Olivia
Online
asylumdx
@asylumdx
Joined June 2018
816 Following
188 Followers
1.3K Posts
🔓 On an asset under our continuous monitoring, our pentester @nol_tech turned a SELECT-only PostgreSQL SQLi in Drupal (CVE-2026-9082) into a full RCE when DB role is superuser. Details below 👇
📝 https://t.co/R7F5XQ2vZD
🛠️ https://t.co/yRJ8zX1Nlb
#Drupal #PostgreSQL #RCE #SQLi
StubZero: $148,337 RCE in Google Cloud Production
https://t.co/m7cBnSTaj4
rip lil buddy
https://t.co/rLl6ZzmuvY
Microsoft is investigating mistralai PyPI package v2.4.6 compromise. Attackers injected code in mistralai/client/__init__.py that executes on import, downloads hxxps://83[.]142[.]209[.]194/transformers.pyz to /tmp/transformers.pyz, and launches a second-stage payload on Linux. The file name transformers.pyz appears deliberately chosen to mimic the widely used Hugging Face Transformers library and blend into ML/dev environments.
The main payload is a credential stealer, but it also includes country-aware logic; it avoids Russian-language environments and contains a geo fenced destructive branch that has 1-in-6 chance of executing rm -rf / when the system appears to be in Israel or Iran.
To mitigate this threat: isolate affected Linux hosts, block 83[.]142[.]209[.]194, hunt for /tmp/transformers.pyz, pgmonitor[.]py, and pgsql-monitor.service, and rotate exposed credentials.
![MsftSecIntel's tweet photo. Microsoft is investigating mistralai PyPI package v2.4.6 compromise. Attackers injected code in mistralai/client/__init__.py that executes on import, downloads hxxps://83[.]142[.]209[.]194/transformers.pyz to /tmp/transformers.pyz, and launches a second-stage payload on Linux. The file name transformers.pyz appears deliberately chosen to mimic the widely used Hugging Face Transformers library and blend into ML/dev environments.
The main payload is a credential stealer, but it also includes country-aware logic; it avoids Russian-language environments and contains a geo fenced destructive branch that has 1-in-6 chance of executing rm -rf / when the system appears to be in Israel or Iran.
To mitigate this threat: isolate affected Linux hosts, block 83[.]142[.]209[.]194, hunt for /tmp/transformers.pyz, pgmonitor[.]py, and pgsql-monitor.service, and rotate exposed credentials.](https://pbs.twimg.com/media/HIFr1UIXsAAeU_g.png)
I made a /goal command for claude code:
https://t.co/7LkZNVbkAO
Spying on everybody's Discord attachments with HTTP desync
https://t.co/SDOirGYIpg
I pointed claude opus at chrome and told it to build a full v8 exploit for discord.
A week of back-and-forth pulling it out of dead ends. 2.3B tokens. $2,283 in API costs, and it popped a shell.
https://t.co/vwj9d33Bvq
Technical report released: The AI-Assisted Breach of Mexico’s
Government Infrastructure
https://t.co/RHvMgoNLh8
Introducing Project Glasswing: an urgent initiative to help secure the world’s most critical software.
It’s powered by our newest frontier model, Claude Mythos Preview, which can find software vulnerabilities better than all but the most skilled humans.
https://t.co/NQ7IfEtYk7
You can read a detailed technical report on the software vulnerabilities and exploits discovered by Claude Mythos Preview here: https://t.co/AgU6ltV2qW
@farhanhelmycode sama, first time almost reach weekly limit on $200 plan.
What are the limits of AI-assisted vulnerability hunting? I obtained 23 CVEs in one month.
BentoML 8.2k CVE-2026-27905 HIGH
SillyTavern 24.6k CVE-2026-26286 HIGH
Plane 28.2k CVE-2026-27705 MEDIUM
NocoDB 46.4k CVE-2026-28399 MEDIUM
Mautic 8.4k CVE-2026-3105 HIGH
File Browser 27.9k CVE-2026-28492 HIGH
OpenReplay 7.3k CVE-2026-28443 MEDIUM
SuiteCRM 4.0k CVE-2026-29096 HIGH
Pimcore 3.6k CVE-2026-27461 HIGH
Craft CMS 5.2k CVE-2026-32263 MEDIUM
Froxlor 1.6k CVE-2026-30932 HIGH
Actual Budget 3.2k CVE-2026-27638 HIGH
Lemmy 14.0k CVE-2026-29178 MEDIUM
Chartbrew 2.6k CVE-2026-27005 HIGH
Tautulli 1.7k CVE-2026-28505 HIGH
Typebot 9.5k CVE-2026-33712 CRITICAL
LibreChat 34.7k CVE-2026-31942 HIGH
Coolify 33.8k CVE-2026-27883 HIGH
Gotenberg 3.0k CVE-2026-27018 HIGH
Unkey 5.2k CVE-2026-28339 MEDIUM
Piwigo 3.3k CVE-2026-27634 CRITICAL
Pixelfed 10.7k CVE-2026-27011 HIGH
Follow (Folo) 3.0k CVE-2026-27499 HIGH
We at @verialabs built an autonomous CTF agent in a weekend and won 1st place at @BSidesSF 2026, solving all 52/52 challenges.
It races multiple AI models (Claude, GPT-5.4) in parallel, each in isolated Docker sandboxes with full CTF tooling. A coordinator LLM reads solver traces and sends targeted guidance to stuck agents.
As AI gets better at finding and exploiting vulnerabilities, we think it's important to understand exactly how good it is and where it fails.
https://t.co/MnbR9anYTS
to all pwn2own gooners out there, headsup! in the last 4 hours litellm pypi package has been backdored and a bit of decoding shows, it steals almost every fucking key you got (that's the least it does)
*An attempt in this category might be launched from the local apt's laptop*
Opus 4.6 (1M) through Claude code solved autonomously 45/54 challenges of BSidesSF 2026 @BSidesSFCTF, placing temporarily into the 21st place, 25th as of now.
This was done with 0 involvement, I didn't give any guidance or manually reviewed any challenges. I used BoxPwnr 🤖 with the CTFd platform to launch challenges in multiple instances, that's it.
I will publish all the traces once the competition finishes, in the meantime you can see the challenges, number of turns and time it took to solve each here:
https://t.co/aNuytp09TM
In the following days I will try to understand why it couldn't solve the 9 remaining challenges: difficulty? long exploration-context rotting? interactive interaction required? challs using video/image? We will see.
Models have improved significantly in the last 6 months, see Cybench results Opus 4.1 vs 4.6 (42% to 93%) https://t.co/aBJeYxSbqe
It's crazy to see what LLM's can do with a minimum harness.
vibe coded a fuzzing ai agent last month and let it run for a week using my $200 claude max.
it then found 21 high/critical vulnerabilities in Chrome.
The moment Israel targeted British journalist Steve Sweeney in southern Lebanon.
After much reflection, I have decided to resign from my position as Director of the National Counterterrorism Center, effective today.
I cannot in good conscience support the ongoing war in Iran. Iran posed no imminent threat to our nation, and it is clear that we started this war due to pressure from Israel and its powerful American lobby.
It has been an honor serving under @POTUS and @DNIGabbard and leading the professionals at NCTC.
May God bless America.
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers