Olivia
Online
pr0rat
@pr0rat
Cyber stuff || Chess || CTF player team @fr334aksmini
Nairobi, kenya
Joined June 2020
902 Following
1K Followers
815 Posts
New banger from @thefosi: HTTP/2 framing WAF bypasses across six proxies.
Use it wisely while you can. :p
https://t.co/JGzjvCGNPw
You may know him as Churchill, but his journey had many names before the legend arrived. We are now HFCB; our new name reflects where we’ve been, who we’ve become and the great we continue to create.
#GreatHasANewName #HFCB @MwalimChurchill
Our Great Name is HFCB! Our new chapter unifies our Group & all its subsidiaries under a single, cohesive & forward looking brand; offering fully integrated financial services & property solutions. #MyGreatName #HFCB
🚨 Supply chain attack on the Laravel Lang organization:
700+ historical versions across multiple community-maintained Laravel Lang packages were compromised with an RCE backdoor, including:
laravel-lang/lang
laravel-lang/http-statuses
laravel-lang/attributes
Laravel-Lang/actions
The payload targets cloud creds, CI/CD secrets, Kubernetes tokens, Vault, browser data, password managers, SSH keys, and more.
🚨 The "𝙼𝚎𝚐𝚊𝚕𝚘𝚍𝚘𝚗" Campaign is live...
𝟻,𝟽𝟷𝟾 malicious commits to 𝟻,𝟻𝟼𝟷 GitHub repositories in a six-hour window.
Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected 𝙶𝚒𝚝𝙷𝚞𝚋 𝙰𝚌𝚝𝚒𝚘𝚗𝚜 workflows containing 𝚋𝚊𝚜𝚎𝟼𝟺-𝚎𝚗𝚌𝚘𝚍𝚎𝚍 bash payloads that exfiltrate:
- CI secrets,
- cloud credentials
- SSH keys
- OIDC tokens
- source code secrets
Check your repo / Technical details: https://t.co/tua3jYU1wa
A https://t.co/BK90gRSvj3 backdoor is mentioned in both @Microsoft's npm report and @step_security's report (Nx Console VS Code compromise)
I've uploaded it and other components to @objective_see's public Mac malware collection: https://t.co/kEVCHpLmhR (pw:infect3d)
Me trying to manually penetrate systems after 2 years of letting AI agents do all my testing…
#AI #CyberSecurity #bugbounty
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems.
https://t.co/mkWHznV6lS
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws.
https://t.co/9AYJaywG0I
Microsoft has released mitigations addressing the “YellowKey” BitLocker bypass vulnerability (CVE-2026-45585), which impacted Windows 11 version 26H1, 24H2, 25H2 for x64 Systems, Windows Server 2025, and Windows Server 2025 (Server Core installation).
https://t.co/La9PlNEnNh
Just saw a "@OepnAI " (mistyped OpenAI) share a ClickFix lure under the guise of testing an image for AI.
WPScan 4.0.0 is out - great to see continued innovation in WordPress security.
Solid tool for vulnerability scanning WordPress environments and staying ahead of threats. 🔐
#WPScan #WordPress #CyberSecurity
software engineering in 2026:
- your package manager is compromised
- your cloud provider blocks your account
- github itself is hacked
software is solved
We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.
🚨 BREAKING: Xabi Alonso has accepted to become Chelsea next manager, HERE WE GO! 🔵🔜
The agreement is set to be completed.
#CFC prepare official announcement for the upcoming days, but Xabi said YES. 💣
we're so cooked
The only thing faster than his draw is the cameraman's heart rate. He's standing way too close for comfort.
the scary part is not AI generating code
it is AI understanding decades old systems well enough to find vulnerabilities humans missed
Anthropic’s Mythos just hacked macOS helped researchers find a macOS kernel exploit
Apple is reviewing it now.
The AI found the vulnerability. Wrote the exploit. Delivered a 55-page report to Apple in Cupertino.
We are so cooked
Every 3rd website you visit runs Nginx.
18,959,833 of them can be hijacked right now.
A bug from 2008 just got a working exploit.
CVE-2026-42945 (CVSS 9.2)
No login. No access. Just one HTTP request.
→ Heap overflow → Worker process → RCE
Patch ASAP to Nginx 1.31.0 or 1.30.1
PoC is already out:
https://t.co/O4556KGjqD
Last Seen Users on Sotwe
IG:Premly lives
Seen from Netherlands
body stw mantap
Seen from Indonesia
💕ⓡⓘⓝ💕
Seen from Japan
konyadanbiri
Seen from Germany
ลับๆหาดใหญ่ Fwd
Seen from Thailand
Whaxy
Seen from Turkey
Memek lover
Seen from Indonesia
yexel
Seen from Philippines
video telegram bocor
Seen from Singapore
Jin
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers