Tuan Dinh Van 🇻🇳 @tunadv - Twitter Profile

tunadv retweeted

about 1 month ago

Another collision! Although successful on stage, @rewhiles of Viettel Cyber Security (@vcslab) targeting Anthropic Claude Code in the Coding Agent category used a bug that was previously known to the vendor. They still earn $20,000 and 2 Master of Pwn points. #Pwn2Own #P2OBerlin

thezdi's tweet photo. Another collision! Although successful on stage, @rewhiles of Viettel Cyber Security (@vcslab) targeting Anthropic Claude Code in the Coding Agent category used a bug that was previously known to the vendor. They still earn $20,000 and 2 Master of Pwn points. #Pwn2Own #P2OBerlin https://t.co/6ITkteHMKV

0

127

19

12

21K

tunadv retweeted

Zhenpeng (Leo) Lin

@Markak_

about 1 month ago

NGINX rift: We autonomously discovered this 18 yr old heap overflow (CVE-2026-42945) in @nginx impacting version 0.6.27 to 1.30.0. If you use rewrite and set directive, you maybe impacted! Please update your NGINX or change the config to mitigate it. Read more at https://t.co/KeoblrGL24

23

1K

293

632

206K

tunadv retweeted

striga

@striga_ai

2 months ago

Unauthenticated RCE in Apache Tomcat (CVE-2026-34486) The EncryptInterceptor was supposed to protect cluster communication. A fix for a padding oracle vulnerability moved one line outside a try block, and the encryption layer silently started forwarding every failed decryption straight into unfiltered Java deserialization. We found it with Striga, built the exploit, and reported it to The Apache Software Foundation. https://t.co/cygPWfXCnB

4

235

65

138

30K

tunadv retweeted

Immunefi

@immunefi

4 months ago

Security researcher ily2 has just earned a staggering $3,000,000 from submitting a critical smart contract bug via Immunefi. That's the largest single payout in web3 security in recent memory. In total, he's submitted 3 reports. All 3 were paid. 100% accuracy. His leaderboard update is coming soon, but you can pledge IMU to him now and earn when he finds the next one: https://t.co/ZEN8N5SP2c

immunefi's tweet photo. Security researcher ily2 has just earned a staggering $3,000,000 from submitting a critical smart contract bug via Immunefi.

That's the largest single payout in web3 security in recent memory.

In total, he's submitted 3 reports. All 3 were paid. 100% accuracy.

His leaderboard update is coming soon, but you can pledge IMU to him now and earn when he finds the next one:

https://t.co/ZEN8N5SP2c

192

1K

153

229

348K

Who to follow

Huong Lan

@huongntl31

Malware Analysis, Threat Hunter

Hai Tung

@tacbliw

Security Researcher at @vcslab | CTF player (pwn) of @u0Kplusplus

Cup Fox

@cupfox_

TI Analyst

tunadv retweeted

Youssef Sammouda (sam0) @samm0uda

5 months ago

$312,500 worth of stored/reflected XSS vulnerabilities in Meta’s Conversions API Gateway allowed Javascript code to run on any Facebook domain and millions of third-party websites. The flaw enabled zero-click Facebook account takeover and more: https://t.co/7gWpR4LQ8x

38

1K

224

741

209K

Tuan Dinh Van 🇻🇳 @tunadv

6 months ago

@LTiDiii Đỉnh quá a ơi. Chúc mừng a nhé🔥🔥🔥

1

0

134

Tuan Dinh Van 🇻🇳 @tunadv

8 months ago

@janlele91 Chắc chắn là 🔥🔥🔥 hơn rồi ông à 🤣

0

37

tunadv retweeted

Microsoft Security Response Center

@msftsecresponse

8 months ago

Congratulations to all the researchers recognized in this quarter’s MSRC 2025 Q3 Security Researcher Leaderboard! Thanks to all the researchers who partnered with us for your hard work and continued dedication to securing our customers. Learn more in our blog post: https://t.co/AmXl9IrbTX We also want to recognize the top 10 researchers in the leaderboard: 🥇Brad Schlintz (@nmdhkr) 🥈 Yuval Avrahami 🥉 b2ahex 4. Jianyang song 5. Felix B. 6. Haifei Li @HaifeiLi 6. tuandv of Viettel Cyber Security 8. P1hcn 9. 0x140ce @0x140ce 10. Matthew Jensen

msftsecresponse's tweet photo. Congratulations to all the researchers recognized in this quarter’s MSRC 2025 Q3 Security Researcher Leaderboard! Thanks to all the researchers who partnered with us for your hard work and continued dedication to securing our customers.

Learn more in our blog post: https://t.co/AmXl9IrbTX

We also want to recognize the top 10 researchers in the leaderboard:
🥇Brad Schlintz (@nmdhkr)
🥈 Yuval Avrahami
🥉 b2ahex
4. Jianyang song
5. Felix B.
6. Haifei Li @HaifeiLi
6. tuandv of Viettel Cyber Security
8. P1hcn
9. 0x140ce @0x140ce
10. Matthew Jensen

2

32

7

2

14K

tunadv retweeted

DARKNAVY

@DarkNavyOrg

9 months ago

We triggered WhatsApp 0-click on iOS/macOS/iPadOS. CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300. Analysis of Samsung CVE-2025-21043 is also ongoing.

37

1K

265

526

279K

tunadv retweeted

5pider

@C5pider

almost 4 years ago

90% of my Twitter DMs are asking me about how to start getting into Malware development. Well, I love answering them but it's easier to write a small thread about it so here we go. 1/12

108

3K

873

2K

0

Tuan Dinh Van 🇻🇳 @tunadv

9 months ago

@HaifeiLi @msftsecresponse Oh I’m curious. Because it seems like my gift from MSRC hasnt arrived yet

0

1

0

108

tunadv retweeted

Mandiant (part of Google Cloud) @Mandiant

10 months ago

🚨 We identified a ViewState deserialization attack affecting Sitecore deployments. The attacker leveraged an exposed ASP[.]NET machine key to perform remote code execution. Get the full details, indicators of compromise, and defensive recommendations: https://t.co/nkXi97LjOa

Mandiant's tweet photo. 🚨 We identified a ViewState deserialization attack affecting Sitecore deployments. The attacker leveraged an exposed ASP[.]NET machine key to perform remote code execution.

Get the full details, indicators of compromise, and defensive recommendations: https://t.co/nkXi97LjOa https://t.co/eWU0iiev88

0

79

26

15

11K

Tuan Dinh Van 🇻🇳 @tunadv

11 months ago

My first year at MSRC and being in the top 100 MVR is something I am very proud of😊. Thank you @msftsecresponse for your enthusiastic support🫡. Congratulations to all the researchers on the leaderboard 🎉

Microsoft Security Response Center

@msftsecresponse

11 months ago

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers by discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s 100 Most Valuable Researchers (MVRs), based on the total number of points earned for each valid report. Please join us in celebrating this year’s MVRs, including our top 10: 1. 🥇 VictorV (@vv474172261) 2. 🥈 wkai 3. 🥉 Suresh Chelladurai 4. Anonymous 5. Adnan (@adnanthekhan) 6. Dhiral Patel (@dhiralpatel94) 7. Nan Wang (@eternalsakura13) and Ziling Chen 8. Anonymous 9. @0x140ce 10. Azure Yang (@4zure9) See the full list of this year’s 100 MVRs, in addition to our Azure, Office, Windows, and Dynamics 365 leaderboards: https://t.co/8vhDhDpr3E #bugbounty

msftsecresponse's tweet photo. The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers by discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure.

Today, we are excited to recognize this year’s 100 Most Valuable Researchers (MVRs), based on the total number of points earned for each valid report. Please join us in celebrating this year’s MVRs, including our top 10:
1. 🥇 VictorV (@vv474172261)
2. 🥈 wkai
3. 🥉 Suresh Chelladurai
4. Anonymous
5. Adnan (@adnanthekhan)
6. Dhiral Patel (@dhiralpatel94)
7. Nan Wang (@eternalsakura13) and Ziling Chen
8. Anonymous
9. @0x140ce
10. Azure Yang (@4zure9)

See the full list of this year’s 100 MVRs, in addition to our Azure, Office, Windows, and Dynamics 365 leaderboards: https://t.co/8vhDhDpr3E

#bugbounty

4

47

9

4

44K

2

10

0

1

449

tunadv retweeted

Khoa Dinh @_l0gg

11 months ago

While waiting for the Pwn2Own chain, you might want to read this. Disclaimer: This is a bug I discovered by accident, and already been resolved. I’m not sure which CVE or patch this maps to. If you know any information, please feel free to leave a comment https://t.co/tIeEhUefPW

_l0gg's tweet photo. While waiting for the Pwn2Own chain, you might want to read this.
Disclaimer: This is a bug I discovered by accident, and already been resolved. I’m not sure which CVE or patch this maps to.
If you know any information, please feel free to leave a comment
https://t.co/tIeEhUefPW https://t.co/Ok0tOkmkfv

3

134

39

60

32K

Tuan Dinh Van 🇻🇳 @tunadv

12 months ago

@thaivd98 Đỉnh quá anh ơi

1

0

119

tunadv retweeted

Check Point Research

@_CPResearch_

about 1 year ago

Zero-Day used by Stealth Falcon APT group in a spear-phishing campaign: 💥 .URL file exploitation (assigned CVE-2025-33053) 🧰 Custom Mythic implants, LOLBins, and custom payloads 🌍 High-profile targets across the Middle East and Africa https://t.co/OnQmC2GBLJ

0

262

107

112

44K

Tuan Dinh Van 🇻🇳 @tunadv

about 1 year ago

@janlele91 @Bugcrowd Ss ong ơi

0

32

Tuan Dinh Van 🇻🇳 @tunadv

about 1 year ago

@thaivd98 Troll à a =))

1

0

169

Tuan Dinh Van 🇻🇳

@tunadv

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users