Olivia
Online
T
@tde_sec
CTI
Joined April 2021
349 Following
260 Followers
863 Posts
It's confirmed! Ken Gannon / 伊藤 剣 (@yogehi) of Mobile Hacking Lab, and Dimitrios Valsamaras (@Ch0pin) of Summoning Team (@SummoningTeam) used five different bugs to exploit the #Samsung Galaxy S25. They earn $50,000 and 5 Master of Pwn points. #Pwn2Own
We just posted our AttackerKB @rapid7 Analysis for the recent Cisco ASA 0day chain; CVE-2025-20362 and CVE-2025-20333. The auth bypass appears to be a patch bypass of an older 2018 vuln. The buffer overflow is in a Lua endpoint, but unsafe native code operations allow a buffer to be overflowed and memory corruption to occur. Full technical root cause analysis here: https://t.co/Zna9sEbZ8r
This is cool
A great write-up of a VMware Workstation guest-to-host escape (CVE-2023-20870/CVE-2023-34044 and CVE-2023-
20869) exploit by Alex Zaviyalov has just been published!
Who to follow
Emails claim Oracle data theft in new Clop-linked extortion campaign - @LawrenceAbrams
https://t.co/4LeISDNJ6Y
https://t.co/4LeISDNJ6Y
Lateral movement getting blocked by traditional methods?
@werdhaihai just dropped research on a new lateral movement technique using Windows Installer Custom Action Server, complete with working BOF code. https://t.co/sS6P6d6ADC
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: https://t.co/jD6EaGtsn3
🚨 #Salty2FA is a new #phishkit linked to #Storm1575.
Active since June, it bypasses 2FA to gain access beyond stolen creds. Using a unique domain pattern and multi-stage chain, it targets finance, energy, telecom and more.
Read analysis: https://t.co/Eb7do7dgVP
🚨 We identified a ViewState deserialization attack affecting Sitecore deployments. The attacker leveraged an exposed ASP[.]NET machine key to perform remote code execution.
Get the full details, indicators of compromise, and defensive recommendations: https://t.co/nkXi97LjOa
![Mandiant's tweet photo. 🚨 We identified a ViewState deserialization attack affecting Sitecore deployments. The attacker leveraged an exposed ASP[.]NET machine key to perform remote code execution.
Get the full details, indicators of compromise, and defensive recommendations: https://t.co/nkXi97LjOa https://t.co/eWU0iiev88](https://pbs.twimg.com/media/G0CeqI1W8AAUhyN.jpg)
The surge to 30,000 AiTM infrastructure detections on Wednesday this week was very much driven by pages[.]dev and workers[.]dev use. Rather than playing whack-a-mole we've been blocking those domains and so far have only blocked AiTM nothing legit!! YMMV #AiTM #Cloudflare
![AiTM_Feed's tweet photo. The surge to 30,000 AiTM infrastructure detections on Wednesday this week was very much driven by pages[.]dev and workers[.]dev use. Rather than playing whack-a-mole we've been blocking those domains and so far have only blocked AiTM nothing legit!! YMMV #AiTM #Cloudflare https://t.co/wmn1bTnpwM](https://pbs.twimg.com/media/GzhWlpoWMAAgjDS.png)
If you want to block ShadowCaptcha campaigns blocking these three domains will help:
- cloudshielders[.]com
- analytiwave[.]com
- analyticanoden[.]com
There is heavy geo/user-agent/os detection going on, so you may not see click-fix but your users might #clickFix #shadowCaptcha
WOW!!! https://t.co/ddoYGdY20C @TEMP43487580 such a good post!!! it is so well written, interesting research and great results! Thank you! 🤩
Minutes until this gets abused by threat actors: 0
Open-source Free Domain For Everyone.
🕷️🚨 Scattered Spider threat actors are using social engineering techniques like phishing, push bombing & SIM swap attacks to target #CriticalInfrastructure orgs & commercial facilities. Check out our updated joint advisory for recommended mitigations. 👉https://t.co/Orks7C7lPX
Technical deep dive into some current AiTM infrastructure using Azure Front Door and some other rather clever techniques.
https://t.co/wfIfDVDckB
#AiTM
https://t.co/lYvdkP5eCW
On July 19, Microsoft issued guidance on CVE-2025-53770, a variant of CVE-2025-49706. At the time of posting, a patch is not available. Learn more about Microsoft’s customer guidance as the situation evolves: https://t.co/D4s2XOSVS8
We're Hiring! Looking for an experienced Red Teamer.
To plan and deliver intelligence-led operations against some of the most complex enterprise environments in the UK and beyond.
Full info here ➡️https://t.co/d5C7gEs6gt
#cybercareer #redteam @JumpsecLabs
FileFix - A ClickFix Alternative
https://t.co/OMU7UADf9J
New Defender detection "Suspicious Cloudflared Tunnel" 🔎 This detection will alert on Cloudflare tunnels that don't belong to your organization by parsing the --token parameter and checking it against your Cloudflare account ID.
https://t.co/31kKd0O57x
Last Seen Users on Sotwe
[email protected]
Viral Bros 
Seen from Germany
SENCER KARA
Seen from Turkey
Mzibua Mifereji
Seen from Poland
ukhti^_^
Seen from Singapore
Mad
Seen from Indonesia
VLaunchCOM
Seen from Thailand
STEP MOM FOR FUN VIDEOS
Seen from Indonesia
العراقي ابن ديالى 🇮🇶
مودي خنثي بنوتي ديوث (خادم لكل زوجين )
Seen from Netherlands
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers