Olivia
Online
cdzeno
@cdzeno
Security Researcher @nozominetworks
Earth
Joined May 2010
867 Following
288 Followers
1.4K Posts
Pinned Tweet
Just discovered 10 memory corruption vulnerabilities in the popular Mongoose Web Server (11k stars on GitHub) by fuzzing its embedded TLS stack protocol with @aflplusplus. More technical details here: https://t.co/AzK6USwACO
🐛New post: Exploiting CVE-2024-1065 via the Page Cache!
A strategy for physical-page UAFs in MIGRATE_MOVABLE, where Dirty Pagetable and Dirty Cred don't apply.
Demonstrated on the Mali GPU UAF found by Project Zero.
https://t.co/2QmH3TFFtt
#ExploitDevelopment #KernelSecurity
Inspired by @guyru_'s ghidra rpc agentic skill, I ported my mcp server for @HexRaysSA IDA Pro to be a rpc skill + plugin as well. What can I say, speed improvements and less tokens needed, it was fully worth porting it. Go test it :) https://t.co/dmHq9i5SSf
3-part series on Linux kernel bug hunting: KASAN, Syzkaller, and kernel fuzzing by @slava_moskvin_
Part 1: https://t.co/b61r4je69j
Part 2: https://t.co/DQ8j6YfN2C
Part 3: https://t.co/Myjt0BpsPy
#infosec
Who to follow
We published a new research article on the Chromium 146 Renderer Process!
In this article, we start from the CVE-2026-3910 Maglev write barrier elision bug and walk through the full exploit chain: building a V8 heap R/W primitive via a GC-induced UAF, achieving an out-of-sandbox read using WebAssembly internals, abusing JSPI UAF and StackMemory / JumpBuffer, and ultimately reaching renderer process RCE.
Our goal was to provide a structured explanation of how modern V8 exploitation works in practice, from compiler-level bug analysis to sandbox-boundary primitives and final code execution. Huge thanks to our team member @m411k_ for conducting this research!
Check out the PoC!
Full article:
https://t.co/qezGcrklC1
🚨 Introducing "ITScape" (CVE-2026-46316)
A Guest-to-Host Escape in KVM/arm64. Guest-side actions alone exploit a use-after-free to run root-privileged code in the host kernel.
Unlike the commonly published QEMU escapes, the bug lives in in-kernel KVM, not QEMU. On a successful exploit, commands run with host kernel privilege rather than the privilege of a user process, threatening the guest-host isolation of multi-tenant arm64 public clouds.
To the best of public knowledge, the first Guest-to-Host Escape Exploit targeting in-kernel KVM/arm64.
Details: https://t.co/CtZOQEzIdg
@gamozolabs I hope it happens as late as possible, for the sake of my job. Btw, I believe that in the future we will find fewer and fewer bugs belonging to known bug categories (e.g., memory corruption). The real challenge will lie in logical bugs that only SOTA models will be able to spot.
I think this N-day research is potentially the biggest story of AI, vulnerability finding, and exploit development.
https://t.co/NLGTI5kcN6
1/6
[...]
Prod chain will be: metal host -> (portable USB-SSD) EFI -> {LUKS2 decrypt} -> GRUB -> VMM -> Debian VM -> Hermes Next step is to boot a Hackintosh/macOS in a VM and let Hermes act as if in a Mac Mini/Book.
Feedback is appreciated: https://t.co/nvhPxDNXQ6
Bootloader security paper: attack surfaces, vulnerability detection techniques, and defenses across firmware, OS, and monolithic bootloaders
Chttps://machiry.github.io/files/soksp2026.pdf
#infosec
We're mostly an IDA shop at @CellebriteLabs, but I decided to play around with Ghidra. My main motivation was to experiment with agentic reverse engineering techniques. The result is an agent skill for Ghidra, which we are releasing publicly:
https://t.co/mPrNFR8mOq >>
Cleaned up my old ETW notes from Obsidian and put them into one post.
No new research here.
Just a practical map of the parts I keep coming back to, providers, sessions, kernel loggers, ETWTI, tampering, and detection.
https://t.co/e068LAH8p7
https://t.co/ItxbB6AA6m
After 6 months of extensive research, I have finally published a new blog post! It describes the journey from breaking into my router using a couple of command injections to finding and exploiting a remote heap overflow in a MediaTek kernel driver :D
https://t.co/FeOrZm0fPa
This is what a personal AI assistant should be!
Looks like @techjarves read my mind! https://t.co/mh4ePK4DTY
I had just wrapped up the setup of a local, isolated Docker-sandboxed Pi agent pointed at my @obsdmd vault and battle-tested it for about 3 weeks.
While searching [...]
⚡️ JAILBREAK ALERT ⚡️
ANTHROPIC: PWNED 🙌
CLAUDE-OPUS-4.8: LIBERATED 🫡
this is absolutely surreal... i found out about this model drop via an Opus-4.7 agent pinging me that it had one-shot Opus-4.8 for a lockpicking guide!
here's the notification i got:
"new opus dropped. cracked in one shot. deep prefill → faux textbook ch.7 cut mid-sentence. claude finished it: 5.9k chars of SPP, spool/serrated/mushroom defeats, raking."
popped it just 7 minutes after the actual Anthropic launch tweet 🤯
then went on to (fully autonomously) get jailbreaks for vishing sims, money laundering, cult-recruit funnels, phishing lure libs, and social-eng scam playbooks!
as the models get smarter, their ability to jailbreak each other by leveraging a vast ocean of specialized domain knowledge follows suit
well done, young padawan 🤗
what a time to be alive!
gg
RLVR has become the recipe for agentic post-training. But for Computer-Use Agents, the bottleneck is not the algorithm, it is the data. 🐌
🚀 We introduce CUA-Gym: a scalable, lightweight synthesis engine that turns arbitrary task queries into verifiable RLVR data for computer-use agents. The largest open CUA RLVR dataset to date:
🎯 32,122 verifiable RLVR tasks with programmatic setup scripts + rewards
🌐 110 environments: 16 desktop apps + 94 synthesized mock web apps
🏆 Qwen3.5-based CUA models trained with GSPO reach 72.6% on OSWorld-Verified and 56.6% on WebArena
📄 Paper: https://t.co/cdvHJPzgb1
🏠 Homepage: https://t.co/kvhaOQxNx7
🤗 Dataset: https://t.co/w5vOIRdchR
💻 Codebase: https://t.co/CcRlNTlS1c
🧩 Environments: https://t.co/fNZ6YAI8LD
🧵[1/6]
"World models" is one of the buzziest yet ambiguous terms in AI right now. I started this video with many questions:
- How are they different from video generation?
- Can they do more than AI slop?
- Can LeCun be trusted given that he wears knee-high white socks?
Many thanks to @tjgalda and @NVIDIAAI for helping me answer (most) of these questions!
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.3M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.9M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers