Olivia
Online
Tears
@SecuriTears
Paris, France
Joined September 2017
166 Following
314 Followers
1.6K Posts
A new variant of the recent Dirty Frag vulnerability, named Fragnesia (CVE-2026-46300), has been discovered in the Linux XFRM ESP-in-TCP subsystem. Similar to Dirty Frag, Fragnesia exploits a vulnerability in the XFRM ESP-in-TCP subsystem to achieve a memory write primitive in the kernel.
The primitive is then used to corrupt the page cache memory of the [/]usr[/]bin[/]su binary, which in turn leads to launching a shell with root privilege. Note that exploitation is not constrained to use the [/]usr[/]bin[/]su binary; it can modify any file readable by the user, including [/]etc[/]passwd.
A patch is available, and while no in-the-wild exploitation has been observed at this time, we urge users and organizations to apply the patch as soon as possible by running update tools. If patching is not possible at this point, consider applying the same mitigations for Dirty Frag, such as:
- Assess whether esp4, esp6, and related xfrm/IPsec functionality can be temporarily disabled safely
- Restrict unnecessary local shell access
- Harden containerized workloads
- Increase monitoring for abnormal privilege escalation activity
Microsoft Defender detects and blocks known Fragnesia proof-of-concept (PoC) exploit codes using existing detections for Dirty Frag, such as Trojan:Linux/DirtyFrag.DA!MTB or Trojan:Linux/DirtyFrag.Z!MTB. Microsoft continues to investigate the issue, and we'll share updates as more information becomes available.
That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉
@YunyueHu @IbaiLlanos @Kammeto A fan account of french streamer @TraYt0N (fan of G2) published a clip of Trayton which made fun of the very low number of fans at the stadium. Ibai insulted KC out of nowhere in return https://t.co/SszmTdYpey
@TraytonTV teniendo en cuenta el nivel de mierda que tiene KC me parece demasiada gente 😂😂😂😂
@pbeyssac Si l'info est avérée, en plus de l'IDOR sur l'ANTS, cela prouverait qu'aucun pentest n'est effectué sur ces applications pourtant très critiques et exposées
Who to follow
illegalFawn
@illegalFawn
phishing, scam, fraud, identity theft: helping fraudsters in searching for honest professional opportunities
JPCERT/CC
@jpcert_en
Official English account for JPCERT/CC on security alerts, blog posts, publications, etc. For Inquiries, email [email protected].
Fred HK
@fr3dhk
/* Security & Malware Research | Poking holes in everything & writing about it | Read here: https://t.co/pw6Fny0k27 */
We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems, impacting a limited subset of customers. Please see our security bulletin:
https://t.co/0S939n3qHC
The Huntress SOC is observing the use of Nightmare-Eclipse's BlueHammer, RedSun, and UnDefend exploitation techniques.
Investigation by: @wbmmfq, @Curity4201, + @_JohnHammond 🧵👇
⚡ Meet Qwen3.6-35B-A3B:Now Open-Source!🚀🚀
A sparse MoE model, 35B total params, 3B active. Apache 2.0 license.
🔥 Agentic coding on par with models 10x its active size
📷 Strong multimodal perception and reasoning ability
🧠 Multimodal thinking + non-thinking modes
Efficient. Powerful. Versatile. Try it now👇
Blog:https://t.co/EXx5y466su
Qwen Studio:https://t.co/bg4tAU1p74
HuggingFace:https://t.co/w4pDX14DZS
ModelScope:https://t.co/SuRyLzdQiO
API(‘Qwen3.6-Flash’ on Model Studio):Coming soon~ Stay tuned
** ZERO-DAY ALERT **
EXPMON detected sophisticated zero-day fingerprinting attack targeting Adobe Reader users
https://t.co/y4S09qBw5D
#expmon #zeroday #0day #threatintel #pdf #adobereader #acrobat #cybersecurity
@vxunderground A blogspot with nothing but complaints + random drop on github.. We all know who it is
Introducing Project Glasswing: an urgent initiative to help secure the world’s most critical software.
It’s powered by our newest frontier model, Claude Mythos Preview, which can find software vulnerabilities better than all but the most skilled humans.
https://t.co/NQ7IfEtYk7
🚨 New Investigation: Attackers are hunting the maintainers behind Lodash, Fastify, buffer, Pino, mocha, Express, and #Nodejs core, because compromising one of them means write access to packages downloaded billions of times a week.
https://t.co/Z91wLu7GRC
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages.
The latest [email protected] now pulls in [email protected], a package that did not exist before today. This is a live compromise.
This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now.
Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that:
• Deobfuscates embedded payloads and operational strings at runtime
• Dynamically loads fs, os, and execSync to evade static analysis
• Executes decoded shell commands
• Stages and copies payload files into OS temp and Windows ProgramData directories
• Deletes and renames artifacts post-execution to destroy forensic evidence
If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
@thismacapital Un fork d'openclaw (shadanai/openclaw en version 2026.3.31-1) est concerné. Le dépôt principal d'openclaw semble safe
@P4mui 38 vulns corrigées dans iOS 26.4...
@Ced_haurus Assez rare pour le souligner, mais DarkSword ne semble pas utiliser de persistance (écrit entièrement en JavaScript).
DarkSword fait suite à Coruna, ce qui est assez inquiétant. Il s'agit de la deuxième campagne depuis le début du mois
@powl_d Juuure ! Enfin une version avec une nouvelle puce
@seblatombe @ARTEfr Il y a aussi la vidéo de Micode qui détaille le rôle de chaque individu appartenant à ces réseaux : https://t.co/aGsFWiXieh
@P4mui A ce prix-là, je préfère prendre le Air m2 avec les 16go de RAM qui est au même prix que la version touchid
@AREtoiles Skew est trop fort. Tellement close
Last Seen Users on Sotwe
.....
Seen from Thailand
สาวอวบชอบเย็ด
Seen from Thailand
只发精品 
Seen from United States
DESI PAPI 🍆🇵🇰🇮🇳
Seen from Malaysia
Sharb Alqaaaz
Seen from Kuwait
Evli Çılgın Çift
Seen from Turkey
Veerasurang
Seen from Thailand
clawdrax🐰
Seen from United Kingdom
Reshma
Seen from Pakistan
Tolga 123
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers