Olivia
Online
Ignis
@ahakcil
Ata Hakcil
Mad Scientist | ML/AI researcher | Vulnerability Researcher
|| 🐒 ||
Turkey
Joined February 2018
281 Following
1.6K Followers
1K Posts
Pinned Tweet
As promised, here it is - All the useful data i collected from 1.000.000.000 leaked credentials on the internet.
And yes, it includes a wordlist of most common ones too, and it has a %80 mismatch rate with rockyou.txt.
https://t.co/AoXNSydFS1
#infosec #bugbounty
After a first look through the contents looks like it's likely a false alarm and they just rolled nat 1 on every decision about the release instead
Krea AI compromised, using watering-hole .zip for filename in a watering hole attack is crazy levels of uninspired💀
magnet:?xt=urn:btih:2a644d0279182a022d08dd395ea593cfcc218e12&dn=https://t.co/qJoz3m67n0
@Dani__oros @senb0n22a @One1S33175 @krea_ai Looks clean. No deserialization fuckery to sidestep safetensors and no CVE-2026-4372 even though its transformers==4.57.1
Haven't scrutinized every dependency in uv.lock but I probably won't. We are comfortably in the Hanlon's Razor area about the release.
Who to follow
Mastering Burp Suite Pro
@MasteringBurp
Tips and tricks for Burp Suite Pro
Managed by @Agarri_FR | Not affiliated with @Portswigger
More free resources at https://t.co/MWqXmV66lr
terjanq
@terjanq
security enthusiast that loves hunting for bugs in the wild. co-founder and player of @justCatTheFish.
infosec at @google. opinions are mine.
dylan 
@_batsec_
red team @mdseclabs
@Dani__oros @senb0n22a @One1S33175 @krea_ai Can you send me the https://t.co/3hBi6mmRFU to audit? It's the only file I'm missing outside of the tensors right now
@senb0n22a @One1S33175 @krea_ai Not to mention other hints of incompetence in the launch that make people question if a serious company would do this such as:
* Releasing both models as zip so you can't selectively download/audit files
* Naming it watering hole
* everything else explained above
@senb0n22a @One1S33175 @krea_ai And worse yet, no comms through their website.
When people are concerned your social accounts might be compromised, the solution IS NOT more social accounts backing it up. It's a post on your website, or having people you know in the industry outside your org back you up.
@One1S33175 @krea_ai Would be a terrible move because it teaches the community that this is a ok to do and setting up a precedent for future ML SC attacks because they are telling people this is something they might do. If they get compromised in the future less ppl will question it's legitimacy.
@krea_ai Too many red flags for my taste. Nothing on Krea website/blog, shared as a zip file so files can't be selectively downloaded, a lot of people claiming to be working in Krea posting sha checksum of the file as "proof" that it is safe. Will be investigating the file contents.
Gaslighting LLM's with special token injection for a bit of mischief or to make them ignore malicious code in code reviews https://t.co/eNFcr0DUmH
@ODTUKuzeyKibris ODTÜ KKK bilgisayar mühendisliği mezunu ve şuan yine burada yüksek lisans yapan, siber güvenlik alanında da kendisini sektörde göstermiş birisi olarak tercih etmeyi düşünen arkadaşlar görüşlerim için bana DM atabilir
@bmmaloney97 @vxunderground That depends, do the sqlite files have same permissions as the corresponding image file, or are they accessible to every user?
If it is the same permission as the image file I don't see the need to have the ocr data encrypted
@bmmaloney97 @vxunderground Also, have you checked if the sqlite file is removed if you delete the image file? If it is retained after the image is deleted (maybe even until next time device is online and directory is synced) it could be cause for concern
@bmmaloney97 @vxunderground Idk, I don't use windows but makes sense in a sync scenario where you want to keep a directory synced across devices, or you don't want to lose files if something happens to the device.
About it being easier, I guess so but I still don't think this is a security/privacy concern
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.4M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.8M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.5M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.2M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.5M followers