Olivia
Online
AppSecFreak
@AppSecFreak
Application Security Veteran, Cybersecurity (Un)Professional
Dystopia
Joined March 2024
215 Following
247 Followers
1.1K Posts
Pinned Tweet
Here's the security & risk assessment report on a given aircraft architecture that I had written last year (this was one of my many interview rounds with an eVTOL company which I had cleared despite having no background in aviation industry).
👇
https://t.co/DbTXb6JuKr
If Mythos drops today and isn’t absolutely incredible then we all got played and you should never trust Anthropic or any company in Glasswing ever again.
First ignore genuine vulnerabilities by labeling them as "not a security issue" and then silently patching them and not rewarding researchers for their time and efforts. Then threatening folks with legal actions. There is a special place reserved for you on the dark web.
Over the past several days, we have been listening to the conversation around coordinated disclosure and the relationship between security researchers and vendors. We recognize that this relationship is both critical and, at times, fragile. We deeply value the security community, and will continue to take your feedback seriously.
To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research. When an individual breaks the law and engages in malicious activity causing real harm to our customers, we will work with law enforcement as appropriate.
We recognize the work that goes into researching and submitting a vulnerability. We are committed to approaching every interaction with transparency, clear communication, and professionalism. We continue to believe strongly in Coordinated Vulnerability Disclosure as the foundation for protecting customers and improving our products. Each year we process a high volume of vulnerability reports. That volume continues to grow and will continue with the rise of AI-enabled research. We acknowledge that some interactions have fallen short and are working to learn from them.
Many of us have experience on both sides of this work, as researchers reporting vulnerabilities and as responders triaging and assessing them. That perspective informs how we approach this feedback and the importance we place on getting it right, particularly as the volume and complexity of research continues to grow.
The security community plays a vital role in helping us protect customers. We are committed to maintaining a constructive and respectful relationship and growing together. We know that, given the nature of this work, there will at times be misunderstandings. We remain committed to engaging in good faith and to providing a respectful and professional experience for all researchers, regardless of past interactions.
@msftsecresponse You (MSFT) are a useless piece of trash and will surely get a taste of your own medicine. Researchers are gonna drop 0-days left and right!
Non-cyber people will be like "damn cybersecurity is crazy right now" and then two days later post "gotta give your agent access to prod or you're ngmi."
They don't see the connection between these things, and that's why cybersecurity is hard.
We’ve shipped a security-guidance plugin for Claude Code that helps identify and fix vulnerabilities as you’re writing code.
Available for all Claude Code users. Install from the plugin marketplace (/plugins).
@shivangmauryaa Are these issues fixed? Can you please confirm? I just want to check if I would end up with duplicates of these. If not then, safe to say i hit different domains.😅
@Tur24Tur Pure fire 🔥🔥
CVE-2026-0265, the PAN-OS auth bypass (when Cloud Auth Services are enabled) was fun to reproduce and load into the watchTowr Platform.
Our friends @ @HacktronAI are publishing their analysis this week, so we won’t be publishing. Looking forward to it 🚀
First Grafana, now GitHub. What next? AWS?
We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.
Less than a minute into hacking and landed with a medium severity finding. Thanks @redbull @intigriti . More reports underway✌️
#bugbounty #redbull
I just wish there were other flavours though 😂
🚨 We recently discovered that an unauthorized party obtained a token with access to the Grafana Labs GitHub environment, enabling the threat actor to download our codebase. (1/6)
NGINX rift: We autonomously discovered this 18 yr old heap overflow (CVE-2026-42945) in @nginx impacting version 0.6.27 to 1.30.0. If you use rewrite and set directive, you maybe impacted! Please update your NGINX or change the config to mitigate it. Read more at https://t.co/KeoblrGL24
CVE-2026-23870, CVE-2026-44575, CVE-2026-44579, CVE-2026-44574, CVE-2026-44578, CVE-2026-44573, CVE-2026-44581, CVE-2026-44580, CVE-2026-44577, CVE-2026-44576, CVE-2026-44582, CVE-2026-44572
https://t.co/CRmyIeF30m
CEO of Coinbase bragging that non-technical people are now using AI to ship production code. When a CEO says this, one of two things is true: either they don't know what production code is, or they're selling you a story.
This kind of hype is how businesses end up in real trouble. The people shipping the code and the CEOs cheering them on won't be the ones held responsible when it breaks. They collect their paycheck either way. Users will find out the hard way, once unreviewed code has touched their money, medical records, identities, private messages, kids' data, legal documents, critical infrastructure. By then it's too late.
Production code isn't a vibe.
🚨 A new Android spyware tool is being openly sold online — enabling anyone to launch their own surveillance business
The software gives near-total control of a victim’s phone, can’t be removed without attacker permission, and can be rebranded and resold for profit
Read: https://t.co/lnW5JGp0sz
Wrote a PoC exploit for CVE-2026-23918, a recently patched double-free bug in Apache's mod_http2.
Send a HEADERS frame followed by RST_STREAM, and the server tries to free the same pointer twice. Result: SIGSEGV. 🧵
This week in cybersecurity:
- cPanel auth bypass
- CopyFail linux privesc
- 89 vulnerabilities in XAPI / Citrix XenServer: https://t.co/xSk2oanqQN
- 17 vulnerabilities in Omi: https://t.co/anw75KngxH
- Thousands of vibe coded apps have their DBs publicly readable: https://t.co/R4yzkeQmxx
- Someone triggered the whole cybersecurity community by dropping that vuln for the sobriety app on X
Time for a new week, buckle up!
Each side got 20 minutes for oral arguments in the crypto prisoner appeal in U.S. v. Roman Sterlingov next Tuesday, May 12 at 9:30am ET at the Federal Court of Appeals for the D.C.
Come join us as we fight another battle against the government's never ending war on crypto.
Obfuscated #WebSocket backdoors are injecting credit card skimmers into hundreds of compromised websites. The payload sends stolen card information back to attacker's C2 domains. Details at: https://t.co/3UIzhZXYCv
Last Seen Users on Sotwe
Marcus Mendes 
Seen from Mexico
Trongkhanh123 thích U40....U50
Seen from Vietnam
الصقر
TEEN Girl
Seen from Turkey
Chicas de sacapulas
Seen from Guatemala
Aya🍃
Seen from Indonesia
phuongha88
Seen from Vietnam
Rabi Pirzada
Seen from India
jäp_MØM
Seen from Italy
Huge Cups 32K 🔞🍉🍆💦
Seen from United Kingdom
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.4M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.6M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers