Olivia
Online
Loïs Samain🌐
@lsamain
#cybersecurity #CISO #ICS #geopolitics #NBA #TakeNote - Co-founder & Podcaster : @comptoirsecu - Views expressed are my own
Paris, France
Joined October 2007
1.1K Following
2.7K Followers
6.7K Posts
@TrashTalk_fr Oh ouiii
@TrashTalk_fr j’annonce : Wemby avec le maillot du PSG ce soir pour son arrivée !
☢️ Before Stuxnet, fast16 was designed to corrupt nuclear weapons simulations.
The Lua-based sabotage malware tampered with uranium-compression modeling in LS-DYNA and AUTODYN, activating during 💥 detonation runs above 30 g/cm³.
The framework may date back to 2005.
⚡ Read full story: https://t.co/gVOtmjGWDW
@TrashTalk_fr Très intéressé par le détail des votes !
Who to follow
NoLimitSecu
@nolimitsecu
Podcast francophone dédié à la cybersécurité
CERT Orange Cyberdefense
@CERTCyberdef
First Private CERT in Europe. Tweets are about vulnerability and cyber threats. Corporate account: @OrangeCyberDef / @OrangeCyberFR GPG KeyID: 0xBD54B276
OSSIR France
@OSSIRFrance
Observatoire de la Sécurité des Systèmes d'Information. site : https://t.co/ptVsUOIzep. Egalement sur @[email protected].
@TrashTalk_fr C’est le scénario qui j’imagine depuis 3 mois 😅 Le rêve !
‼️🚨 Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots.
Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's usual secrecy.
▪️ AI surfaces a massive wave of 0-day RCEs.
▪️ Submissions overwhelm ZDI past max capacity.
▪️ Slots run out. Researchers with working chains get rejected.
▪️ "Revenge disclosures" begin. ← we are here.
Confirmed casualties so far:
▪️ @xchglabs : 86 vulnerabilities prepared (PyTorch, NVIDIA, Linux KVM, Oracle, Docker, Ollama, Chroma, LiteLLM, llama.cpp). All rejected. Now reporting directly to vendors with writeups dropping as patches land.
▪️ @ggwhyp : full-chain Firefox RCE on Windows. Rejected. Publicly demoed (HTML page → cmd.exe → calc.exe). Responsibly disclosed to Mozilla.
▪️ @yunsu_dev : working RCE chain, rejected. Submitting elsewhere.
▪️ @ryotkak : tried to register for 3+ weeks. ZDI confirmed "at maximum capacity, can't add extra contest days." Considered canceling flight and hotel.
▪️ @anzuukino2802 : Claude Code RCE PoC. Rejected.
▪️ @desckimh : 0-day RCEs in Ollama and LM Studio. Rejected.
Reported impact: a community-estimated 150+ researchers tried to register. Accepted contestants are now being warned about collisions. Rejected vulnerabilities going to bug bounty programs may trigger pre-event patches that invalidate the work of those who got in.
ZDI has not publicly addressed the capacity issue. The event still runs May 14-16 in Berlin.
🔴 Rappel 👉 A partir d'aujourd'hui, vos messages privés sur Instagram ne sont plus chiffrés.
« Denver avait la possibilité de choisir son adversaire (en Playoffs), et ils nous ont choisis. Ils n’étaient pas obligés de nous choisir. Ils nous ont choisis. Nos joueurs étaient prêts à relever ce défi. »
- Chris Finch, coach des Wolves
🎙️ Victor Wembanyama sur la folle ambiance à San Antonio cette nuit :
"C'est génial de voir autant de gens porter leur t-shirt. Les supporters étaient prêts. Je n'ai jamais vu cette salle aussi enthousiaste."
Hacking the #EU #AgeVerification app in under 2 minutes.
During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory.
1. It shouldn't be encrypted at all - that's a really poor design.
2. It's not cryptographically tied to the vault which contains the identity data.
So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app.
After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid.
Other issues:
1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying.
2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step.
Seriously @vonderleyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time.
@TrashTalk_fr Je trouve qu’au moins, ça montre clairement ceux qui ne veulent pas jouer et ça leur fout une mauvaise image !
@TrashTalk_fr Sans compter la pré saison où c’était déjà 4 victoires
@TrashTalk_fr On a déjà eu une équipe qui a enchaîné les ROY ?
@TrashTalk_fr C’est la où j’attends Wemby. Prendre le problème en main et montrer que c’est le patron de cette équipe
@TrashTalk_fr D’un côté ça relance l’intérêt du match 😓
@diatsch68 @TrashTalk_fr Oui très déçu de la qualité des commentaires de Prime, encore pire sur la mi temps, analyse très bas niveau… après c’est leur première, je leur laisse le bénéfice du doute…
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers