Olivia
Online
Daniel Kalinowski
@llamaonsecurity
Founder of @tlbcpl - Security researcher, spare time bounty hounter
Toruń, Polska
Joined November 2009
1.2K Following
293 Followers
598 Posts
CVE-2026-23918 - a pre-auth RCE in Apache httpd's mod_http2, found by Striga during our open-source research.
The bug triggers on a single HTTP/2 connection sending HEADERS followed by RST_STREAM with a non-zero error code. Two nghttp2 callbacks both push the same stream pointer onto the cleanup array, and the second pool_destroy hits already-freed memory.
We built a working RCE on x86_64 using mmap reuse and Apache's scoreboard memory as a stable container for fake cleanup structures.
Affects Apache httpd 2.4.66 with mod_http2 and a multi-threaded MPM.
Full technical writeup coming soon.
https://t.co/SI7p0zQToj
https://t.co/DcQSMnwhPx
Obiecywano aplikację w 100% polską, bez obcych komponentów. Rzeczywistość? Lekko zmodyfikowany Element X. To dobry komunikator, więc dlaczego @CYFRA_GOV_PL wprowadza w błąd co do kodu #mSzyfr?
Na co, swoją drogą, większość redakcji się nabrała.
Moje spojrzenie na mSzyfr dla @portalzeropl.
https://t.co/5a8ZexcMLl
Unauthenticated RCE in Apache Tomcat (CVE-2026-34486)
The EncryptInterceptor was supposed to protect cluster communication. A fix for a padding oracle vulnerability moved one line outside a try block, and the encryption layer silently started forwarding every failed decryption straight into unfiltered Java deserialization.
We found it with Striga, built the exploit, and reported it to The Apache Software Foundation.
https://t.co/cygPWfXCnB
this is so fucking wholesome
guy used AI to save his cancer-ridden dog by sequencing its DNA and creating a CUSTOM cure.
the tech behind this is fucking awesome (well done @demishassabis and the google team):
- used CHATGPT to sequence dogs DNA discovers mutations
- ran the mutations through Google’s Alphafold (AI protein sequencer) which CREATED A CUSTOM VACCINE TO TREAT THEM.
- treated dog and reduced tumour by 50% in WEEKS. dog is alive and well.
- this is the 1st time AI has been used to create a custom vaccine for a dog (and it worked)
- dude is now working on similar vaccines for humans using AI!
2026 is definitely the year we see AI change personalised medicine in a HUGE way
so sick
Who to follow
streaak
@streaak
BBAC kidnapped me | I hack things, play video games and occasionally take photographs
Zoox 
@zoox
We’re reinventing personal transportation — making the future safer, cleaner, and more enjoyable for everyone. #ThisIsZoox
Danielle Allen
@dsallentess
Democracy advocate. Harvard Prof. Nonprofit leader. Mom. Founder and publisher of The Renovator: https://t.co/jGcv9htTFW
Pwndbg 2026.02.18 is out!
We visualize branches in nearpc, sync ur decompiler (IDA/Binja/Ghidra) via decomp2dbg, annotate stack vars from dbgsyms/decomp, added new cmds for tracing kernel allocs/frees, dump task info: https://t.co/Gz2rdZlzxp
Sponsor us: https://t.co/YdAmbhJHyF
AI Made the Best Anti-AI Meme So Far
🚀 Introducing MoxPack: A template builder for Proxmox using Packer.
Generate Windows & Linux VM templates with cloud-init support and sysprep.
Ideal for lab automation and infra-as-code.
https://t.co/ewTGY6NqIU
@mvalsmith The bots in the comments…
MS updated their MS365 sign-in page in April 2025, breaking the current Evilginx phishlet.
Fawaz has done a terrific job reverse engineering the changes.
The new phishlet is being worked on in the BREAKDEV RED community.
Join here: https://t.co/60Hx7AfaB0
Doing a free webinar today at 8PM CEST (i.e. livestream with slides) about "files", as entities on the filesystem, seen through the eyes of a security researcher.
https://t.co/441BOwfkRg ← sign up here if interested
Try not to cringe level: IMPOSSIBLE
CZYTAĆ!
Do sprzedaży trafił kolejny numer Programisty.
Serdecznie polecam artykuł @KrzaQ2 - skoro mnie przekonał do programowania w C++, to znaczy, że opisywane ficzery są super ;)
Dołożyłem mała cegiełkę do naszej wspólnej z @oshogbovx serii o CVE ;) trochę o VPNach i takich tam ;)
@galnagli Heapdump is my favorite endpoint.
@cyb3rops Because if you use snapd on Ubuntu CUPS get installed and enabled by default. Yeah this was a surprise to me as well
@Sh0ckFR But can you count to 3?
The results are in!🥇
Congratulations to these 32 teams who will move on to the Group Round of the 2024 #AmbassadorWorldCup! 🙌
The next round kicks off at the end of August! Stay tuned for the latest info, and read more about the AWC here. https://t.co/ZKBzjgwKWv
@wiz_io BillingMan, prevent unwanted resource consumption with correct set of rules.
@_JohnHammond This day will be celebrated as "CrowdStroke" day, I can smell the discounts in 2025 ;)
Last Seen Users on Sotwe
Andre Afrizal
Seen from United States
Sevim Sevim
Seen from Turkey
Ozgurito
Seen from Turkey
Allow Flash
Seen from Austria
بّـــــــصـــرآويـهہ
Seen from United Kingdom
sugarbabyx23
Seen from Turkey
BeyazZenciHakan59XL
Seen from Turkey
Anal Cum Whore
Seen from United States
Pasif Antalya
Seen from Turkey
JAVNESIA STORY
Seen from Indonesia
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers