Olivia
Online
windshock
@windshockr
🛡️ Security automation | 🔍 Vuln analysis | 🚀 Shift-left & data-driven security | 📎 CVE/CWE contributor | 🌐
Joined August 2010
268 Following
26 Followers
122 Posts
취약점 신고 시범사업... 학생 대회야??
상금 저리 주면서 취약점을 많이 찾아주길 원하는 것인가??
The winner of a national AI strategy may not be the country with the largest number of GPUs.
https://t.co/j3770cvVct
#AISecurity #AIStrategy #Cybersecurity #AISovereignty #InformationSecurity #AgenticAI #AIInfrastructure #AIControlPlane
DevSecNews 5월호 - https://t.co/O1bDXnGHDw
#DevSecNews #DevSecOps #NodeJS #Java #CyberSecurity #AppSec #OpenSourceSecurity
Building Windshock Lens: browser-side phishing triage for gray-zone AI-era pages.
Local analysis + rules, OCR, domain signals, and on-device AI for ambiguous cases.
Thanks @skocherhan @Malwarehunterr for sharing real phishing URLs.
https://t.co/qCtZSQsYfU
#Phishing #OnDeviceAI
@Jaemyung_Lee 2월달에는 노후를 포기하고 살 수 있는 단계였다면, 이제는 불가능한 단계로 온 것 같습니다. 정부도 방법이 없나봅이다. 자본주의와 부동산 집단지성은 차갑군요.
There are moments when AI feels genuinely surprising. Not when it simply finds the right answer, but when it explains a problem from one field in the language of an entirely different field.
https://t.co/8M030vkn53
#AI #LLM #CyberSecurity #ProblemFraming #CrossDomainReasoning
PoisonChain — a malicious package scanning toolkit — has been updated.
This update adds Nexus scanning support and daily updates of publicly available malicious package intelligence.
https://t.co/C7ln37pvGb
#SupplyChainSecurity #npm #DevSecOps #Nexus #IncidentResponse
ScamGuard AI is a highly private, 100% on-device phishing and scam detection Chrome Extension. It leverages Chrome's built-in Gemini Nano to analyze links, page context, and structure in real time.
https://t.co/VXcczwc8lS
#Phishing #ChromeExtension #GeminiNano #OnDeviceAI
@HacktronAI’s React2Shell / Vercel WAF bypass write-up is a great reminder that modern WAF testing needs parser differential testing.
Inspired by this research, I updated my WAF/IPS/IDS retest project.
https://t.co/vjzHoRKDEs
#WAF #ParserDifferential #React2Shell
“How dangerous could MCP vulnerabilities actually become on developers’ PCs?”
So I built a Docker-based MCP security lab and scanner: mcp-guard https://t.co/5xxbvFdywz
#MCP #AISecurity #CyberSecurity #AppSec #DevSecOps #AI #SecurityResearch
CVE 이후 대응만으로는 늦습니다. AI 시대의 취약점은 CVE 번호가 붙기 전부터 issue, patch diff, commit message, PoC, write-up, no-CVE 후보의 형태로 먼저 움직입니다. 이제 보안팀의 질문은……
https://t.co/KW7Issps3u
#CyberSecurity #SupplyChainSecurity #DevSecOps #공급망보안 #AI보안
Recurring security incidents keep making us ask: who needs to know this better? Maybe the better question is: what should stay with people, and what should be built into defaults and guardrails?
https://t.co/RY8fjWIsdW
#SecureByDefault #DevSecOps #SecurityByDesign #ShiftLeft
After reducing 228 endpoints to 5 clusters, an RCE chain emerged where missing authentication and XML deserialization intersected.
https://t.co/H29RBQaDkz
#AppSec #SAST #CyberSecurity #StaticCodeAnalysis #SecureCoding #AI #Skills
While responding to the axios malicious package incident, I found I couldn't even trust the lockfile — and had to go straight to the build logs.
Tool : https://t.co/C7ln37pvGb
Youtube : https://t.co/MNTh9AJpVa
#SupplyChainSecurity #npm #axios #BlueNoroff #ThreatIntelligence
계정 탈취가 끝나지 않는 진짜 이유, 아시나요? OSINT 자료는 넘쳐나지만, 한국을 타깃으로 한 위협 흔적들은 글로벌 위협 인텔리전스에서 거의 다뤄지지 않습니다.
https://t.co/FgGQ30KlTH
#보안 #계정탈취 #OSINT #ThreatIntelligence #CyberSecurity #Fraud #ATO #CaaS #한국형위협
Vuln finders are still needed in #CyberSecurity.
What changed is this: raw sense became guidelines, and guidelines became structure #FromSenseToStructure.
In the #AISecurity era, findings will flood in.
The real bottleneck is interpretation and action.
https://t.co/hdI5whBzD7
The CAPTCHA you spent 30 seconds solving? For a hacker, it’s a $0 automatic door.
https://t.co/LQ2Ekwsq1L
#CAPTCHA #InfoSec #Passkey #FIDO2 #Playwright #Whisper #PageAgent #SecurityResearch #CyberSecurity
axios npm supply chain attack.
If you had "axios": "^1.6.8" and ran npm install without a lockfile, you may have pulled 1.14.1.
Re-check even if you had a lockfile.
C2-linked anonymous VPS ranges (Hostwinds): https://t.co/Rk9gYks8Gr
#npm #axios #anonymous #vps
[DevSecNews March Issue] This issue covers a supply-chain attack on a security scanner, WAF–backend parsing discrepancies, and LLM agent–based CAPTCHA bypass cases.
https://t.co/b2VLFBCCBL
#DevSecNews #CyberSecurity #DevSecOps #SupplyChainSecurity #WAF #CAPTCHA #LLMSecurity
Updated the WAF·IPS·IDS Bypass Testing Codex Skill to improve Request Smuggling reproduction and interpretation.
Skill Repo
https://t.co/vjzHoRKDEs
https://t.co/ko7hSMFFh7
#RequestSmuggling #WAF #AppSec #DetectionEngineering #ParsingDiscrepancy #SecurityTesting #FunkyChunks
Last Seen Users on Sotwe
QOS PROMOTER
Seen from Turkey
ชอบสาวใหญ่++ด้านมืด
Seen from Thailand
فحل قطر1
Seen from France
กัญญลักษณ์ อุดมเดชสกุล
Seen from Singapore
Bokep hot
Seen from Singapore
Anh Đức Trần
Seen from Vietnam
Mr big fuck
Seen from Australia
ลูกอีสาน
Seen from Thailand
Trai Bắc
Seen from Vietnam
LongForeskin
Seen from United States
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers