Olivia
Online
Behnam
@bdsecure
vulnerability researcher | full-time learner
Vienna, Austria
Joined June 2017
5.1K Following
839 Followers
885 Posts
🚨 Introducing "ITScape" (CVE-2026-46316)
A Guest-to-Host Escape in KVM/arm64. Guest-side actions alone exploit a use-after-free to run root-privileged code in the host kernel.
Unlike the commonly published QEMU escapes, the bug lives in in-kernel KVM, not QEMU. On a successful exploit, commands run with host kernel privilege rather than the privilege of a user process, threatening the guest-host isolation of multi-tenant arm64 public clouds.
To the best of public knowledge, the first Guest-to-Host Escape Exploit targeting in-kernel KVM/arm64.
Details: https://t.co/CtZOQEzIdg
Offensivecon's talks are now available on our YouTube channel!
🔗 https://t.co/cBmHPsj7qV
Chrome’s JavaScript engine V8 is getting harder and harder to find bugs in..
But powerful models still find a way!
Yesterday’s Chrome release fixed CVE-2026-9973; A JIT loop optimization bug we found using gpt-5.5 in Codex. It had been around for over 2 years…
‼️ After the MSRC blog post about Nightmare-Eclipse, researchers are coming forward with their own MSRC horror stories.
The response from the security community isn't going Microsoft's way. As they’re not backing Microsoft.
Gabriel Landau, a well-known Windows security researcher, says he reported a Device Guard bypass with a 90-day window. MSRC told him it met their bar and they'd fix it, then asked him to hold disclosure for extra months. He agreed on the condition they issue a CVE. They patched it silently, decided after the fact it "didn't meet the bar," and never issued the CVE. In his words: "MSRC strung me along for a few extra months to keep me quiet, then broke their word."
Another researcher, rootsecdev, says he responsibly disclosed a legacy-auth flaw that allowed password spraying while avoiding smart lockout. Five months later, MSRC replied that it "doesn't meet the bar for servicing," silently fixed it, and closed the case.
Microsoft's post was meant to defend their coordinated disclosure policy. Instead it became a thread of researchers explaining why they've stopped trusting their process.
Fuzzing has long been one of the most effective methods for finding vulnerabilities. But what happens when an LLM takes the wheel?
Our latest research explores autonomous, AI-driven fuzzing and what it means for the future of security testing. 👇
https://t.co/A363bfZsCD
The conference ticket shop for Offensivecon Tokyo is open!
Not many tickets left...
🔗 https://t.co/0jFnO9MiL8
Aaaand it's official! Orange Tsai (@orange_8361) of DEVCORE Research Team chained 3 bugs to achieve Remote Code Execution as SYSTEM on Microsoft Exchange, earning a whooping $200,000 and 20 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin
[2]After our failed competition, we headed to Apple Store and bought the mbp m5 and spent less than half an hour to set it up and found a fixed offset is changed 1 bit on it, so we just change 1 bit on our exp and it worked with a 100% success rate. Yes just 1 bit change, 1 to 2.
![ga1ois's tweet photo. [2]After our failed competition, we headed to Apple Store and bought the mbp m5 and spent less than half an hour to set it up and found a fixed offset is changed 1 bit on it, so we just change 1 bit on our exp and it worked with a 100% success rate. Yes just 1 bit change, 1 to 2. https://t.co/SzYzz0D3Ke](https://pbs.twimg.com/media/HIZRMiTXMAATG2c.jpg)
@thezdi ❤️🥇🔥
That's a wrap on Pwn2Own Berlin 2026! 🏆 $1,298,250 awarded. 47 unique 0-days. 3 days of absolute chaos. And talk about main character energy - congrats to DEVCORE for claiming Master of Pwn with 50.5 points and $505,000 - they never slowed down. See you next year! #Pwn2Own #P2OBerlin
Offensivecon is coming to Tokyo! 🔗 https://t.co/VGZ1shw2b1
Ticket shop, sponsorships and CFP are already open...
Mind blown alert 🤯! Nguyen Hoang Thach (@hi_im_d4rkn3ss) of STARLabs SG (@starlabs_sg) used a Memory Corruption bug to exploit VMware ESXi with the Cross-tenant Code Execution add-on, earning a sweeeeeet $200,000 and 20 Master of Pwn points. Full win let's go! #Pwn2Own #P2OBerlin
TRIPLE YAAAAAAAAAAA! That's 3 for 3 - what a legend 👑 Sina Kheirkhah (@SinSinology) of Summoning Team was able to exploit Red Hat Enterprise Linux for Workstations! Time for the disclosure room to dish the deets. #Pwn2Own #P2OBerlin
We are hiring for vulnerability researchers! If you are at @offensive_con, let’s chat!
https://t.co/uMZEPtfrLy
There it is! Orange Tsai (@orange_8361) of DEVCORE Research Team was able to exploit Microsoft Exchange! If confirmed, they win a whooping $200,000 and 20 Master of Pwn points. Off to the disclosure room to explain how they did it and seal the deal. #Pwn2Own #P2OBerlin
Claude helped me with this bug too but in a different way... Tried to gaslight me saying it wasn’t ~exploitable in practice~ and I got obsessed with proving it wrong 😩
That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉
‼️🚨 Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots.
Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's usual secrecy.
▪️ AI surfaces a massive wave of 0-day RCEs.
▪️ Submissions overwhelm ZDI past max capacity.
▪️ Slots run out. Researchers with working chains get rejected.
▪️ "Revenge disclosures" begin. ← we are here.
Confirmed casualties so far:
▪️ @xchglabs : 86 vulnerabilities prepared (PyTorch, NVIDIA, Linux KVM, Oracle, Docker, Ollama, Chroma, LiteLLM, llama.cpp). All rejected. Now reporting directly to vendors with writeups dropping as patches land.
▪️ @ggwhyp : full-chain Firefox RCE on Windows. Rejected. Publicly demoed (HTML page → cmd.exe → calc.exe). Responsibly disclosed to Mozilla.
▪️ @yunsu_dev : working RCE chain, rejected. Submitting elsewhere.
▪️ @ryotkak : tried to register for 3+ weeks. ZDI confirmed "at maximum capacity, can't add extra contest days." Considered canceling flight and hotel.
▪️ @anzuukino2802 : Claude Code RCE PoC. Rejected.
▪️ @desckimh : 0-day RCEs in Ollama and LM Studio. Rejected.
Reported impact: a community-estimated 150+ researchers tried to register. Accepted contestants are now being warned about collisions. Rejected vulnerabilities going to bug bounty programs may trigger pre-event patches that invalidate the work of those who got in.
ZDI has not publicly addressed the capacity issue. The event still runs May 14-16 in Berlin.
The secret's out.🤫
Introducing THE https://t.co/iULfuMrtEd COMMUNITY 👾
Inside:
• 0-day vuln deep dives from @xint_official, @stdoutput, @pspaul95 & more...
• Access to events & a network of world-class hackers
• CTFs with prizes
Join now :)
Last Seen Users on Sotwe
Bottom Boy
Seen from Netherlands
asıl yonca
Seen from Turkey
ur cutie gf ♡ 
Seen from Colombia
嗷呜鲨鱼🦈
Seen from Singapore
della fajriani69
Seen from Indonesia
🔥El Rey Del Morbo🔥
Seen from Mexico
TÜRK PORNO 🇹🇷
Seen from United Kingdom
Mother Chud
Seen from Singapore
amat
Seen from Indonesia
Sweet Mom
Seen from Indonesia
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers