Olivia
Online
Simon Dunand
@SimonDunand
Doing stuff with networks and computer security
Joined June 2010
313 Following
105 Followers
520 Posts
LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below
Introducing: Replybound - your new way to handle email, without ever leaving Slack.
Email inside Slack, natively.
🔥 Microsoft patched a perfect 10.0 CVE in Entra ID (ex-Azure AD) that let attackers impersonate any user, even Global Admins—across every tenant worldwide.
🔑 MFA? Conditional Access? Logging? All bypassed. Total tenant takeover—SharePoint, Exchange, Azure resources.
Details here → https://t.co/HZkO0ItrxK
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: https://t.co/jD6EaGtsn3
Ich habe heute eine kleine App entwickelt mit welcher man Fragen an das Rahmenabkommen stellen kann. Diese werden anhand der Dokumente beantwortet.
Die erste Version ist online.
Recently I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here. It exploits a vulnerability in Google's infrastructure, and given their refusal to fix it, we're likely to see it a lot more. Here's the email I got:
An unknown nation state threat actor found a way to remain persistent on Palo Alto Firewalls even after upgrades from last month’s vulnerabilities. An elaborate cloaked C2 knock, SOCKS proxying, tunneling, and more.
13/ Overall, we found no evidence of formal reasoning in language models including open-source models like #Llama, #Phi, #Gemma, and #Mistral and leading closed models, including the recent #OpenAI #GPT-4o and #o1-series. Their behavior is better explained by sophisticated pattern matching—so fragile, in fact, that changing names can alter results by ~10%! We can scale data, parameters, and compute—or use better training data for Phi-4, Llama-4, GPT-5. But we believe this will result in 'better pattern-matchers,' not necessarily 'better reasoners.
Check out the full paper to find out more: https://t.co/2tv8Pp9MSz
Also stay tuned for the data release!
You hated printers? You will hate the software allowing you to print even more... https://t.co/kyJguNomc8
Microsoft has detected a 111% year-over-year increase in token replay attacks, and incidents are continuing to grow. https://t.co/g01N9TpgEz
Chinese Backdoor Alert! Security enhancements on Mifare Classic cards used in hotels/business contain a supply chain backdoor making reading & exploitation trivial. Great paper by Philippe Teuwen Quarkslab https://t.co/lTVOVoULFF Watch your Chinese supply chains carefully folks!
This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags though... like what's up with the DEI stuff, and who says "stack trace dump"? Let's take a closer look... 🧵1/n
@kuenzler Yup: https://t.co/iVzIyQijWw
🤯 The level of sophistication of the XZ attack is very impressive! I tried to make sense of the analysis in a single page (which was quite complicated)!
I hope it helps to make sense of the information out there. Please treat the information "as is" while the analysis progresses! 🧐 #infosec #xz
Time to become unsponsorable
VPNs are useless for 99.9% of people and streaming services are starting to not allow you to use them. They do not make your connection more "secure", they only mask the IP address you're connecting from.
And many of them keep logs anyway,
Stromausfall, Cisco DHCP bug, nicht dokumentiert workaround, USV verbot: alles was Internet ausmacht
@The_Commenting @kuenzler @UnrollHelper @The_Commenting Hallo, please find the unroll here: https://t.co/CGNsUQwETT Share this if you think it's interesting. 🤖
Good morning, and say "Hello!" to Raspberry Pi 5! The #Pi5 is ×2–3 faster, has PCIe support, a new RTC, and our own silicon designed in‑house here in Cambridge The everything computer. Optimised, https://t.co/tsjQaESmiH. More at https://t.co/6PKTuSiDxq. #RaspberryPi #RaspberryPi5
"Everyone in the world would get a free share…if they agreed to an iris scan with a specially designed device that resembles a decapitated robot head"
https://t.co/8ffC2HFwTF
Good in-depth article on WorldCoin, Silicon Valley's big-money stain on the Proof-of-Personhood idea.
In nearly all of our on-premises engagements, a threat actor has taken total full control of Active Directory. If you are interested in the kind of things @MicrosoftDART finds, and how we recommend you secure Active Directory, then this blog is for you - https://t.co/D7fdIbsUn0
Last Seen Users on Sotwe
Jilboob, STW, Satin & legging lovers
Seen from Singapore
Miss Queen
Seen from Pakistan
最爱熊猪的肉体
Seen from Spain
Beyaz Zenci
Seen from Kuwait
My Pregnant Diary 🍼 (142k)
Seen from Turkey
AyÇokKalın
Seen from Turkey
Dekmai
Seen from Singapore
Pembantuku = pemuasku
Seen from Indonesia
Paylaşmayı Seven Kız
Seen from Turkey
rehandut
Seen from Indonesia
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.6M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.8M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers