Olivia
Online
Justo Martín
@Klego
Ingeniería de Telecomunicaciones (URJC). Pentester en @ZerolynxOficial
Córdoba & Madrid (Spain)
Joined October 2008
679 Following
991 Followers
29.8K Posts
NordVPN demuestra al juez que el 🚫 bloqueo de IPs que le pide ⚽️ LaLiga no puede ser implementado sin dañar a terceros
👇
https://t.co/5IBtmqTPtX
CVE-2026-31431 a/k/a CopyFail
> Linux LPE
> Description sounds like AI slop
> Exploit is legit
> Impacts every Linux kernel from 2017 - Now
> Proof-of-concept released
> It's Wednesday?
https://t.co/FXgjWW7lOV
¿Te da la sensación de que Opus se vuelve más tonto a partir de las 11:00 UTC (13:00 hora de España)?
No es paranoia. No es sesgo de confirmación. Y no, Anthropic no "baja la calidad" a propósito.
La explicación real es más incómoda 🧵
🚨 CRITICAL CYBER INTELLIGENCE ALERT: COMPLETE COMPROMISE AND LEAK OF THE ANDALUSIAN REGIONAL GOVERNMENT – SPAIN 🇪🇸🔐
An extremely serious post has been detected on PwnForums by the threat actor KikoRivera. The attacker claims to have gained Remote Code Execution (RCE) access to a domain belonging to the Andalusian Regional Government, successfully exfiltrating a massive infrastructure of citizen, financial, and operational data.
🏢 Affected Entity: Andalusian Regional Government (Autonomous Community of Spain).
👤 Threat Actor: KikoRivera.
📂 Leak Volume:
18.8 GB of total data.
7 complete databases.
Complete source code of the compromised portal.
📅 Publication Date: April 25, 2026
⚠️ Status: The attacker has provided samples with records updated to April 2026.
📊 Scope of the Breach (Data Exposed)
This breach is critical, as it exposes the complete identity and payment cycle of Andalusian citizens:
Identity and PII (2,600 records): Full names, email addresses, unencrypted passwords (plain text), phone numbers, physical addresses, and national identity card/foreign resident card numbers with photos of the document (front and back).
Payment Gateway Financial Data (Redsys):
Redsys API keys and POS (Point of Sale) encryption keys.
Transaction records (4.5k to 35k records) including: Amounts, authorization numbers, card BINs, last 4 digits of the PAN, expiration dates, and digital signatures.
KYC (Know Your Customer) files: Invoices, insurance policies with bank details (IBAN), and ownership certificates.
Communications: Full access to SMTP and WebMail servers.
🛡️ Immediate Response Recommendations
🔒 Urgent Key Rotation: The Andalusian Regional Government must immediately invalidate and rotate all Redsys API keys and certificates linked to the affected domain.
🔑 Password Change and MFA: Due to the leak of plaintext keys, portal users must change their credentials immediately. Public employees must enable MFA for all logins.
Monitor: https://t.co/wk9bZJ2Nli
#CyberSecurity #Espana #JuntadeAndalucia #DataBreach #Redsys #KYC #DNI #VECERT #InfoSec #CyberCrime 🇪🇸🛡️⚠️🚨
Who to follow
Sec/Admln Cybersecurity Conference
@secadm1n
Conferencias en #Hacking y #Ciberseguridad
#SecAdmin
Nacho Brihuega
@n4xh4ck5
Offensive Security. OSCP,OSEP,CRTO, CRTP,CARTP,GPEN,CREST(CPSA&CRT). Co-author in https://t.co/cSzczvxJBa My activity here is under personal opinion
Jesús Angosto 🇪🇸 127.0.0.1
@jdangosto
#DT DFIR, Security, Pentest
Opiniones Personales
Si puede imaginarse, puede hacerse ;)
@TheHackersNews "This flaw enables Arbitrary Command Execution (RCE) on any system running a vulnerable MCP implementation..."
Yeah but what does vulnerable means? I think some more technical detail would be good
Hacking the #EU #AgeVerification app in under 2 minutes.
During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory.
1. It shouldn't be encrypted at all - that's a really poor design.
2. It's not cryptographically tied to the vault which contains the identity data.
So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app.
After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid.
Other issues:
1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying.
2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step.
Seriously @vonderleyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time.
Autor no autorizado el que tengo aquí colgado
EPIC FAIL
#LaLigaGate
19 años ya… y aún se me eriza la piel.
Apenas había smartphones y todo era nuevo, enorme, mágico. Descubrimos un mundo y, sin saberlo, a personas que marcarían nuestra vida: amigos, amores, familia.
Qué suerte haberlo vivido y qué privilegio haber formado parte de ello.
Está peor Arroyomolinos que Fuenlabrada en criminalidad LMAO /cc @e__soriano
@patowc @inertialtheory @divisionsonora @mondo_sonoro @hackthemus1c Si no haces otra cosa en el evento. Ya podáis darte prisa con lo único que haces
Todos los datos de altos cargos del INCIBE Español se ven expuestos por un hackeo
https://t.co/nPCbtxJTsW
Tras las primeras 24 horas del CTF de la HackOn, hemos detectado comportamiento irregular en diferentes equipos muy altos en el top.
- Resolución de varios retos en un intervalo muy corto de tiempo.
- Submissions con flags erróneas automatizadas.
Non-nerds are asking how Mr. Al-Qudsi (@mqudsi) is working to reconstruct redacted Epstein data. Here is a high-level summary that isn't as nerdy schizo
Mega tl;dr
> Send email
> Add attachment
> Emails no understand files
> Email turn files in text (Base64 encoding*)
> Image 1 is email turning attachment into text
> Send email
> Someone receive email
> Email reads add-on text
> "oh thats an attachment"
> Transforms into attachment you can see (Base64 decoding*)
> DoJ releases Epstein emails
> Didn't censor attachment stuff
> hehe big mistake, we can recover this
> Boom, all attachments "censored" now uncensored
> All hidden attachments now public
> Go to work
> Problems arise
> DoJ printed emails (???)
> Scanned printed emails back (???)
> Try to rebuild from email stuff
> Fails
> wtf.mp4
> Look inside
> DoJ printed as "Courier New" font
> L and 1 look the same
> Try to reconstruct
> Fails
> Computer can't figure difference between L and 1
> (Look at image 2)
> Can you even tell the difference???
To manually reconstruct all attachments from Epstein emails data forensic experts must find a way to programmatically determine which characters are L's and which are 1's. This is only a problem because the DoJ printed it as Courier New.
Proposed solution right now is bruteforce. Try every possible combination, swapping L's and 1's, check email thing, does it work? No? Repeat. However, this could take a long time.
Another solution is taking known email encoded thingies that work and compare it to Epstein files. Try to identify patterns and reconstruct it using machine learning.
Hey @CercaniasVLC, do you think this is a safe way of having a hand dryer plugged in? Your station in Alzira seems to think it's acceptable.
Al recoger a mi hijo nos ha dicho la de inglés que tienen una "actividad individual" el día 11.
Yo:un examen.
Ella:Noooo, esa palabra puede agobiar.
Yo: ¿Pero les vas a poner nota?
Ella: bueno sí...
Yo:un examen entonces.
No puedo con tanto cambio inútil , no puedooo
Silencio todos.
Los auditores ISO 27001 que nunca han tocado una terminal nos van a decir a los pentesters cómo hackear
This is bad.
Putty level bad.
https://t.co/3w1C8YiBu8
Last Seen Users on Sotwe
kelinci2ome 
Seen from Indonesia
kesedapan malam
Seen from Malaysia
a.n.g.e.l_d.a.n.m_m.i.l.f
Seen from United Kingdom
ชอบรุ่นแม่สาวใหญ่50+😍
Seen from Thailand
大连骚牛(备用号)
Seen from United States
Vintage Movies
Afro-Thick 💦
Seen from Italy
Olgun ve Dolgun
Seen from Germany
น้องลูกอม No.1🍭💫ทวิตจริง💫🍭
Seen from Thailand
bubu
Seen from Malaysia
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers