Olivia
Online
Dimitris Glynos
@dfunc
Cybersecurity | Product Security Expert | Founder of
Proxima Centauri
Joined September 2010
809 Following
1.1K Followers
1.5K Posts
Pinned Tweet
"From SSRF to sustained server engagement" slides and tools are now available here: https://t.co/O85xzmtrDr
Use this to turn low-value SSRFs to MEDIUM risk issues!
#appsec #infosec #cybersecurity #productsecurity
a new paper on efficient firmware fuzzing has arrived!
Khost uses near-native execution and rehosts ARM firmware inside KVM on an ARM host, dropping overhead by over 90% when compared to QEMU-based frameworks.
Some notes on Copy Fail or CVE-2026-31431, found by Xint Code (https://t.co/aQ5WpkEFaq). This is a very stable and very straightforward exploit. It worked almost on anything I tested and in some cases, there are no Kernel patches available in stable distributions (eg. Debian 13). Debian has not yet released a patched kernel for Trixie. The upstream fix landed in mainline 6.18.22 / 6.19.12, but the backport to Debian’s 6.12 kernel series for Trixie is not available yet. The available mitigation is pretty much the only option at the moment.
I'm hiring a research intern for summer 2026 to work with me on applied cryptography research projects. This is a paid, three-month, fully remote position. Check it out, and please spread the word! https://t.co/Bt5qKI8xhl
Who to follow
Ioannis Stais
@Einstais
IT Security Engineer & Director of Organization Security Testing @census_labs (Radio Callsign SV1TGF / 2020769)
New Book! https://t.co/2pWnSmFUij…
Christos Ricudis 🇬🇷🇸🇬🇹🇭🇮🇩
@christosricudis
Trisathlious nepiagogy kalabours with technete noemosyne
Manos Theodosis
@manos_theo
working on arch at @ZyphraAI.
phd from @Harvard.
ece at @ntua.
Arriving in Nuremberg for Embedded World 2026. See you at the intWave booth 5-474 https://t.co/7B3B1BdoeB
intWave intern Sifis Bampionitakis found that Portainer came with default settings allowing regular users to perform a host takeover. If you're sharing your #Portainer installation with other users it's best to update to 2.39.0 LTS. For the details see: https://t.co/cbM6wQjHUz
My CISO called me at 3 AM last Tuesday.
"We caught someone."
I asked, "Caught them doing what?"
He said, "Typing."
Let me explain.
We have an employee in IT. Great worker. Always online. Never complained. Perfect Slack etiquette.
One problem.
His keystrokes were arriving 110 milliseconds late.
One hundred and ten milliseconds.
That's 0.11 seconds.
The average American remote worker has 20-40ms of latency.
This guy? 110ms. Every. Single. Keystroke.
My security team ran the numbers.
That latency doesn't come from a bad router in Ohio.
That latency comes from Pyongyang.
Our "Senior DevOps Engineer" was a North Korean operative.
Running his work laptop through a laptop farm.
In America.
While he worked from a government building.
In North Korea.
He passed the interview. He passed the background check. He passed the vibe check.
He did not pass the speed of light.
Here's what people don't understand about physics:
Light travels 186,000 miles per second.
But it still has to go through China.
And China adds latency.
Since April, Amazon has caught 1,800 of these attempts.
Eighteen hundred.
I called an emergency meeting with my board.
I said, "We need to implement Keystroke Velocity Auditing across all remote employees."
They said, "That sounds invasive."
I said, "You know what else is invasive? The Democratic People's Republic of Korea in your Jira tickets."
They approved the budget.
We now monitor keystroke timing to the microsecond.
If your latency exceeds 60ms, you get a call from HR.
If it exceeds 100ms, you get a call from the FBI.
We've already flagged 47 employees.
Turns out 44 of them just have bad Wi-Fi.
3 of them are "still under investigation."
The lesson?
You can fake a resume.
You can fake a background check.
You can fake an American accent on Zoom.
But you cannot fake the speed of light.
Physics is the ultimate background check.
Hire accordingly.
Top researchers do their best to exploit bugs. "Something from Nothing - Exploiting Memory Zeroing in XNU": https://t.co/FYeKVMhRhD
Off to #hw_ioNL2025 in Amsterdam if you're around catch me in the hallways. Happy to exchange notes on CRA, supplier/vendor conformance and everything product security!
We've opened a position for an Application Security Engineer @ intWave. For more information see: https://t.co/a83FZVkgc2 #cybersecurity #appsec #hiring
Apparently the maintainer ~qix has been compromised affecting billions of installations on @npmjs
Here are the top 20 packages that qix contributed to with the number of installations per months:
1.6B --> ansi-styles
1.5B --> debug
1.3B --> chalk
1.2B --> supports-color
1.1B --> strip-ansi
1.0B --> ansi-regex
828.4M --> color-convert
823.1M --> wrap-ansi
820.8M --> color-name
310.9M --> is-arrayish
245.6M --> slice-ansi
202.5M --> error-ex
133.7M --> color
118.9M --> color-string
111.5M --> simple-swizzle
50.9M --> has-ansi
17.2M --> chalk-template
1.1M --> backslash
408.2K --> handler-agent
25.1K --> strip-ansi-stream
Source of claim: https://t.co/shwEmz4EBn
TLS 1.4 https://t.co/y227rWR5DR
@ProferoSec In the blog post the authors mention "a well-known attack on AES-128-CBC first block, if ~50 bits or more are known". Could you share a reference to the attack? Thank you.
1/N I’m excited to share that our latest @OpenAI experimental reasoning LLM has achieved a longstanding grand challenge in AI: gold medal-level performance on the world’s most prestigious math competition—the International Math Olympiad (IMO).
@xtsop @gutsOfDarkness8 I touched on multi threading as a bonus lecture but this wasn't the case every year. This remains a good reference on the subject https://t.co/xBCInaE0e3
@Agarri_FR See https://t.co/O85xzmtrDr
On Saturday I'll be at BSides Athens, presenting "From SSRF to sustained server engagement". Don't be shy, come and say hi. Happy to discuss anything related to product security. #infosec #appsec #productsecurity
I had a lot of fun making this challenge. I wanted to do a cloud security challenge where the cloud infrastructure is secure (IMDSv2, data perimeters), but something still allows it to be hackable and you need to know some advanced AWS security tricks to abuse it. 🤫 Try it out!
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.6M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers