Olivia
Online
securityalert1st
@securityalert1s
retweeter of the internet of things. securing the internet
Joined April 2010
946 Following
182 Followers
10.4K Posts
🚨 Big red flags for gamers and downloaders this week.
🔸 Weedhack malware is hitting Minecraft players via YouTube fake mods and clients, stealing accounts and enabling remote spying.
🔸 CountLoader has infected 86,000 systems through cracked software.
🔸 Pirated streaming sites are silently installing crypto miners.
Read details: https://t.co/daSXwK6rsr
Double-check every download.
Yeah, so pretty much this guy is releasing an exploit in solidarity with Nightmare Eclipse guy. He said he notified GitHub about the exploit 60 minutes before releasing this paper.
I don't do web stuff, and I'm not a VSCode nerd, so I'm confused by the underlying technologies.
If you're a stinky GitHub and VSCode nerd maybe you'll understand.
tl;dr click github dev, github dev opens editor, in github dev editor have javascript, javascript does shortcuts automatically. github treats javascript shortcuts as real human input, or something. use javascript shortcut stuff to automatically install vscode extension. the vscode extension steals your data
tl;dr tl;dr user clicks 1 link, 1 click steals all data from your github
https://t.co/uh17usZeEH
GitHub - iss4cf0ng/OpenPetya: A Proof-of-Concept bootkit inspired by Petya ransomware, written in Assembly, C, and C++ https://t.co/3HeWSzO2LZ
🍿 New Jellyfin-For-Xbox Release 0.9.5 🎮️
With the new version 0.9.5 we fixed a number of issues related to HDR and DolbyVision content as well as a more refined design cleaning up a lot of UX that were previously problematic (CONT'D)
Introducing nginx-poolslip, a fresh RCE for the the latest nginx release 1.31.0.
nginx-rift has been patched, but our security agent Vega has found a new 0 day.
We will release the full technical writeup with ASLR bypass 30 days after the patch on https://t.co/LAhOC5UHrp.
real hax0rz don't brag =]
we p0p sh377z
LinPEAS is now capable of detecting if a machine is vulnerable to Copy Fail vuln (CVE-2026-31431).
LinPEAS is now capable of detecting if a machine is vulnerable to Copy Fail vuln (CVE-2026-31431).
Enjoy it! https://t.co/ZC82x80S1u
We released first detection rules for Copy Fail / CVE-2026-31431.
YARA rules by me:
https://t.co/PrkIOIihA6
It covers public PoC artifacts, including known payloads, exploit code fragments and URLs seen in shared material.
More generic rules for customer environments are still in testing.
Sigma rules by @_swachchhanda_:
https://t.co/UTZgDhtsqg
They cover suspicious Copy Fail-related exploitation patterns, including setuid binary execution behavior and NULL argv shell execution.
More updates soon.
@uwu_underground Love your music.
https://t.co/1Y8YOTvE2o drink all the booze hax all the things
Sometimes, the realist things hit hard
I'm the greatest hacker alive
April fools =]~
🚨 Newest TeamPCP Supply Chain Compromise Affects Rust cargo-env-parser (v1.0.19)
I have found that the Rust cargo-env-parser v1.0.19 crate has been compromised via a supply chain attack by the threat actor TeamPCP.
There is a malicious payload hidden within the pre-build scripts that downloads additional malware for Windows, macOS and Linux. If your project depends on this crate, assume your environment variables are compromised and rotate your credentials immediately!
Full technical breakdown, IOCs, and mitigation steps can be found here: https://t.co/v1TprPMMRb
i have seen so many supply chain attacks but what is next to come will be godlike when it drops
FFmpeg is moving to Rust 🦀
Our use of C and Assembly in FFmpeg has been an unacceptable violation of safety.
FFmpeg will be running 10x slower - but we're doing it for your safety.
All your videos will appear green - safety first, working software later.
Today i learned;
Reverse-engineering KleerNet is extremely challenging — and in practice, no one has publicly succeeded in fully decoding or building tools for the RF protocol.
Huge Anthropic leak just dropped: the entire Claude Code CLI source is now public.
A misconfigured .map file in their npm package exposed a direct download link to the full unobfuscated TypeScript codebase from Anthropic’s own R2 bucket.
Discovered by Chaofan Shou (@Fried_rice), the dump is massive 1,900 files, 512,000+ lines including the complete tool system, 50+ slash commands, multi-agent coordinator, React/Ink terminal UI, IDE bridge, permission engine, and several unreleased features.
Full repo is live on GitHub(@nichxbt ):
https://t.co/BLxqDmwsB0
Clean mirrors are already up for easy browsing(@baanditeagle):
https://t.co/BN007COQzi
https://t.co/DYSytIEKZ4
It’s spreading fast, the entire dev community is already tearing through it.
VMkatz extracts creds directly from .vmdk, .vmsn and .sav files without full disk exfil a ~2.5 MB static binary on ESXi, Proxmox or NAS and pull:
🔑 NTLM hashes
🎟️ Kerberos tickets
🔐 DPAPI keys
📂 NTDS.dit / LSA secretsTool
by Nikai W.
https://t.co/GFVZZiYc5E
SOMEONE DROPPED A FULLY JAILBROKEN, OPEN-SOURCE, PRE-BUILT IOS 26 VIRTUAL MACHINE
Repo: https://t.co/VnNyqxoOCY
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers