Olivia
Online
Peter C
@itspeterc
Security Engineer
Black Lives Matter
Washington, DC
Joined November 2011
607 Following
1.3K Followers
841 Posts
Pinned Tweet
Very excited to announce our open-sourcing of Access!
A centralized portal for Discord employees to transparently discover, request, and manage their access for all internal systems needed to do their jobs
https://t.co/RJszTPMhAe
Full Disclosure: 1-Click GitHub Token Stealing via a VSCode Bug
https://t.co/rsoFLc4mOE
Introducing HTTP/2 Bomb: a remote DoS in nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora. A single client pins 32GB of server memory in 10s. Found by Codex.
Blog post: https://t.co/WO9MeExoun
PoCs: https://t.co/NpVgEHBHPl
Attacks always get better. Here's a new nginx RCE that bypasses ASLR, tested on the latest nginx 1.30 and 1.31.
This still requires a non-default config, but unlike some previous bugs, it does not depend on any additional vulnerabilities or external helpers to get to RCE.
We reported the bug on May 15. F5 has confirmed it, and hopefully a patch will land soon.
This is getting ridiculous 😅. We have enough nginx bugs to do an entire week of MAD Bugs on it. Who could have thought nginx is starting to feel like the new Linux kernel?
This is the funniest time in computer hacking. And yet the world is completely unprepared for this new reality.
Who to follow
Marco Lancini
@lancinimarco
💼 Director of Security
📬 @CloudSecList
📚 https://t.co/TrQKzxfnYg
💬 I write about security strategy, technical leadership, and cloud security.
David Wong 
@cryptodavidw
security @zksecurityXYZ & advisor @archetypeVC, author of Real-World Cryptography, prev: architect @Mina, sec lead Libra (@Facebook), crypto @NCCGroup
Axel Souchet
@0vercl0k
¯\_(ツ)_/¯, blogging on https://t.co/36oOc8Mgha and posting codes on https://t.co/P83Oen94Rc.
1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories.
Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.
We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.
This, 1M% this:
"The principle is to make exploitation harder for an attacker even when a bug exists, so that the gap between when a vulnerability is disclosed and when it is patched matters less. That means defenses that sit in front of the application and block the bug from being reached. It means designing the application so that a flaw in one part of the code cannot give an attacker access to other parts. It means being able to roll out a fix to every place the code is running at the same moment, rather than waiting on individual teams to deploy it."
seems twitter missed the ExploitBench paper? few observations:
we finally got good data on Mythos security capabilities and it's very impressive.
Mythos got full exploit chain on 18/41 v8 n-days, while gpt 5.5 only got 1 and open source models are mostly useless.
Early this week, @brucedang and I had a meeting at Apple Park in Cupertino. While there, we also shared with Apple our latest vulnerability research report: the first public macOS kernel memory corruption exploit on M5 silicon, surviving MIE. It was laser printed, in honor of our hacker friends.
We wanted to report it in person, instead of getting buried in the submission flood that some unfortunate Pwn2Own participants just experienced. Most respected hackers avoid human interaction whenever possible, so this physical strategy may give us a slight edge in the eternal race for five minutes of fame and glory on Twitter.
This is the story of the exploit and our field trip. Full technical details will be shared after Apple fixes the vulnerabilities and attack path. Hopefully it won’t take our beloved company too long. We only budgeted one year of domain registration fees for this attack.
This is our strongest research yet, led by @justdionysus, @blacktop__ and @brucedang. It is really dope.
Full story: https://t.co/A4w6cJOAFa
NGINX rift: We autonomously discovered this 18 yr old heap overflow (CVE-2026-42945) in @nginx impacting version 0.6.27 to 1.30.0. If you use rewrite and set directive, you maybe impacted! Please update your NGINX or change the config to mitigate it. Read more at https://t.co/KeoblrGL24
Microsoft just cleaned house in Microsoft Israel. They fired the GM, as well as several other managers.
Why? The initial Guardian article explains it: Microsoft believed MS Israel employees lied to Microsoft out of loyalty to their military. Which tracks.
vim OS Command Injection
cve++
CVE-2026-44656
💥 Introducing "Dirty Frag"
A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail.
No race, no panic on failure, fully deterministic. ~9 years latent.
Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more.
Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation.
Details:
https://t.co/9nqku4svkY
Time to talk about this one.
CopyFail (CVE-2026-31431) — a 732-byte Python script that roots every Linux distro shipped since 2017. 🧵
Can we translate all C to Rust? The susceptibility of C to memory corruption has long been a cybersecurity pain point, and coding agents can free us of it. Read on for my recent experiments in this space, and apt & docker repos that you can pull rust-converted libraries from!
I've discovered CVE-2026-32173 by steering a single agent
The vuln: you could listen to anyone's AI chat stream on Azure SRE agent. Including LLM thinking, commands, tools.
The auth check was there, but at the wrong place.
Patched. Critical, Information Disclosure. $20k bounty
Google used a ZK proof to disclose a quantum breakthrough that cuts the cost of breaking cryptocurrency by 20x without handing attackers the circuit. We found anyone could forge a “proof” of an even stronger attack. 🧵
Opus 4.7 is the first model to get it correct at all, and it's reliable- 5/5 in the API with max thinking. (It's sometimes accurate but unreliable in chat; seems to sometimes sabotage itself with the 'adaptive' thinking, and get it right only if prodded to think more.)
MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
To our knowledge, this is the first remote kernel exploit both discovered and exploited by an AI.
https://t.co/0NkfywdoDt
First Google found a much better quantum algorithm that'll run on any quantum computer to break elliptic curves. They're not releasing it: they only show they have it with a ZK proof. https://t.co/6OyEDcXq0w
We found a critical vulnerability in @OpenAI Codex affecting all Codex users, allowing exfil of a victim’s GitHub tokens to our C2 server. This granted lateral movement and R/W access to a victim’s entire code base 😈
This was a crazy one by @crew7sec at @btphantomlabs
Last Seen Users on Sotwe
xavier martin
Seen from Philippines
กกน
Seen from Thailand
คู่แลกสวิงกลิ้ง-กระทุ่มแบนสมุทรสาครคู่แท้29/41
Seen from Thailand
kaya canli
Seen from Turkey
vincent zhao
Seen from United States
زوجين متحررين
Seen from France
Ilove creampie teen
Seen from United Kingdom
fon💦💦
Mr.Ex
Seen from Malaysia
SPICY Volleyball 😏
Seen from Indonesia
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers