Olivia
Online
Regor Tegruob
@RegorSec
Software & Security
USA
Joined August 2018
1K Following
317 Followers
3K Posts
@CoreyWriting During the 1994 Rwandan Genocide, an estimated 800,000 to 1,000,000 people were systematically slaughtered over 100 days. Thats 10,000 per day, 70,000 per week.
@hthieblot AskJeeves
NEW: AI consultant reveals a client accidentally spent $500,000,000.00 in a single month after failing to set employee limits on Claude usage.
@vxunderground I heard theres a secret password to open?!
/s
Who to follow
xandsz
@xandsz__
Bug Hunter | Hacking | 5x CVE 🇧🇷 https://t.co/AVdQJgXDUh https://t.co/zlJ0CT8yrq https://t.co/4tROLFkg9A https://t.co/pv1n69PViu
N1T$3C🇳🇵🚩
@Nitesh_patel7
WEB Application Security Researcher | Penetration Tester| Acknowledge By Apple• Google• Techno• Ferrari• Cloudflare and more :) 🚩
Tahmid Akbar Omim🇵🇸
@akbar_omim
17 | White Hat Hacker
I broke Kindle's DRM protection tonight through a mix of static and dynamic analysis. AES key is derived from accountSecrets, kindle device ID, and voucher path. Book is decrypted in parts using OpenSSL from Ion blobs and then decompressed with LZMA.
I'm going to #DefCon
Bypasses bot detection with realistic browser fingerprints
https://t.co/Dkt17P8pF7
@lifterlms https://t.co/68zpES4GdI
Huge respect to @lifterlms
Submitted a 6.8 CVSS this morning affecting restricted components, and within ~12 hours they validated, patched, release, and credited the fix publicly!
This is what excellent coordinated disclosure looks like.
#AppSec #WordPress
兄弟们,ElevenLabs要哭了。
有个开源工具叫 OmniVoice Studio,本地跑语音克隆+视频配音,646种语言,完全离线,不要API、不要联网、不要钱。
🔗 链接: https://t.co/Bwl2QMjVBb
1️⃣ 3秒音频就能克隆任何人声音,跨语言直接复制
2️⃣ 丢个YouTube链接进去,自动转录翻译重配音,导出MP4
3️⃣ 全局快捷键��话转文字,任何App直接粘贴
4️⃣ 声轨分离+说话人识别,背景音乐自动剥离
5️⃣ 批量丢50个视频后台自动跑
Mac/Win/Linux全支持,下载即用。
还在云端按字符收费的,该醒醒了。
Claude helped me with this bug too but in a different way... Tried to gaslight me saying it wasn’t ~exploitable in practice~ and I got obsessed with proving it wrong 😩
🚨 UPDATE: 19 MILLION exposed NGINX instances hit by the 18-year-old NGINX RCE found by AI.
Top exposure by country:
- United States: 5,340,011
- China: 2,540,008
- Germany: 1,871,780
Note on ASLR as added security: not all of these instances will have ASLR disabled, but every one of them is running a version inside the vulnerable band.
The vulnerability is a heap buffer overflow. ASLR randomizes memory layout, which makes reliable RCE much harder because the attacker cannot predict where their payload or useful gadgets land. But the overflow itself still happens. The corrupted memory still causes the NGINX worker process to crash.
ASLR-enabled hosts are still trivially DoS-able. ASLR-disabled or non-PIE builds are RCE-able. Either way, patch ASAP!
@rekdt Just wait until you ask product to implement a new control/mitigation in an existing service, and see how far down the roadmap they kick it ...
The game goes both ways 🤣
Hey @YouTubeTV, I have the option to protect my computer using a VPN or canceling my YouTubeTV service since you won’t allow me to protect my computer with a VPN while watching TV.
Which do you suggest I do?
I, too, have recently received "by design" responses from large platforms.
❗️🚨 Microsoft Edge keeps every saved password in process memory as cleartext from the moment it launches. Microsoft's responsed when reported: "by design."
All of them. Including credentials for sites you won't open this session.
Researcher @L1v1ng0ffTh3L4N tested every major Chromium browser. Edge is the only one that behaves this way.
Chrome decrypts credentials on demand, and App-Bound Encryption locks the keys to an authenticated Chrome process so other processes can't reuse them.
In Chrome, plaintext surfaces only during autofill or when a password is viewed, making memory scraping far less useful.
What makes this extra weird is that Edge still demands re-authentication before revealing those passwords in its Password Manager UI, while the same browser process already holds every one of them in plaintext.
In shared environments, this turns into a credential harvest. On a terminal server, an attacker with admin rights can read the memory of every logged-on user process. In the published PoC video, a compromised admin account lifts stored credentials from two other logged-on (and even disconnected) users with Edge running.
Microsoft's official response when notified: "by design."
The finding was disclosed April 29 at BigBiteOfTech by PaloAltoNtwks Norway, alongside a small educational tool that lets anyone verify the cleartext storage for themselves.
📣📢 Calling all Android and Chrome bug hunters 🧑💻🔎!
We're updating our Android & Chrome VRP programs to ensure we can continue to reward the most challenging and impactful vulnerabilities researchers find in our products. For details, 👇
https://t.co/hyZzEIampk
Patch Tuesday can't come fast enough 😭
Well this is disconcerting... following closely as many shared hosting providers are not super quick to update: https://t.co/7yeF9d6idD
Her dad brought home a $300 box that gave him thousands of channels, every movie, every show, even pay-per-view.
Her sister said the home network had been slow ever since. So she took one home, put it on its own network behind a firewall, and watched who it was talking to.
Here's what she found.
@heynavtoor How is taking screenshots given the use case of drm? Can it read decrypted frames from hardware TEE?
Most Popular Users
Elon Musk 
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.9M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.3M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers