Olivia
Online
Nate Robb
@NateRobb
Senior Threat Enablement Operator @BishopFox
Phoenix, AZ
Joined February 2009
312 Following
198 Followers
657 Posts
CVE-2026-27886 is another CVE we researched/reproduced as part of @bishopfox's Emerging Threat process. Full admin account takeover in Strapi, ~20k internet-facing instances via Shodan.
Also, check out our detection tool: https://t.co/VzSUyYd2af
This Strapi bug is a great example of how small trust-boundary mistakes become major security problems.
After not receiving a raise in the four years I’ve worked at BHIS they’ve now decided to reduce my pay by $40k after coming back from maternity leave and moving my role to solely pentesting. So I am looking for a new position effective immediately if anyone has any leads 😇
LiteLLM Proxy has a pre-auth SQL injection (CVE-2026-42208) I recently reproduced as part of @bishopfox's Emerging Threat process. Below is a technical analysis I put together with a safe detection payload that can be used to identify vulnerable deployments.
A failed login should not take 6 seconds.
Bishop Fox researchers reproduced CVE-2026-42208 in LiteLLM’s proxy. The attack requires no authentication, still returns HTTP 401 responses, and uses timing delays to extract sensitive data.
Observed in the wild roughly 36 hours after disclosure.
Upgrade to 1.83.7 or higher.
We’re heading to @CactusCon 14! 🌵
Bishop Fox is sponsoring again this year, with talks from Dan Petro and Nate Robb on EDR evasion and real-world CVE prioritization. We’ll be around all weekend to talk Red Team tradecraft, research, and offensive security.
See you in Mesa!
Who to follow
Japz (h4nt3rx) 🕷️🏴☠️ 
@japzdivino
Bug Bounty Hunter | OSCP | CWES | https://t.co/ceCcrmIzOp
Tanto Security
@TantoSecurity
Tanto Security is a leading provider of advanced offensive cyber security services to leading organisations across Australia, New Zealand and North America.
dirty0124
@dirtycoder0124
A positive, never give up person. Founder of https://t.co/2H0KjZ5riG
Telegram group
https://t.co/bjQUMjI9Lh
@CactusCon Just a heads up, not seeing a "Notes to Organizer" section to include a talk outline on the session submission page. Tried throwing the outline at the end of the session description but hit the character limit.
@vxunderground Looks to be an n-day disclosed in April (CVE-2025-31324), but appears to be the first full proof-of-concept available.
@codewhitesec @_l0gg @mwulftange Isn't user interaction required to exploit CVE-2025-49706? via https://t.co/SZi5ZCgFLQ
Ever feel overwhelmed by the constant firehose of newly disclosed vulnerabilities? Check out my latest blog post where I outline the methodology our Threat Enablement team at Bishop Fox uses to cut through the noise:
https://t.co/bCJayrGlwq
Our Threat Enablement and Analysis team built a better way to cut through the noise. This is how we triage the firehose, turning chaos into action. By Senior Operator Nate Robb: https://t.co/A9k6vVogag
@Jhaddix Is this the issue where the valid hits in feroxbuster disappear from the terminal window and you just see the list of invalid attempts?
@_BalthazarBratt I just picked up the 16 inch M1 Pro a couple weeks ago and I love it. I'm impatient so I used this stock tracker app to jump on one when local apple store stock became available: https://t.co/2bvwzN2yiC
@TravisPMiller Paddy the baddy!
@nnwakelam Pentair?
My team is hiring at @bishopfox! Come join the Adversarial Operations team for the Cosmos continuous attack surface testing platform.
https://t.co/njd3gS9I5a
@jonathandata1 FYI: I could reproduce the Airdropped website auto accept only when both devices were signed in with the same Apple ID. When the Apple IDs were different (as would be the case in an attack) the victim device was prompted for permission to open the Airdropped website.
@Random_Robbie Sorry bud, thought you may want to buy a $250k gif of a rock.
@AndrivetSeb I ask because I could use it for an engagement I am currently on if you would be willing to share.
@AndrivetSeb I just stumbled upon your talk "The Security of MDM systems" from Hack in Paris 2013. Did you happen to publicly release the Java tool to decrypt passwords from identityconfig.xml files?
Want to go #OnAFoxHunt? Find @NateRobb at Café Belle in Paris Las Vegas to grab some Bishop Fox swag! #FoxesInTheWild
A tale of the #security perils of using URL shorteners for sensitive info in 3 parts from @_BalthazarBratt: Read how our CAST team used shortened URLs to show a client how they could be leveraged in an #attackchain leading to full compromise. https://t.co/6wbdJbfAJD
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers