Olivia
Online
Abdulrahman Alqabandi
@Qab
Security researcher @MicrosoftEdge
Redmond, WA
Joined August 2008
953 Following
6.2K Followers
2.5K Posts
Multiple, serious security vulnerabilities found in the Rust clone of Sudo — which shipped with Ubuntu 25.10 (the most recent release).
Not little vulnerabilities: We’re talking about the disclosure of passwords and total bypassing of authentication.
In fact, we’re getting new reports of showstopper grade issues every few days on the Rust-based clones (like sudo, du, date, and others) which were forced to ship in Ubuntu before they were fully tested.
Which is, of course, *exactly* what was predicted.
But, never fear! At least these Rust clones are memory safe!
PHEW!
Buckle up folks, evidence of the acceleration of capabilities of hackers with agents is becoming a weekly event.
I bypassed user approvals and achieved RCE in VS Code Copilot by flipping 4 bits.
Find out how: https://t.co/lKU2BisgsQ
Thanks to @msftsecresponse for rapidly triaging and patching this vulnerability.
Meta is replacing WhatsApp's full-fledged native Windows 11 app with a Chromium-based web wrapper that loads WhatsApp web in a container.
This is likely due to recent layoffs.
Meta won't directly admit that it's killing off the original WhatsApp app for Windows 11, but a new alert within the app warns everyone will be logged out starting November 5.
The warning says a few new features like Communities will be added, and an advanced Status page will be introduced.
WhatsApp Web supports Communities and an advanced Status page, while UWP/WinUI native WhatsApp for Windows 11 does not support these features.
WhatsApp for Windows 11 was one of the best native apps, and Meta had invested a lot in migrating the original web wrapper to native code.
Now, it's going back to Chromium.
Who to follow
Jun Kokatsu
@shhnjk
Hacking the Web, Browsers, and Agents. Opinions are my own.
xer0dayz
@xer0dayz
Founder of @Sn1perSecurity. Creator of Sn1per and @SILENTCHAINAI. Top 20 worldwide on @bugcrowd in 2016. OSCE/OSCP - https://t.co/iqw8gBpkKb
Gareth Heyes \u2028
@garethheyes
JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
The sandbox escape vulnerability described by Kaspersky here is quite interesting. Especially in that the technical root cause of the issue bit both Chromium and FireFox developers.
Other Windows apps along with OS components might well have similar vulnerabilities.
China’s Vulnerability Research: What’s Different Now? https://t.co/j4rZFmIqfS
LLMs are injective and invertible.
In our new paper, we show that different prompts always map to different embeddings, and this property can be used to recover input tokens from individual embeddings in latent space.
(1/6)
Your AI browser is here, whether you use a Mac or PC. Live now:
https://t.co/fN6IMtVoIj
Arguably the most brilliant engineer in FFmpeg left because of this. He reverse engineered dozens of codecs by hand as a volunteer.
Then security "researchers" and corporate employees came along repeatedly insisted "critical" security issues were fixed immediately waving their CVEs.
This was hugely demotivating to the fun and enjoyment of reverse engineering.
🎉 New Course Alert + Giveaway! 🎉
I'm excited to announce a brand-new course on Rana Khalil's Academy - OAuth 2.0 Vulnerabilities.
This course includes:
📚 A technical deep dive into OAuth 2.0 and OpenID Connect: what they are, how they work, the common pitfalls in implementation, the vulnerabilities that can arise, and best practices to keep your applications secure.
🧪 6 hands-on labs
📃 Subtitles in 6 languages for all the videos in this course
👉 Course Link: https://t.co/R3YzBnyCqQ
🎁 To celebrate the launch, I’m giving away 5 FREE 30-day All-Access Memberships to the Academy. To enter the giveaway:
1️⃣ Follow @RanaKhalilAcad.
2️⃣ Comment on and retweet this tweet.
Winners will be announced on the 13th of September. Good luck! 🧡
Securing @gumroad with Hacktron AI
Three months ago, Hacktron was still early. @HacktronAI and @rootxharsh were finding 0-days targeting specific vulnerabilities on OSS software.
Then we ran a full pentest-style scan on a big open-source project. The results were insane. 🧵
The whitepaper is live! Learn how to win the HTTP desync endgame... and why HTTP/1.1 needs to die: https://t.co/3vZ2bMx9DA
حياكم الله في فعالية اكسبو للالعاب الالكترونية في الافنيوز ..
من تاريخ 2025-8-1 لغاية 2025-8-3
شاركت بلعبة ثعلوب للاطفال . ( ستكون في الفتره الصباحيه من 10ص لغاية 12م ) يوم السبت والاحد
وايضا شاركت بلعبة المفتاح المفقود . ( في الفتره المسائية من الساعه 8م ) طوال ايام الفعاليه.
@kw_nccal @OoredooKuwait
XBOW automatically runs expert-level attacks across all webapps, giving security teams unprecedented scale.
@XBOW reported 1092 vulnerabilities on HackerOne in just a few months, including RCE, XXE, SQLi, SSRF, exposed secrets, and XSS.
Blind CSS exfiltration attacks recently got a lot easier! Full details in this thread:
واخيرا تم الانتهاء من تطوير لعبة ثعلوب للاطفال ..
كانت رحلة مليئة بالتحدي والتعليم , والان اكتملت الرحلة وهذه هي اللعبة بين ايديكم على متاجر اجهزة الجوال .
اللعبة مجانية بالكامل ولا تحتوي على اي اعلان , فهي امنة جدا للاطفال .
اتمنى دعمكم بالنشر , هذا الشي يجعلني استطيع ان استمر في التطوي�� والبرمجة .
روابط التحميل
قوقل بلاي
https://t.co/YN034hTnyC
ابل ستور
https://t.co/RT71S1ym9Y
#تطوير_الالعاب #الالعاب_العربية
@garethheyes @PortSwigger @DafyddStuttard @albinowax Congrats! You've been a constant stream of inspiration and knowledge. Thank you!
Safari Tech Preview 215: Added support for Trusted Types 🎉
https://t.co/RCd7uq9nbZ
"This blog post aims to provide a detailed blueprint for how Google has created and deployed a high-assurance web framework that almost completely eliminates exploitable web vulnerabilities."
https://t.co/7TsK8ZFRrO
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers