Olivia
Online
baas
@baas
HTB CAPE | OSEP | OSCP | CARTE | CRTO | CRTP
Rabat
Joined May 2008
446 Following
740 Followers
1.6K Posts
Pinned Tweet
Why would you be using this when there is XMR anyways
BREAKING.: Biggest privacy token $ZEC crashed over -50% in the last 24 hours and wiped out $5 Billion from its market cap.
The flaw was hidden inside Zcash's Orchard privacy pool since May 2022 and remained undetected for nearly 4 years despite multiple security audits.
Security researcher Taylor Hornby reportedly used Claude Opus 4.8 AI model to build a working proof-of-concept that successfully generated counterfeit ZEC in local testing on May 29.
Although the bug has now been patched on June 2, The issue is that Zcash's privacy design makes it impossible to know if any fake ZEC was minted before the fix. Unlike Bitcoin, where anyone can verify the supply, Zcash's privacy design makes it impossible to audit whether fake coins were secretly minted before the fix.
The team denies any fake ZEC was minted, but traders are selling on the fear alone. Imagine someone secretly adding extra chips to a casino, but because of the way the system works, neither the casino nor the players could tell which chips were real and which were fake.
Shielded Labs is exploring a proposed Network Upgrade to allow anyone to verify the integrity of Zcash supply.
@noefzaz Haal je OSCP
Update 5:05 PT: The attack has now expanded well beyond @TanStack and @Mistral.
373 malicious package-version entries across 169 npm package names, including @uipath, @squawk, @tallyui, @beproduct, and more.
The malware propagates by stealing your CI credentials and using them to publish new compromised versions.
Full IOCs, affected package list, and detection steps: https://t.co/jWG9DUCu3x
Who to follow
Two more zerodays - https://t.co/kUgSQqq0s8
Microsoft is investigating mistralai PyPI package v2.4.6 compromise. Attackers injected code in mistralai/client/__init__.py that executes on import, downloads hxxps://83[.]142[.]209[.]194/transformers.pyz to /tmp/transformers.pyz, and launches a second-stage payload on Linux. The file name transformers.pyz appears deliberately chosen to mimic the widely used Hugging Face Transformers library and blend into ML/dev environments.
The main payload is a credential stealer, but it also includes country-aware logic; it avoids Russian-language environments and contains a geo fenced destructive branch that has 1-in-6 chance of executing rm -rf / when the system appears to be in Israel or Iran.
To mitigate this threat: isolate affected Linux hosts, block 83[.]142[.]209[.]194, hunt for /tmp/transformers.pyz, pgmonitor[.]py, and pgsql-monitor.service, and rotate exposed credentials.
![MsftSecIntel's tweet photo. Microsoft is investigating mistralai PyPI package v2.4.6 compromise. Attackers injected code in mistralai/client/__init__.py that executes on import, downloads hxxps://83[.]142[.]209[.]194/transformers.pyz to /tmp/transformers.pyz, and launches a second-stage payload on Linux. The file name transformers.pyz appears deliberately chosen to mimic the widely used Hugging Face Transformers library and blend into ML/dev environments.
The main payload is a credential stealer, but it also includes country-aware logic; it avoids Russian-language environments and contains a geo fenced destructive branch that has 1-in-6 chance of executing rm -rf / when the system appears to be in Israel or Iran.
To mitigate this threat: isolate affected Linux hosts, block 83[.]142[.]209[.]194, hunt for /tmp/transformers.pyz, pgmonitor[.]py, and pgsql-monitor.service, and rotate exposed credentials.](https://pbs.twimg.com/media/HIFr1UIXsAAeU_g.png)
Hahahahahaha
VPNs are HURTING CHILDREN
Hahahaha fucking stupid fucks
Still the hardest logo tech has ever produced
Microsoft Edge loads all your saved passwords into memory in cleartext — even when you’re not using them.
Het is oorlog maar niemand die het ziet
ShinyHunters hackt gegevens van 275 miljoen docenten en studenten https://t.co/pkCpcyRnuR
‼️Copy Fail (CVE-2026-31431) is a Linux privilege escalation bug that lets any local user get root using a 732-byte Python script, and itworks on basically every major Linux distro shipped since 2017.
Website: https://t.co/f5G6KnEv35
Write-up: https://t.co/W86Pz2PC6C
GitHub: https://t.co/zAMTC6nTRk
It's a logic flaw in the kernel's crypto code (authencesn via AF_ALG and splice()) that allows a small write into the page cache, which can be used to tamper with a setuid binary like /usr/bin/su.
Think how bad this is going to be for shared environments like Kubernetes, CI runners, and cloud sandboxes, where it enables container escape and tenant-to-host compromise.
Found by Theori's Xint Code scanner, patched in the mainline kernel, and publicly disclosed on April 29, 2026; if you can't patch right away, the recommended workaround is to disable the algif_aead module.
Bijna alle inwoners van Epe getroffen door datalek, 500.000 bestanden gestolen https://t.co/ccvmAIiTrj
Lovable has a mass data breach affecting every project created before november 2025.
I made a lovable account today and was able to access another users source code, database credentials, AI chat histories, and customer data are all readable by any free account.
nvidia, microsoft, uber, and spotify employees all have accounts. the bug was reported 48 days ago. its not fixed. They marked it as duplicate and left it open.
hackers as the first group to embrace KYC for access to new models is cutting me deep. we used to be rebels
I warned back in December 2023 (!!!) that push notifications were a major opsec hazard being exploited by US intelligence to break encryption, and now here were are:
https://t.co/8yZWy6tv53
i'm not satoshi, but I was early in laser focus on the positive societal implications of cryptography, online privacy and electronic cash, hence my ~1992 onwards active interest in applied research on ecash, privacy tech on cypherpunks list which led to hashcash and other ideas.
I just pwned Sweep on HackTheBox
https://t.co/V7hIRqgHNe
Claude code source code has been leaked via a map file in their npm registry!
Code: https://t.co/jBiMoOzt8G
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers