Olivia
Online
gujjuboy10x00
@vis_hacker
Vishal Panchani Security Engineer | Hall of Fame: Google, PayPal, Apple, 500+| Top 10 All-Time on HackerOne | Hack the planet
Dubai
Joined April 2017
698 Following
6.2K Followers
1.2K Posts
Pinned Tweet
Another milestone 😍, Its 2.5 years with h1 family and Finally Completed 20k reputation @Hacker0x01 .
2nd indian after @emgeekboy who just joined 20k club
Next: more focus on signal #20kclub #togetherwehitharder #bugbounty
@mattjay we do use ‘safe-chain’ to prevent installation before 48hours for any new packages.
What if every pull request got a security review as thorough as your best engineer, at any scale?
At Deriv, our Security Tech Lead, Vishal (@vis_hacker), built exactly that. Managing 700+ repositories and hundreds of pull requests every week, manual security reviews simply couldn't keep up.
Watch below to see his solution
Two CVEs just patched by @Oracle , credited to me:
CVE-2026-21996 , CVE-2026-35233
Root-privileged parser eating attacker-supplied ELF. Classic trust-boundary bugs.
Advisory: https://t.co/JU5VHDeE6c
Write-up: https://t.co/bAZHt2WSna
@zseano true!!!
Watched this and yeah…
Claude AI model casually hunting 0-days like it’s a CTF challenge.
We’re entering a different era.
https://t.co/VQIcgg5Bcj
@samm0uda Really impressive bug chaining , learned something new about how seemingly low-impact issues can be combined into full ATOs. Well deserved bounties 🔥
@Nithin0dha WhatsApp as DR is cool, but… maybe consider an actual secondary WAF/CDN next time? Trading platforms deserve more than a chat-based backup 😅
I've pushed a few updates to https://t.co/9CqANckHK0. Vercel and Netlify are no longer flagged as vuln. Offsite redirs not followed. Custom header support in case you need auth or custom UA. Redir test cases are more accurate now (both base path and redir tested).
Facts. Skills, mindset, and consistency.
You do not need Courses and Certificates to make your first 100k in InfoSec.
Do not sign any crypto transactions right now — a major NPM supply chain attack is redirecting approvals & transfers to attacker wallets.
I would strongly recommend not signing any crypto transactions right now.
There is a huge supply chain attack on popular NPM packages that may have compromised various crypto websites (frontend, not the actual contracts).
It changes the destination address of transactions and approvals to be the attacker's addresses rather than the address you're actually trying to interact with.
Is the left really just a giant kleptocracy?
The evidence increasingly suggests it is.
Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! Read it all below 🧵
my daily ritual starts with this
https://t.co/fkPINYsxzh
How can this be called a “continuing resolution” if it includes a 40% pay increase for Congress?
Mario Draghi’s critique is accurate.
A thorough review of EU regulations to eliminate unnecessary rules and streamline activity in Europe would revitalize growth and strengthen competitiveness.
Things should be default legal, rather than default illegal.
Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! https://t.co/7ygwWXY0pd
Highlights include:
⚡ Escaping from DocumentRoot to System Root
⚡ Bypassing built-in ACL/Auth with just a '?'
⚡ Turning XSS into RCE with legacy code from 1996
When researching request smuggling, I decided that TE.0 would never be exploitable because it requires the back-end server to accept a HTTP request starting with a number + newline.... and no server would be that crazy 🤦♂️
Awesome work! Never under-estimate the crazy.
Our security researcher @hash_kitten found one of the most critical exploit chains in the history of @assetnote. Affecting 40k+ instances of ServiceNow, we could execute arbitrary code, access all data without authentication. You can read our blog here: https://t.co/2yTgn1NzhY
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers