Olivia
Online
adibou
@adibousec
hacking things
Joined November 2022
481 Following
457 Followers
181 Posts
“Bug bounty is dying” is noise.
Lock in. Make money. Use AI to 10x your output. If it eventually dries up, you’ll have enough capital to start that biz or enough experience to land a job.
Simple as that.
https://t.co/rLl6ZzmuvY
Earlier this year @SLCyberSec’s research team disclosed a vulnerability that allowed us to leak PII and emails stored inside Salesforce Marketing Cloud instances, for any customer, without authentication. You can read more about our research here: https://t.co/Og4HoMPAFM
when react2shell hit last year, i think vercel handled it brilliantly.
to protect their users, they paid $50,000 for every bypass researchers could find. we decided to participate, and ended up earning $170,000.
read how we did it here: https://t.co/2dM6Mf9PHU
Who to follow
Kévin GERVOT (Mizu)
@kevin_mizu
Vulnerabilty researcher at @assetnote 🐛 | DOMLogger++ developer 👨🏻💻 | CTF with @FlatNetworkOrg, @rhackgondins 🦦 | @ECSC_TeamFrance 2023 🇫🇷
Icare
@Icare1337
Pentester at Thales CDI | OSCP | Bug Bounty Hunter | Researcher | Ethical Hacker | Honoring my father, a hacker of the early days | ckj0756 | Icare
Hack'n Speak
@hacknspeak
Podcast francophone Hack'n Speak animé par @mpgn_x64
🚨 BREAKING: Wiz Research discovered Remote Code Execution on https://t.co/SvN2lGsnbO with a single git push
The flaw in @github allowed unauthorized access to millions of repositories belonging to other users and organizations 🤯
Chained CSPT into full account takeover using a 2FA bypass technique I hadn't seen used in bug bounty before.
https://t.co/4SHUJbPV68
The #FCSC2026 ended today, and my write-ups are now available here:
https://t.co/6e2WWjxKpD 🚩
I'm really happy with the challenges I managed to create this year! It would be too long to list everything, so here's a little teaser 👇
1/2
The #FCSC2026 ended today, my write-ups are now available on my website https://t.co/PbzPBa4dpX, don't hesitate to check them !
We have a rare opportunity to observe a bold move by Xiaomi's bug bounty program. After several internal discussions and a meeting with the board of directors, a Chinese conglomerate finalized the increase in the low-severity bounty range from $1 to $1-$2.
We've published a new blog post by RyotaK @ryotkak !
He exploited a directory deletion race condition in Google Cloud's Looker, leading to full RCE and K8s privilege escalation.
Read the technical details here:
https://t.co/3eFBt0tKbk
We partnered with Mozilla to test Claude's ability to find security vulnerabilities in Firefox.
Opus 4.6 found 22 vulnerabilities in just two weeks. Of these, 14 were high-severity, representing a fifth of all high-severity bugs Mozilla remediated in 2025.
I finally let Claude do my pentest this week. Full 5-day engagement, zero human input. Here's what the client got: 😏
https://t.co/1PPuxhs4V9
#bugbounty #pentesting #AI #cybersecurity #infosec #claudeai
Today I discovered that scammers are poisoning Google AI Overviews to display malicious data.
While searching for an airline support phone number, the AI-generated result surfaced a scam number operated by fraudsters.
Don't be lazy and double check the results 🫡
New research just dropped by @alien2exe on hijacking OAuth popups via predictable window. open() targets.
The chain uses iframe name collision forcing the auth flow into a controlled context, eventually linking an attacker-controlled addon to leak workspace PII and config data
https://t.co/GbimNCyqxx
Data Exfiltration in Google Gemini via... phone call?
Link in comments:
@FearsOff @Cloudflare This write‑up tells the story of how traffic aimed at that certificate path could reach origins behind Cloudflare even when the rest of the application was blocked by customer rules.
Enjoy the reading here https://t.co/Ti4Eceweh7
We hacked the AWS JavaScript SDK, a core library powering the entire @AWScloud ecosystem - including the AWS Console itself 🤯
How did we do it? Just two missing characters was all it took.
This is the story of #CodeBreach 🧵👇
I wrote an article about 8 vulnerabilities in Claude Code that allowed me to bypass the permission model and execute arbitrary commands!
onelifeitsworthanattempt.png
Quite a long work to get the exploit working and the article ready, but here it is !
Our pre-auth RCE in Livewire v3 (CVE-2025-54068) with @_remsio_ is live ! Enjoy the read :)
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.3M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers