privilege escalation, fresh off the heels of Copy Fail.
Wiz Research is tracking CVE-2026-43284 and CVE-2026-43500 (also known as Copy Fail 2), discovered by Hyunwoo Kim (@v4bel). No official patches are out yet, and a public PoC already exists.
🔑 The technical bit:
A vulnerability chain in the ESP (IPsec) and RxRPC kernel subsystems, with two deterministic page-cache write primitives in the same spirit as Dirty Pipe. Ubuntu, RHEL 8/9/10, AlmaLinux, Fedora, openSUSE, and more are all affected.
🛡️ Slightly less risky for containers:
Exploitation usually requires CAP_NET_ADMIN, so hardened Kubernetes setups with default seccomp profiles are at lower risk. VMs and less restricted environments should still take this seriously.
🔧 What to do now:
Until patches drop, you can temporarily disable the vulnerable kernel modules (esp4, esp6, rxrpc). Full mitigation and detection guidance in the blog.
Wiz customers: pre-built queries and a live advisory are already in the Threat Intel Center. We'll keep updating both as more info comes to light.
Full research from Merav Bar and @ramimacisabird: https://t.co/kLA2OWQ9F2
npm package "intercom-client" version 7.0.4 is compromised (still available to download as of now), likely related to Mini Shai Hulud campaign by TeamPCP based on shared characteristics
@shahardorf & I found a phishing campaign abusing oauth applications in Entra in more than 50 organizations! And i promise you that in this blog we explain how you can do it too! And provide all the IOCs 🤭 It's one of these blogs i would enjoy reading!
https://t.co/2Eh1nkc0nN
I had the pleasure of speaking at @DistrictCon 🪩 in Washington, DC last weekend. It was my second time speaking at the conference - this time about another common misconfiguration in the cloud that should make you think twice. Power outage last year, snowstorm this year ❄️ once again, the hacker community showed up strong. What a community! great energy and brilliant people 🙌
Introducing my Bug Bounty Masterclass. 100% free.
I've made $2,000,000+ finding security bugs. I spent the last year turning my methodology into a complete blueprint.
4 hours of video - foundations, reconnaissance, web proxies, hands-on challenges, and certification.
Finish it in a weekend and start hacking real-world applications 🐞
We hacked the AWS JavaScript SDK, a core library powering the entire @AWScloud ecosystem - including the AWS Console itself 🤯
How did we do it? Just two missing characters was all it took.
This is the story of #CodeBreach 🧵👇
Excited to be returning to @DistrictCon for round two this month!
Back on stage again, presenting: Auths Gone Wild – When authenticated means anyone 🪩
Looking forward to another epic DistrictCon and great conversations around auth gone wrong 🔓
Wiz Research has published a new simple Nuclei template for reliably detecting MongoBleed (CVE-2025-14847). We've also updated our blogpost with additional guidance on determining exploitability depending on how you're using MongoDB:
Here's our new blogpost with a technical deepdive into exploitation we're observing in the wild of CVE-2025-55182 (aka react2shell):
https://t.co/jBvMgTqjEO
🚨 React2Shell (CVE‑2025‑55182) in‑the‑wild exploitation & deep‑dive analysis. Critical RCE across React 19, Next.js & all RSC frameworks. Patch now.
https://t.co/SRS7e2PRZ4
For the latest developments on React2Shell 👉https://t.co/cMvEbTeWLq
With all the talk about the Next.js PoC, many people missed that the React2Shell vulnerability (CVE-2025-55182) affects the underlying RSC implementation itself. This means other popular frameworks that rely on RSC are also vulnerable. We are still analyzing the impact and ease of exploitation across additional platforms. For example, the commonly used Vite RSC plugin, when running with its default configuration, is also vulnerable with only minor modifications to the existing PoC. Patch your environments as soon as possible 🏃♀️
We were analyzing the new RSC vulnerability and its impact. RSC is a React feature, but most apps use it through Next.js, which bundles RSC widely. So it will likely surface most often as Next.js CVE-2025-66478. Patch snippet below 🧐 Initial analysis: https://t.co/cMvEbTeWLq
🪱sharing more on sha1-hulud w/@sshaybbc
* 2 packages == ~60% of infections
* 400k unique secrets in truffleSecrets.jsons, only 2.5% verified, & the majority of those short lived JWTs for GitHub Actions!
* 3/4 of impacted workloads were CI/CD, 1/4 were users
🔗below
WIZ ASM IS HERE!💥
Discover, validate & prioritize all your exposures cloud, AI, SaaS & on-prem. Context-driven ASM powered by Wiz Security Graph. Eliminate exploitable risk everywhere!
Ready to see Wiz ASM in action? 🥳 https://t.co/m6htGHYo3P
I put together a service dependency diagram based on what has been mentioned in today's AWS outage, along with Monday's, and one from Nov 25, 2020 with color coding based on which outage mentioned the dependency.
Finally disclosing the critical supply chain attack I've spent the last 6 months preventing:
🧵
Last Seen Users on Sotwe
sex japan.sex indo
Seen from Indonesia
VALE
Seen from Brazil
전역
Seen from Korea
Mintokal
Seen from Brazil
Dodo
Seen from Indonesia
xxx sex
𝙉𝘼𝙆𝙀𝘿 𝙄𝙉 𝙋𝙐𝘽𝙇𝙄𝘾 🥵
Seen from Switzerland
bikinis and babes 
Seen from United States
Guate xxx
Seen from United States
TELEGRAM TÜRK İFŞA KANALI GRUBU
Seen from Germany
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers