Olivia
Online
Assetnote
@assetnote
Assetnote combines advanced reconnaissance and high-signal continuous security analysis to help enterprises gain insight and control of their evolving exposure.
Joined July 2017
0 Following
10.3K Followers
176 Posts
https://t.co/CM0dzRHaPo
Our security research team discovered a pre-authentication arbitrary file read as root in cPanel (CVE-2026-29205) โ a path traversal in cpdavd that we made exploitable by abusing Dovecot's + alias handling to create attacker-controlled directory names on disk.
We've updated cpanel2shell-scanner to cover both issues. Writeup and tool in replies.
๐
https://t.co/GRRpZuDDsI
Our team discovered a vulnerability in Salesforce Marketing Cloud that allowed us to leak PII of subscribers and emails sent through SFMC, without any auth. Assigned CVE-2026-22585, CVE-2026-22586, CVE-2026-22582, CVE-2026-22583, CVE-2026-2298. Read our writeup here: https://t.co/hxWQdSnRYW
We've released a high fidelity detection technique for CVE-2026-41940 (cPanel/WHM auth bypass). You can find the research post here: https://t.co/WYmjlIQF5i and the tool here: https://t.co/CM0dzRHIEW All other scanners and detection mechanisms so far will lead to false negatives.
Our team reverse engineered the Magento PolyShell pre-auth RCE - actively exploited in the wild. No auth needed to land a PHP webshell. RCE depends on server config, but the file persists regardless. Props to @sansecio for the heads up. https://t.co/nHEr26fHZx @SLCyberSec
Reverse engineering large enterprise apps means wading through hundreds of vendor dependencies. We got tired of it, so we built Hyoketsu to fix it - open source, with a pre-calculated 13GB NuGet + Maven hash database.
GitHub: https://t.co/5yey3qn7Z3: https://t.co/seLcP3OK9o
Our security research team created a high fidelity check for the Next.js/RSC RCE (CVE-2025-55182 & CVE-2025-66478). Read more on our blog here: https://t.co/MO5Lw1ZBLK
Our Security Research team discovered a critical vulnerability in Oracle Identity Manager, that leads to RCE without authentication. A patch was released 30 days ago by Oracle (CVE-2025-61757), and we highly recommend applying it. Our research post here: https://t.co/vu47rCY5Bw
Our Security Researcher @softpoison_ published his first research post, reverse engineering CVE-2025-54236 (SessionReaper) - a critical unauthenticated RCE in Magento. From understanding @Blaklis_'s original discovery, we wrote up our analysis here: https://t.co/xOVdFwrWQ8
Our Security Research team presented on Finding Critical Vulnerabilities in Adobe Experience Manager at @BSidesCbr late last month. Weโve published our research detailing the internals of AEM and how we discovered seven CVEs ranging in criticality here: https://t.co/sNmbrYZjiN.
Earlier this year, our Security Research team discovered a high-risk secondary context path traversal issue in Omnissa Workspace One UEM (CVE-2025-25231). We also developed a chain to RCE on instances in the wild. You can read our detailed research here: https://t.co/p3j7V0nbC4
The final research blog from @SLCyberSec's Christmas in July concerns three more critical vulnerabilities that our security researchers have uncovered in Adobe Experience Manager Forms: two paths to RCE and a pre-authentication XXE https://t.co/AlwN80cNqC
Our Security Research team at @SLCyberSec found four vulnerabilities in the quality management platform ETQ Reliance, including a critical Remote Command Execution: https://t.co/aUSaJ7o14e
Sometimes, SQL injection is still possible, even when prepared statements are being used. Our researcher @hash_kitten has written up a blog post about a novel technique for SQL Injection in PDOโs prepared statements: https://t.co/oh7iVBc3t1
Our Security Research team at @SLCyberSec discovered a pre-authentication RCE vulnerability in Sawtooth Lighthouse Studio (CVE-2025-34300). It affects all versions up to 9.16.14. Read more here: https://t.co/QyMmRuHXB2
Continuing @SLCyberโs Christmas in July posts, our Security Research team discovered a pre-authentication NTLM hash disclosure vulnerability in DNN (formerly DotNetNuke), assigned CVE-2025-52488. Read more on our blog here: https://t.co/0swNJ9Zca9
For our first Christmas in July research post: How we managed to get persistent XSS on every Adobe Experience Manager Cloud instance three times! https://t.co/BbwEcXmF4S
Weโre trying to buck the trend of critical vulnerabilities all landing at the end of the year, much to the despair of security professionals! This July, weโll be publishing a series of vulnerabilities across the month. Stay tuned: https://t.co/XHPN4R96Nr
Our team recently used a novel technique to increase the impact of what seemed to be only a blind SSRF. This novel technique involving HTTP redirect loops and incremental status codes led to full HTTP response leakage. Read more on @SLCyberSec blog here: https://t.co/gSBKN2ZibE
Last Seen Users on Sotwe
๐ฑ๐พ๐ ๐ฆเผโ
Seen from United Kingdom
Ucok
Seen from Thailand
Ukhti Ria โ๏ธ
Seen from Malaysia
Paww Muแปn Sแป Cu
Seen from Vietnam
Coisini
Seen from Mexico
Abonelik รnlรผler
Seen from Egypt
Emilly
Seen from Turkey
chris bethea
Seen from Turkey
Salmanji
Seen from Netherlands
Eล Sevgili ฤฐfลa Paylaลฤฑm Platformu
Seen from Turkey
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers