Olivia
Online
Marek Sušický
@msusicky
Cybersecurity, SWENG, opendata. Vše jsou striktně osobní názory.
Praha, Česká republika
Joined March 2010
190 Following
332 Followers
1.9K Posts
Unpatched NTLM Leakage in Windows search: URI Handler, Same Bug, No CVE, No Fix https://t.co/16QmKjbFHH
🚨 @Horizon3Attack has discovered a hardcoded credentials vulnerability in Apache Solr that can provide full administrative access to SolrCloud clusters.
Rapid Response test now available.
@Don_Vito007 @SpravedlnostCZ Nikde jsem se nedočetl, jestli mu byl tedy ze zdravotních důvodů zrušen ŘP. Pokud se nemůže účastnit soudu, tak by neměl být způsobilý ani řídit.
Who to follow
Pavel Kasík 
@kasikp
enthusiast, data analyst, AI explorer, life geek
science journalist at @SeznamZpravy, tweets are my own
Tweety nevyjadřují názor redakce
🔑[email protected]
Jan Kulveit
@jankulveit
Researching x-risks, AI alignment, complex systems, rational decision making at @acsresearchorg / @CTS_uk_av; prev @FHIoxford
NAKIT
@NAKIT_sp
Oficiální účet Národní agentury pro komunikační a informační technologie, s. p. (NAKIT)
Toto zkazí den provozovatelům infostealerů...
Google Chrome is rolling out device-bound session credentials to all users. Session cookies get cryptographically tied to your device, so stolen cookies can't be replayed from a different machine. Attackers who exfiltrate your cookie database get nothing usable.
Oh, great
https://t.co/Z3eldzjcg6
🚨DDoS Alert: 🇨🇿
DieNet claims to have targeted the website of Public administration portal in Czech Republic (https://t.co/NdVG22qdC0).
1 poisoned VSCode extension, 1 developer laptop; goodbye 3,800 private Github repositories. This Mini Shai Hulud wave is really something...
https://t.co/A4k9QmUo1v
h/t @AikidoSecurity team for being all over this as ever.
Autonomní nástroje se posouvají dál a dál. Některé jsou připravené běžet každý den, ověřeno statisíci provedených testů.
Můžete použít opensource, ale rizika pak nesete sami.
This attack path started in Linux…
…and ended with access to sensitive Windows data.
All because of one issue: SSH default credentials.
This attack path started in Linux…
…and ended with access to sensitive Windows data.
All because of one issue: SSH default credentials.
Public PoC for NGINX CVE-2026-42945. An 18-year-old RCE flaw in the rewrite module enables server takeover. Update to NGINX 1.31.0 or 1.30.1 immediately.
#NGINX #CyberSecurity #InfoSec #RCE #Vulnerability #CVE #WebServer #PoC #GitHub #SysAdmin #TechNews
https://t.co/huz0K21JaR
NGINX rift: We autonomously discovered this 18 yr old heap overflow (CVE-2026-42945) in @nginx impacting version 0.6.27 to 1.30.0. If you use rewrite and set directive, you maybe impacted! Please update your NGINX or change the config to mitigate it. Read more at https://t.co/KeoblrGL24
I just reverse engineered the YellowKey BitLocker bypass
Microsoft shipped code that checks for a flag called "FailRelock" in every Windows 11 recovery image. When it's set to 1, after recovery unlocks your BitLocker drive, it never relocks it. All you need is a USB stick.
This code only exists in the recovery environment. Not in normal Windows. They left an entire debug testing framework in production.
the official OpenSearch client for Node.js has also been compromised
🚨 UPDATE: Mini Shai-Hulud has crossed from @npmjs into @pypi and is still spreading.
Newly confirmed compromised artifacts:
@opensearch-project/opensearch: 3.5.3, 3.6.2, 3.7.0, 3.8.0 (1.3M weekly downloads)
mistralai: 2.4.6 on PyPI
guardrails-ai: 0.10.1 on PyPI
additional @squawk/* packages on npm
guardrails-ai 0.10.1 executes malicious code on import. On Linux, it downloads git-tanstack[.]com/transformers.pyz, writes it to /tmp/transformers.pyz, and runs it with python3 without integrity verification.
The git-tanstack.com domain displayed a message signed “With Love TeamPCP,” along with: “We've been online over 2 hours now stealing creds
Regardless I just came to say hello :^)”
The page also linked to a YouTube video and you can probably guess which one.
![SocketSecurity's tweet photo. 🚨 UPDATE: Mini Shai-Hulud has crossed from @npmjs into @pypi and is still spreading.
Newly confirmed compromised artifacts:
@opensearch-project/opensearch: 3.5.3, 3.6.2, 3.7.0, 3.8.0 (1.3M weekly downloads)
mistralai: 2.4.6 on PyPI
guardrails-ai: 0.10.1 on PyPI
additional @squawk/* packages on npm
guardrails-ai 0.10.1 executes malicious code on import. On Linux, it downloads git-tanstack[.]com/transformers.pyz, writes it to /tmp/transformers.pyz, and runs it with python3 without integrity verification.
The git-tanstack.com domain displayed a message signed “With Love TeamPCP,” along with: “We've been online over 2 hours now stealing creds
Regardless I just came to say hello :^)”
The page also linked to a YouTube video and you can probably guess which one.](https://pbs.twimg.com/media/HIFxSRYXgAA6u3V.jpg)
❗️ Linux is having a brutal week. Another local to root privilege escalation vulnerability just dropped: "Copy Fail 2: Electric Boogaloo."
This is the third Linux LPE in a row, after Copy Fail and Dirty Frag. The PoC is public on GitHub. There is still no coordinated patch.
https://t.co/6XifksYgZ6
Univerzální resetovač hesla na linuxu :)
Uživatele platforem HTB, THM, ale i ti, co dělají třeba OSCP mají výhodu;)
Patch your Linux boxes!
https://t.co/VWOUDbLAn2 is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms.
Found by the teams at @theori_io and @xint_official
More details below
https://t.co/9f6T96PvPX
OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years https://t.co/PtMUAsSbsF
Last Seen Users on Sotwe
sexy_kunal🔥
Seen from India
Gigi T
Seen from Chile
Aingeru
Seen from France
รวมคลิปหลุดสาวใหญ่เเละทางบ้าน
Seen from Thailand
MissZetaMoon’s Dog 🐶
أم أحمد 2
Seen from Turkey
maunya aplikasi
Seen from Malaysia
Detroit’s own Big John Boatright! What up Doe? ⛎♐
Seen from United States
Jack EmHoff
Seen from Netherlands
seven_ nguyen56
Seen from Vietnam
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers