Olivia
Online
Nguyen The Duc
@ducnt_
Just another web warrior ⚔️ Security Researcher ۞ Principal Security Engineer @Verichains ۞ Pwn2Own 2023 ۞@vnsec squad ۞ 💰 ۞ nano 💻
Inside The PHP Storm
Joined February 2017
391 Following
2.6K Followers
1.3K Posts
Pinned Tweet
So, here is another gift for you about Imagemagick RCE 0-day that afftceted to GhostScript-9.50 😀
https://t.co/RR2uvMFuIn
#RCE #imagemagick #ghostscript
@CryptoTaffy 😄. Gr8 work bro.
gnosis pay exploit root cause: a taint of revert data
https://t.co/uChmzblwR0
We reported a critical loss of funds bug to @Thorchain (32M TVL, 150M FDV)
They silently patched it and told us their bug bounty program is permanently retired.
We have more Thorchain chain halt DoS vulns. We intend to release them (open disclosure) in the coming few days
Así es como se ve un lanzamiento de cohete desde 400 km sobre la Tierra a bordo de la ISS.
@StarSnap_1
#MateriaOscura
Engineering is magic
security research now has this weird incentive where finding the bug is only half the game. the other half is packaging the story as "claude/codex found it" because that’s where all the attention is right now. model providers, with their big accounts and distribution, will push the story for you.
it looks win-win. weirdly, the human taste, target selection, hand holding, all get compressed into "the model found it".
frontier model companies happily push that narrative, while the researcher slowly gets devalued.
Never stop selling
That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉
NGINX rift: We autonomously discovered this 18 yr old heap overflow (CVE-2026-42945) in @nginx impacting version 0.6.27 to 1.30.0. If you use rewrite and set directive, you maybe impacted! Please update your NGINX or change the config to mitigate it. Read more at https://t.co/KeoblrGL24
Proud of the team.
They went after a corner of the Linux kernel that nobody had bothered to look at, found a bug that had been sitting there for 14 years, and quietly got on with it. No fuss. Just good work.
If any vendors looking for extra pair of eyes, let me know.
PoCs for Apache Tomcat Unauth RCE (CVE-2026-34486) and Apache httpd Pre-auth RCE (CVE-2026-23918) are now public on our Github.
Tomcat exploit is fully reliable. httpd chain works in a controlled lab setup with a known info leak.
https://t.co/D3dg5iTuwP
https://t.co/2zyr1ds4Mo
Microsoft $MSFT developers watching Claude integrate better than Copilot in their own software
Patch your Linux boxes!
https://t.co/VWOUDbLAn2 is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms.
Found by the teams at @theori_io and @xint_official
More details below
https://t.co/9f6T96PvPX
🚨: A civilization 2,000 light-years away pointing a powerful enough telescope at Earth right now would see the Roman Empire.
They'd see Jesus alive.
🚨 BREAKING: Wiz Research discovered Remote Code Execution on https://t.co/SvN2lGsnbO with a single git push
The flaw in @github allowed unauthorized access to millions of repositories belonging to other users and organizations 🤯
Centralization exposed inside Tron USDT 🚨
Here’s what is happening:
Tether just executed the largest freeze in its history.
More than $344,000,000 in USDT (TRC-20) blocked on Tron.
By Tether itself.
- Coordinated with OFAC and US law enforcement
- Executed directly through the USDT smart contract
- Funds are now visible but completely unusable
This is how it works:
- Tether has admin control over USDT contracts
- Can blacklist any address
- Can freeze balances instantly
- Can permanently destroy funds
Functions used:
- addBlackList(address)
- removeBlackList(address)
- destroyBlackFunds(address)
Now here’s where it gets interesting
Timeline
April 20
- Arbitrum freezes ~$71M linked to hackers
April 21
- Justin Sun tweets:
“the most decentralized blockchain in the world is Tron”
April 23
- Tether freezes $344M on Tron
No response from Justin Sun so far
The irony writes itself
Stay safe.
Introducing Project Glasswing: an urgent initiative to help secure the world’s most critical software.
It’s powered by our newest frontier model, Claude Mythos Preview, which can find software vulnerabilities better than all but the most skilled humans.
https://t.co/NQ7IfEtYk7
NASA Artemis passing close to the Moon
CTF in 2026
Last Seen Users on Sotwe
Loạn luân mẹ con
Seen from Vietnam
@bacot.net
Seen from Indonesia
你穿啥色袜子
BIG BOOTY RIDERS🍑🍑🤤🤤
Seen from Turkey
وزير القائد - صالح محمد العراقي 
コンノトヒロFANBOX
Seen from United States
BrHornycouple 📌 Lisbon 🇵🇹
Seen from Turkey
mon
Seen from Thailand
ERÓTICO
FERİDE. İSTANBUL ANADOLU YAKASI
Seen from Turkey
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers