Olivia
Online
Rémy Marot
@R_Marot
InfoSec | Bug Hunting
Joined February 2011
1K Following
798 Followers
720 Posts
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages.
The latest [email protected] now pulls in [email protected], a package that did not exist before today. This is a live compromise.
This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now.
Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that:
• Deobfuscates embedded payloads and operational strings at runtime
• Dynamically loads fs, os, and execSync to evade static analysis
• Executes decoded shell commands
• Stages and copies payload files into OS temp and Windows ProgramData directories
• Deletes and renames artifacts post-execution to destroy forensic evidence
If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
@ltrv01 @molikdn @wazaaow @n12x07 @floxplore Tu downgrades sur la gold ? Je vois pas trop l’intérêt de mon côté vu que je n’ai pas besoin des assurances et que le nombre de points est le même en green voire blue …
We’re introducing Dynamic Workers, which allow you to execute AI-generated code in secure, lightweight isolates. This approach is 100 times faster than traditional containers. https://t.co/c36Vkb7I0R
@0xLupin Great achievement! Congrats!
Who to follow
Hisxo
@adrien_jeanneau
📍 @yeswehack (aka Hisxo) - I love to break things (and I'm paid for that) - Bug Hunter
🔗 Check my Github repository https://t.co/Sj3prhiZyu
#BugBounty
SecuNinja support 🇺🇦 🌌 @secuninja.bsky.social
@secuninja
Tweets about Gin, InfoSec - Nerd - CISM - CISO - Bugbounty - contact you in case of security issues - @thwleitung https://t.co/cZ8DwGqLl8
Ifrah
@IfrahIman_
bug bounty hunter (HackerOne, Bugcrowd) & red teamer & pentester & oscp certified
@ltrv05 @FutureTabernack Les 100k MR points c'est via lien de parrainage pour l'upgrade ? L'offre "solo upgrade" affiche 80k de mon côté.
In this blog post, I explain how I created my OpenClaw alternative, maybe it will motivate you to do the same.
https://t.co/5BtJltePSA
We just caught an OpenAI API key hardcoded in a public JavaScript file 🔥
Client-side secrets are way too common… 😬 More information ➡️ https://t.co/cO3Cd5U1tV
#CyberSecurity #AppSec #BugBounty
Starting the year by crossing the 9k+ points on
@yeswehack. Thanks to the team for this great platform!
@damian_89_ Definitively not fair.
Researchers have found two new vulnerabilities in React Server Components while attempting to exploit the patches last week.
These are new issues, separate from the critical CVE last week. The patch for React2Shell remains effective for the Remote Code Execution exploit.
There is critical vulnerability in React Server Components disclosed as CVE-2025-55182 that impacts React 19 and frameworks that use it.
A fix has been published in React versions 19.0.1, 19.1.2, and 19.2.1. We recommend upgrading immediately.
https://t.co/kue7kd0XEX
Désolé, je veux pas spammer avec ça, mais je suis dans une situation vraiment très urgente et, soyons honnêtes, désespérée.
Il ne me reste que 2 semaines pour trouver cette alternance, et si je ne trouve rien d’ici au 30 novembre, ma situation fait que je serai dans l’obligation d’arrêter mes études de manière potentiellement définitive.
Je sais que la période est passée et que mes chances de trouver sont absolument infimes mais si quelqu’un ici a la moindre piste, le moindre contact ou le moindre nom d’entreprise en rapport avec l’informatique de près ou de loin qui pourrait potentiellement être intéressé pour prendre un alternant dans les alentours de Toulon, du Var ou même de l’entièreté de la région PACA, je suis preneur 🙏
Bug bounty hunters, if you need to easily extract and monitor your bug bounty scopes from various platforms, check https://t.co/geZFkrqe3C from @J0_mart
🧙♂️ OCI, Oh My:
I recently discovered a classic 1-click Remote Code Execution through CSRF that affects Oracle Cloud Shell and Code Editor Integrated Services.
Full details:
https://t.co/mIivj4KbzI
🚨Alert🚨 CVE-2025-49596:Critical RCE Vulnerability in Anthropic MCP Inspector
🧐Deep Dive from @avi_lum : https://t.co/g6Z6z2pwXU
📊137 Services are found on the https://t.co/g3tSyh1Boc yearly.
🔗Hunter Link:https://t.co/QLyDBnJalM
👇Query
HUNTER : https://t.co/yFFcJwegJK="MCP Inspector"
📰Refer:https://t.co/PPi84XBSAZ
https://t.co/kajaIUsuCX
#hunterhow #infosec #infosecurity #OSINT #Vulnerability
CVE-2025-49596 The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lac… https://t.co/ar0nqaAEBt
Today I used a technique that’s probably not widely known in the community.
In what cases could code like this lead to a vulnerability? ->
Last Seen Users on Sotwe
ဢႈၽႉဢွၼႇ
Seen from Thailand
ผู้ชายบ้านๆ
Seen from Thailand
@@@@@@
Daddy Lover
Seen from France
SintaSayannk
Seen from United States
Thích Ngửi Sịp Trai Thẳng
Seen from Vietnam
ไฮที่แปลว่า...🧊🧊🧊
Seen from Thailand
Maya (the only account)
Seen from Jordan
mzmzovo
Seen from United States
the best
Seen from Pakistan
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.4M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.9M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers