Olivia
Online
hungtt28
@hungtt28
Independent bug hunter
Joined January 2015
830 Following
1.1K Followers
667 Posts
Pwning V8CTF with a 0day in Chrome thanks to Phi untagging.
Read here: https://t.co/dFDPRFnGLM
I’ve tried various agent pipelines, and here is one of them. It found five type-confusion bugs in V8 Wasm: three under non-default flags and two in DrumBrake/MS Edge.
The repo includes all the bugs in detail, along with a README file that explains how the pipeline works, the prompts used, and many of the genomes it generated.
Since the README is enough to let Claude vibe-code it, I won’t upload my messy and embarrassing code.
Have fun :)
https://t.co/N6zbZmzW8K
I originally prepared this bug for Pwn2Own Berlin. A few days before the contest, a CVE got assigned. So, here is my technical analysis and exploitation strategy for CVE-2026-40369: a 12-byte kernel increment, exploitable both as an LPE and SBX.
https://t.co/agxyuR2AjE
@M4x_1997 4/4:
Last but not least CVE-2026-40369 - Windows Kernel Arbitrary Increment primitive reachable from any browser sandbox renderer process
This one was rejected from Pwn2Own and closed anyway yesterday :(
My exploit is here - blogpost will be soon:
https://t.co/Qqpi7Zo4Gi
Who to follow
starlabs
@starlabs_sg
A Singapore company that discovers vulnerabilities to help customers mitigate the risks of cyber attacks. Organisers of @offbyoneconf
Thach Nguyen Hoang 🇻🇳
@hi_im_d4rkn3ss
Security Researcher @starlabs_sg. Pwn2Own Mobile 2020, 2021, 2022, 2023. Pwn2Own Vancouver 2022, 2023, 2024, 2025.
Đào Trọng Nghĩa
@nghiadt1098
Windows user.
Pwn2own Vancouver 2021/2022.
Pwner at @dfsec_com.
Tweets are my own.
https://t.co/4Y2w4FalIC
What The Claude: Browser Edition, episode 2.
This time: Bug 2024918.
A phi node, SpiderMonkey's JIT pipeline, Wasm GC scalar replacement, escape analysis, and one wrong equality check.
Let’s dive in.
https://t.co/3pf1TKRvcd
A carefully structured, tiered root cause analysis for CVE-2025-43529 (JSC UAF). Spent quite some time refining the structure to make the reasoning explicit and readable. Shoutout to @jir4vv1t for his detailed analysis and exploit. https://t.co/nGiwxIv2aM
iOS 26.1 Safari StoreBarrierInsertionPhase missing Upsilon escape to uaf proof-of-concept
https://t.co/bO7OKTt5E3
Had a lot of fun reversing Coruna over the last couple weeks and decided it would be worth to write it all up before I forget - so enjoy :)
https://t.co/DWld4SWgf6
Our newest team member @streypaws just dropped his first blog post!
He peered into CVE-2026-0899, from patch to arbitrary r/w primitives
No, it is not April Fool's joke from us
https://t.co/fuHUFhLDOx
Stop asking LLMs to “find vulns.” Start using them to understand code.
@Sw4mp_f0x walks through using Claude Code as a force multiplier in app assessments - faster analysis, fewer false positives, better outcomes.
Check it out: https://t.co/BpMnOGBMv7
Reverse engineering Claude's CVE-2026-2796 exploit
https://t.co/V8TvrOGAqn
syzkaller/syzbot now has AI agentic framework for kernel bug fix generation, bug assessment, security triage, POC generation, etc:
https://t.co/MO6sET6UkG
Includes set of tools to build kernels, navigate/edit source, test reproducers, etc.
Contributions/research are welcome.
Read the full article here:
https://t.co/WBQwkQwb7x
[452605804][reward: $20000] V8 Sandbox Bypass: Wasm streaming compilation cache confusion via "double streaming"
https://t.co/THNpxFh70C
[454485895][reward: $50000] Incorrect Optimization of ArrayConstructor by Maglev Leads to Creation of Malformed JSArray Objects
https://t.co/e8zk4O7EFX
I'm Boris and I created Claude Code. I wanted to quickly share a few tips for using Claude Code, sourced directly from the Claude Code team. The way the team uses Claude is different than how I use it. Remember: there is no one right way to use Claude Code -- everyones' setup is different. You should experiment to see what works for you!
[450328966] V8: Type Confusion in LoadSuperIC
https://t.co/9Sr0sf3Rzc
[451355210][reward: $20000] V8 Sandbox Bypass: AAW/PC control via OOB builtin in SharedFunctionInfo
https://t.co/Hqg030RT9Q
.@trailofbits released our first batch of Claude Skills. Official announcement coming later.
https://t.co/vI4amorZrc
Last Seen Users on Sotwe
Pretty N
Seen from Nigeria
Ağzıbozuk kızlar
Seen from Turkey
زوجين من دهوك
𝕊𝔼𝔻𝔻𝕀𝔼™️
Seen from Germany
Bellatrix
Seen from Italy
🔥 🫦 AŞK ve HER DALDAN 🫦🔥
Seen from Turkey
Surfer Guy
Seen from Indonesia
Yuri harvey🎀 
Seen from United States
Maggie
Seen from Japan
Kevin O'Sullivan
Seen from United Kingdom
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers