Olivia
Online
Ze3ter
@ze3ter_
Security Researcher | Linux kernel & browser exploitation
Rabat, Morocco
Joined September 2023
64 Following
49 Followers
30 Posts
@chompie1337 Sorry u gotta deal with that, but lk i will not be surprised he “isn’t technical” while working at MSRC lol
Over the past several days, we have been listening to the conversation around coordinated disclosure and the relationship between security researchers and vendors. We recognize that this relationship is both critical and, at times, fragile. We deeply value the security community, and will continue to take your feedback seriously.
To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research. When an individual breaks the law and engages in malicious activity causing real harm to our customers, we will work with law enforcement as appropriate.
We recognize the work that goes into researching and submitting a vulnerability. We are committed to approaching every interaction with transparency, clear communication, and professionalism. We continue to believe strongly in Coordinated Vulnerability Disclosure as the foundation for protecting customers and improving our products. Each year we process a high volume of vulnerability reports. That volume continues to grow and will continue with the rise of AI-enabled research. We acknowledge that some interactions have fallen short and are working to learn from them.
Many of us have experience on both sides of this work, as researchers reporting vulnerabilities and as responders triaging and assessing them. That perspective informs how we approach this feedback and the importance we place on getting it right, particularly as the volume and complexity of research continues to grow.
The security community plays a vital role in helping us protect customers. We are committed to maintaining a constructive and respectful relationship and growing together. We know that, given the nature of this work, there will at times be misunderstandings. We remain committed to engaging in good faith and to providing a respectful and professional experience for all researchers, regardless of past interactions.
"prompts become shells" — Microsoft's own words for their AI agent framework RCEs this month
the architecture is: accept text → reason → exec()
we gave untrusted input a language model in the middle and called it a security boundary
https://t.co/lROw9I6vyt
nobody audits Chrome's Linux UI code as hard as the renderer
CVE-2026-7992 sanitization bypass in Views (the non-Windows UI toolkit) → sandbox escape
the attack surface is there, it's just not where everyone is looking
io_wq remove_pending UAF + dmesg-side KASLR leak
Missing is_hashed check on the predecessor work plants a dangling pointer in hash_tail[0]. 8 byte write into a freed io_kiocb on the next bucket-0 enqueue.
https://t.co/g0UEhDhHne
@h4x0r_dz Not surprised any more
@roddux Hey that was me, m not trying to argue tho i noticed the behaviour reported it and tried to weaponise it wrote a blog bout my ideas, but hey kernel bugs gonna be my priority from now on and i aint even reporting em no more :)
This started as a 4-byte write.
It ended with root.
io_uring ZCRX freelist bug → full LPE
chain explained:
https://t.co/thO5eWteyC
U gave me u32 I gave u root… on any build before 21 April is vulnerable :) do u guys want a blog post ?
VPNs are getting wrecked in China because carriers are stepping up network-level blocking, breaking TLS (443) handshakes, restricting TCP traffic, and interfering with SNI/DNS some provinces are even testing broader overseas IP blocking and IPv6 still has gaps
@pink_research @poezhao0605 decision is based on the 外商投资安全审���办法any deal that form a threat to national security has to be reversed in practice its gonna be hard because earlier this year reports suggested that Manus's early investors had already taken their money out ://
The government's authority here comes from a law specifically designed to scrutinize and block foreign takeovers of technology deemed critical and the decision is enforceable because the target's technology is considered to fall under that Chinese legal jurisdiction.
Breaking: China's foreign investment security review office (NDRC) has blocked a foreign acquisition of Manus, ordering the deal to be reversed.
Found a heap use-after-free in QuickJS affecting all Atomics operations with ResizableArrayBuffer.
A JS valueOf() can trigger a resize mid-Atomics op -> backing buffer reallocates -> local pointer goes stale -> write hits freed memory
https://t.co/7y27L9Z6U3
@kuzushi Hi were here lol
@h0mbre_ Yup it got less willingness to speculate and fill the gaps, sonnet or opus4.5 would still complete the exploit path even with partial info newer model dies hesitate unless the chain is well supported
I'm thrilled to announce "Can AI Do Novel Security Research? Meet the HTTP Terminator" will premiere at @BlackHatEvents #BHUSA! Check out the abstract:
cool ig from -0.0 miscompilation ~> index corruption ~> unintended memory access
Last Seen Users on Sotwe
Aku anak desa
Seen from Indonesia
👅❄️ติดใจเมียชาวบ้าน❄️👅
Seen from Thailand
Johnny Robins
Seen from India
white
Seen from Turkey
Spadesandpineapples
Seen from Saudi Arabia
Karina (8k) 
Seen from Turkey
Hot Japanes
Seen from Indonesia
KRSWOD
Seen from Thailand
Love
Seen from Turkey
افلام ورعان عربي
Seen from Oman
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.6M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers