Olivia
Online
Yanir Tsarimi
@Yanir_
hacking & looking for the unknown unknowns. cofounder @EnclaveAI
Joined October 2009
166 Following
3.4K Followers
119 Posts
Β Pinned Tweet
I hacked Microsoft's AI bot for healthcare on a Friday night
Within hours I could access data of multiple healthcare organizations, but it didn't stop there
Microsoft fixed the issue, and then I did it again, and again, and again..
Here's the story of Lethal Injection: π
Bottom line: If you use any of those apps on Android, update.
Full details on https://t.co/EwCS8PN4G8
We found a debug flag enabled in 6 Microsoft Android apps that turned into a vulnerability
Any app on the device could access the Microsoft account
Affecting: Word, OneNote, PowerPoint, Excel, 365 Copilot, Loop.
Here's the full story of "FlagLeft": π§΅
We reported everything to Microsoft and most of those reports received no bounty because they were out of scope, except one.
They did not apply to the "in-scope by default" terms as well, because "the issue does not have a demonstrated impact to a Microsoft owned cloud service"
We did however get a few CVEs.
Who to follow
sagitz
@sagitz_
Cloud Security Researcher at @wiz_io β’ Microsoft Most Valuable Researcher 21/22/23 β’ Black Hat Speaker β’ Ask me anything about https://t.co/57lyhfcUee
Kinnaird McQuade
@kmcquade3
AI security research. Chief Security Architect @btphantomlabs
Eli Ofek
@eliofek
Works for the Microsoft Advanced Threat Analytics (ATA) & Microsoft Defender for Identity (MDI/AATP) engineering team.
If you'd like to read more about the story and the technical details, you can read it in our blog: https://t.co/FYZzVIyz6K
What happens when your math and map processing libs become RCE vectors?
We've exploited OSS libraries to pop 2 shells on Microsoft's cloud infra, got assessed "low" severity, and found 2 bypasses again to defend our case, almost losing out on 6 digits in bounties
The current impact is over 120,000 repos just on GitHub. AI agents, LangChain, TiTiler, pandas.
Everybody wants the researchers to be responsible.
Here's how responsible disclosure looks like from the other side:
If you're using LangChain, check you're not using the LLMMathChain because it's still vulnerable. numexpr has tens of thousands of dependends, so the downstream risk is real.
As of now there is no patch offered for the numexpr RCE vulnerability.
A friendly reminder that CVD is an industry standard that is usually not for the benefit of the researcher.
Iβve personally had it used against me as a threat.
Microsoft Security Response Center put out a blog post today about Eclipse Nightmare guy
Basically they think he's super mean and totally not cool he's dropping zero days. They say you're a jerk if you do this stuff because it's dangerous and stuff
https://t.co/Bg5iFxI3lc
Linus, this week: "the continued flood of AI reports has basically made the security list almost entirely unmanageable".
At this pace, vulnerability triage at scale is about to become one of the most valuable categories in security infrastructure, and the reason is what AI has done to the economics of vulnerability research.
For context: curl ended its bug bounty in January after they got buried in AI submissions. @Hacker0x01 paused the Internet Bug Bounty in March, which forced Node.js to suspend bounty payouts shortly after. @Google stopped accepting AI submissions to its open-source VRP, then raised Android top payouts to $1.5M while cutting Chrome bonus categories that AI tools now produce almost routinely.
So, every disclosure channel that mattered five years ago is in some state of restructure, pause, or shutdown. Anyone with an LLM and a few hours can produce a finding, a CVSS score, and a suggested fix, and that whole layer is now commodity output. Now, more than ever, the valuable step is proving the bug is actually exploitable against a specific system with the right preconditions.
This is why I think vulnerability triage at scale is about to be a major business.
The disclosure mess is just the most visible symptom, but the same pressure exists in every pipeline where security data lands, whether it's internal scanner output, pentest deliverables, attack surface monitoring, or code review backlogs.
A finding nobody has proven exploitable against a specific system is a hypothesis, not a vulnerability. Meaning, every security team now has a pile of hypotheses with no scalable way to disprove them.
My take if you're running a security program right now: stop ranking findings by CVSS. Rank them by whether someone has actually proven they're exploitable on your system.
@thingwhere In a proper shared host you shouldnβt be able to access your nginx worker memory, nginx runs as a different user so you need root.
If you saw any shared hosting with unrestricted isolation please share
ASLR bypasses for those are pointless. There are no real Nginx instances vulnerable because that configuration pattern never exists.
Let alone βchaining LFIβ; if you can read files on the host youβve already won. Cut the FUD for no reason.
π¨ NGINX Rift CVE-2026-42945 PoC upgraded β full ASLR bypass now public.
New chain: heap overflow + same-host LFI / arbitrary file read β leaks runtime state from /proc/<worker>/mem, derives heap targets + system() address on the fly.
No hardcoded addresses. No ASLR disable. Unauthenticated RCE on rewrite + set directive setups.
Patch now:
β’ OSS: 1.30.1 / 1.31.0
β’ Plus: R36 P4, R35 P2, R32 P6
Last Seen Users on Sotwe
SitharaX
Seen from United Kingdom
moms and milfs
Seen from Turkey
kΔ±brΔ±s sex
Seen from Turkey
Ψ³ΩΨ³Ω Ω
ΨͺΨΨ±Ψ±Ω ΩΩ
ΩΩΩ
Seen from France
pantyless
Seen from Japan
Zarni
puppy π selling! π
Seen from United States
TATLI YUVALAR
Seen from Turkey
Indo bokep 18+
Seen from Indonesia
N,
Seen from France
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers