Olivia
Online
Janggggg
@testanull
Kẻ soi mói
Hanoi, Vietnam
Joined October 2015
143 Following
9.1K Followers
1.1K Posts
Chinese-linked actors are targeting edge devices across Southeast Asia, leveraging DoH for C2 communications and large-scale DNS hijacking via iptables.
See details:
EN: https://t.co/32wGyWROwR
CN: https://t.co/7mpQgo4I6V
There it is! Orange Tsai (@orange_8361) of DEVCORE Research Team was able to exploit Microsoft Exchange! If confirmed, they win a whooping $200,000 and 20 Master of Pwn points. Off to the disclosure room to explain how they did it and seal the deal. #Pwn2Own #P2OBerlin
The Internet is falling down, falling down, falling down
Welcome back to another disaster - this time, an Auth Bypass in cPanel/WHM, tracked as CVE-2026-41940
Enjoy with us..
https://t.co/bOzCPy8iS1
Patch your Linux boxes!
https://t.co/VWOUDbLAn2 is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms.
Found by the teams at @theori_io and @xint_official
More details below
https://t.co/9f6T96PvPX
@pyn3rd Oh gosh… icic, wtf
@pyn3rd Oh i am still able to download it rn, try this: https://t.co/DEQIKIUEDF
We promised we'd be back!
Join us on our journey, from repro'ing N-days to stumbling into 0-days in SolarWinds Web Help Desk, eventually achieving pre-auth RCE.
This research fuels the watchTowr Platform, our Preemptive Exposure Management technology.
https://t.co/TzNBT1Ghs7
Ever wondered what happens when you pickle a mailbox? 🥒📬
(No, it’s not a recipe, it’s a vulnerability.)
Our team breaks down CVE-2025-20393 in a new deep dive post covering root cause, internals & exploitation details
https://t.co/VLx4amr7J9
Written by @CurseRed & @bestswngs
Oracle E-Business Suite Authentication Bypass & RCE (CVE-2025-61882)
https://t.co/1sf9H4Rnly
https://t.co/YE6qqAwGwG
My note while trying to reproduce the famous react2shell bug,
no WAF bypass and bugbountytips inside, I promise ;)
Happy reading!
Oracle Cloud was breached in Jan 2025 through vulns in Oracle Access Manager. @SLCyberSec's Research team found a new pre-auth RCE vulnerability in Oracle Identity Manager (CVE-2025-61757). This is a critical vulnerability and is trivial to exploit. https://t.co/hXdzU4TJVP
@bienpnn Getting being sold prove it’s really critical, no trash talk, no fantastic scenario 👍
hot take:
maybe instead of reporting vuln and getting cves, security nerds should just sell exploits
that way devs won't need to bother with too much reports, only critical one that got exploited would need to be fixed. neat!
We have published our AttackerKB @rapid7 Analysis for the recent GoAnywhere MFT vuln, CVE-2025-10035. It's an access control bypass + unsafe deserialization + an as-yet unknown issue in how an attacker can know a specific private key! https://t.co/4EUWlzJxRe
NEED YOUR HELP!
My Friend/Teacher Soroush (@irsdl) Is looking for a new company to join, you know him as the .NET-God, the guy who has popped exchange, sharepoint, has maintained ysoserial_.net for years, contributed to the exploitation scene numerous times, taught all of you about what .net ghost webshells are, taught you about what viewstate exploitation is, how .net remoting exploitation issues can be solved, iis cookieless, web_config exploitation, countless of blogs, talks, techniques,...
but companies keep saying:
"we aren't hiring right now!"
if i was in position of hiring, woudln't wanna miss out on having one of THE BEST in my team
you're retweet is Extremely appreciated ❤️🔥
soroush, if you see this, don't hate me, had to do it without telling you
I had the pleasure of working with the web team at DFSEC for the last 2 years. If you feel you are wasting your time finding web 0days for marketing, I suggest you try this role as it requires you to think more outside the box to solve the hardest problems in web app security!
We've added a new demo to NewRemotingTricks that makes deploying a MarshalByRefObject (e.g., WebClient) even easier: System.Lazy<T> creates an instance of T on serialization, which is probably more likely to be allowed than a XAML gadget getting through. https://t.co/JhxnpXPDa5
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers