Behnam @bdsecure
vulnerability researcher | full-time learner ninjas.zip Vienna, Austria Joined June 2017-
Tweets885
-
Followers839
-
Following5K
-
Likes4K
🚨 Introducing "ITScape" (CVE-2026-46316) A Guest-to-Host Escape in KVM/arm64. Guest-side actions alone exploit a use-after-free to run root-privileged code in the host kernel. Unlike the commonly published QEMU escapes, the bug lives in in-kernel KVM, not QEMU. On a successful exploit, commands run with host kernel privilege rather than the privilege of a user process, threatening the guest-host isolation of multi-tenant arm64 public clouds. To the best of public knowledge, the first Guest-to-Host Escape Exploit targeting in-kernel KVM/arm64. Details: itscape.io
Offensivecon's talks are now available on our YouTube channel! 🔗 buff.ly/g63xgm5
Chrome’s JavaScript engine V8 is getting harder and harder to find bugs in.. But powerful models still find a way! Yesterday’s Chrome release fixed CVE-2026-9973; A JIT loop optimization bug we found using gpt-5.5 in Codex. It had been around for over 2 years…
‼️ After the MSRC blog post about Nightmare-Eclipse, researchers are coming forward with their own MSRC horror stories. The response from the security community isn't going Microsoft's way. As they’re not backing Microsoft. Gabriel Landau, a well-known Windows security researcher, says he reported a Device Guard bypass with a 90-day window. MSRC told him it met their bar and they'd fix it, then asked him to hold disclosure for extra months. He agreed on the condition they issue a CVE. They patched it silently, decided after the fact it "didn't meet the bar," and never issued the CVE. In his words: "MSRC strung me along for a few extra months to keep me quiet, then broke their word." Another researcher, rootsecdev, says he responsibly disclosed a legacy-auth flaw that allowed password spraying while avoiding smart lockout. Five months later, MSRC replied that it "doesn't meet the bar for servicing," silently fixed it, and closed the case. Microsoft's post was meant to defend their coordinated disclosure policy. Instead it became a thread of researchers explaining why they've stopped trusting their process.
‼️ Microsoft has responded to the recent wave of public zero-day disclosures tied to Nightmare-Eclipse. In an MSRC post titled "A shared responsibility," Microsoft addressed RedSun, UnDefend, BlueHammer, YellowKey, GreenPlasma, and MiniPlasma, saying the vulnerability details
Fuzzing has long been one of the most effective methods for finding vulnerabilities. But what happens when an LLM takes the wheel? Our latest research explores autonomous, AI-driven fuzzing and what it means for the future of security testing. 👇 cert.pl/en/posts/2026/…
The conference ticket shop for Offensivecon Tokyo is open! Not many tickets left... 🔗 buff.ly/lSsGVHU
Aaaand it's official! Orange Tsai (@orange_8361) of DEVCORE Research Team chained 3 bugs to achieve Remote Code Execution as SYSTEM on Microsoft Exchange, earning a whooping $200,000 and 20 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin
[2]After our failed competition, we headed to Apple Store and bought the mbp m5 and spent less than half an hour to set it up and found a fixed offset is changed 1 bit on it, so we just change 1 bit on our exp and it worked with a 100% success rate. Yes just 1 bit change, 1 to 2.
Unfortunately, Tao Yan & Edouard Bochin of Palo Alto Networks could not get their exploit of Apple Safari – Renderer Only working within the time allotted. #Pwn2Own #P2OBerlin
That's a wrap on Pwn2Own Berlin 2026! 🏆 $1,298,250 awarded. 47 unique 0-days. 3 days of absolute chaos. And talk about main character energy - congrats to DEVCORE for claiming Master of Pwn with 50.5 points and $505,000 - they never slowed down. See you next year! #Pwn2Own #P2OBerlin
Offensivecon is coming to Tokyo! 🔗 offensivecon.jp Ticket shop, sponsorships and CFP are already open...
Mind blown alert 🤯! Nguyen Hoang Thach (@hi_im_d4rkn3ss) of STARLabs SG (@starlabs_sg) used a Memory Corruption bug to exploit VMware ESXi with the Cross-tenant Code Execution add-on, earning a sweeeeeet $200,000 and 20 Master of Pwn points. Full win let's go! #Pwn2Own #P2OBerlin
TRIPLE YAAAAAAAAAAA! That's 3 for 3 - what a legend 👑 Sina Kheirkhah (@SinSinology) of Summoning Team was able to exploit Red Hat Enterprise Linux for Workstations! Time for the disclosure room to dish the deets. #Pwn2Own #P2OBerlin
We are hiring for vulnerability researchers! If you are at @offensive_con, let’s chat! trendmicro.wd3.myworkdayjobs.com/en-US/External…
There it is! Orange Tsai (@orange_8361) of DEVCORE Research Team was able to exploit Microsoft Exchange! If confirmed, they win a whooping $200,000 and 20 Master of Pwn points. Off to the disclosure room to explain how they did it and seal the deal. #Pwn2Own #P2OBerlin
Claude helped me with this bug too but in a different way... Tried to gaslight me saying it wasn’t ~exploitable in practice~ and I got obsessed with proving it wrong 😩
Confirmed! @chompie1337 of IBM X-Force Offensive Research (XOR) used a race condition to escalate privileges on Red Hat Enterprise Linux for Workstations, earning $20,000 and 2 Master of Pwn points. #Pwn2Own #P2OBerlin
That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉
Confirmed! Orange Tsai (@orange_8361) of DEVCORE Research Team (@d3vc0r3) chained 4 logic bugs to achieve a sandbox escape on Microsoft Edge, earning $175,000 and 17.5 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin
‼️🚨 Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots. Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's usual secrecy. ▪️ AI surfaces a massive wave of 0-day RCEs. ▪️ Submissions overwhelm ZDI past max capacity. ▪️ Slots run out. Researchers with working chains get rejected. ▪️ "Revenge disclosures" begin. ← we are here. Confirmed casualties so far: ▪️ @xchglabs : 86 vulnerabilities prepared (PyTorch, NVIDIA, Linux KVM, Oracle, Docker, Ollama, Chroma, LiteLLM, llama.cpp). All rejected. Now reporting directly to vendors with writeups dropping as patches land. ▪️ @ggwhyp : full-chain Firefox RCE on Windows. Rejected. Publicly demoed (HTML page → cmd.exe → calc.exe). Responsibly disclosed to Mozilla. ▪️ @yunsu_dev : working RCE chain, rejected. Submitting elsewhere. ▪️ @ryotkak : tried to register for 3+ weeks. ZDI confirmed "at maximum capacity, can't add extra contest days." Considered canceling flight and hotel. ▪️ @anzuukino2802 : Claude Code RCE PoC. Rejected. ▪️ @desckimh : 0-day RCEs in Ollama and LM Studio. Rejected. Reported impact: a community-estimated 150+ researchers tried to register. Accepted contestants are now being warned about collisions. Rejected vulnerabilities going to bug bounty programs may trigger pre-event patches that invalidate the work of those who got in. ZDI has not publicly addressed the capacity issue. The event still runs May 14-16 in Berlin.
The secret's out.🤫 Introducing THE ZERODAY.CLOUD COMMUNITY 👾 Inside: • 0-day vuln deep dives from @xint_official, @stdoutput, @pspaul95 & more... • Access to events & a network of world-class hackers • CTFs with prizes Join now :)
Sina @_SecurityAttack
4K Followers 538 Following BugHunting! Jump 0x90 - Graduated in software engineering & Loves Cyber security R&D
Mahdi Mirsoltani @MirsoltaniMahdi
2K Followers 2K Following 🏍️ 🎾 :) #DFIR 🕊️ #Cyber_security #Data_Analyser
amirpayamani @amirpayamani
2K Followers 2K Following Cyber security engineer🕸️Penetration tester🕷️Bug hunter
seyyid @__seyyid__
966 Followers 542 Following #تبریز Kazanan hiç olmadı hayat oyununda مثلا اکانت شخصیمه https://t.co/H11NBhIs5r https://t.co/jd0zgnyo2r
rezi0 @rezi0_
437 Followers 136 Following One foot in the flames and the other trying to walk the line🐐
Md Ismail Šojal �... @0x0SojalSec
45K Followers 5K Following Cyber_Security_Re-searcher || Ai Re-searcher || AI-Sec|| Malware Analysis II iOS || Pwn || 0SINT || Project AI-StrikeSec || 0ldAccounts Suspended @0xSojalSec ||
Mahdi Hassani @mhassani97
389 Followers 200 Following Cyber Security Researcher | Pentester | Bug Hunter Lurish Boy I Can . Because I Want .... بی کش بتروک ، ناهلمونه بو کیش و مات
Fat @fattselimi
18K Followers 11K Following Chasing Positive vibes only & Ethical Hacking for fun and profit🧑🍳 https://t.co/NBYkYFb5V0 https://t.co/GucPN5Kvjp
♪Bahar @lkmskyy
201 Followers 1K Following
iman_sp @iman330sp
1K Followers 298 Following یه گیک | یادگیرندهی تمام وقت | درحال کشف دنیا | علاقهمند به هرچیزی که به کامپیوترها ربط داره |
Tom @man_tom_am
7 Followers 376 Following
René Cannaò @rene_cannao
3K Followers 5K Following @ProxySQL author | Database systems & production realities | AI tools, workflows & leverage for tech builders | Solopreneur systems in infra
Ali Hz @AliHzSec
450 Followers 733 Following
Nawid @RedTeamElite
4 Followers 113 Following Security Adventure | C programmer Malware analysis | I LOVE 0-DAY MALWARE
dune crawl3er @crawl3er
15 Followers 426 Following researcher kernel exploitation Elite / Novel capabilities.
barrack @yibarrack
89 Followers 26 Following
Jael Koh @_jaelkoh
695 Followers 792 Following Security Research | speaker @offensivecon 2025, poc 2025
Anni @Anni89229101
1 Followers 1 Following
S0H®ab @secure_tor
222 Followers 380 Following Cyber_Security researcher https://t.co/5OU9GONcMK .... گاهی باید سکوت...
عباس ویــــ... @abbas_virus
82 Followers 316 Following Gnu linux lover , Mobile Repairer & MicroSolder.. interested in Programming & Micro Soldering !
07x_v3177.exe @VedGawde
166 Followers 3K Following Trust in His plan | God's love makes even the hardest journeys worthwhile | His love is the compass guiding your life's purpose |
BTChick @bt_1chick
360 Followers 7K Following Advancing Bitcoin Education & Adoption in Sweden | Chairman, Swedish Bitcoin Association | BTC Prague | Founder, BTCHICK
Dā®️ā @Dara0xUnlimited
189 Followers 2K Following Security and bug bounty..... FX Fast Scalper♥️ Body builder _ Security will always be a game of cat and mouse.⚔🩸 INTJ_A
janine Schmitz Katrin... @janineSchmitz05
622 Followers 7K Following
a @whois_mfz
4 Followers 263 Following
Sanaullah @Sanaullah110493
57 Followers 1K Following
Laiba @Laiba222560
56 Followers 1K Following
Dip @cyberninja0555
0 Followers 56 Following
Søren Theilgaard @theilgaard
242 Followers 1K Following Interested in @apple, #privacy, and #InfoSec. Father of 4. Helping businesses manage their Apple devices.👍 Human Rights. @[email protected].
Jess @J3ssa
3K Followers 3K Following Loves=fam🐶,community,adventuring,gaming,outdoors|Find me @TrustedSec | @BSidesLV| @PacificHackers @HackTheBayCon | Founding Member @NationalCCDC |@SATXHackers
Zoe Braiterman @zbraiterman
5K Followers 3K Following Web3 Co-Founder @web3enabler @MutualKnowledge / @owasp @infosecgirls @GlobalWIC Advisor @snyksec Ambassador
Antonio Morales @Nosoynadiemas
2K Followers 1K Following Security Researcher at @GitHub @GHSecurityLab working on OSS
amir @sepahdar1353
190 Followers 807 Following
Pasadis @emilia_melina
527 Followers 1K Following
Agnieszka @silvianbursuc
196 Followers 965 Following Every step you take today brings you closer to your dreams. Keep moving forward💪✨
Nobody @deghi_re
0 Followers 57 Following
🄲🅈🄱🄴🅁 ... @Cyber_Asia_
4K Followers 500 Following Follow us for the latest #cybersecurity news in Asia.
Hadi @RanjbarHadi
270 Followers 801 Following Senior software engineer, Application security researcher, Adventurer, Photography enthusiastic. #Excelsior #veni #vidi #vici...
Matthias Kaiser @matthias_kaiser
7K Followers 1K Following Vulnerability Researcher. 0xACED. Ex-Apple. Now @matthiaskaiser.bsky.social
Anderson Nascimento @andersonc0d3
4K Followers 6K Following Director & Security Researcher @alleleintel
ldd @ijkldd
34 Followers 878 Following
Mohammad @13mersad
18 Followers 408 Following
Disconnect3d @disconnect3d_pl
4K Followers 705 Following Security Engineer at @trailofbits. Pwndbg maintainer, justCatTheFish CTF team captain. Opinions are my own =)
Pietro Borrello @borrello_pietro
3K Followers 634 Following Security Researcher | PhD @SapienzaRoma | Pwner at @TheRomanXpl0it and @mhackeroni | https://t.co/g77o9Ojdjf | https://t.co/q5KZ4e8wkX
Donncha Ó Cearbhaill @DonnchaC
6K Followers 5K Following Head of Security Lab at @AmnestyTech - Hunting spyware and unlawful surveillance targeting civil society (He/Him) - Fedi: @[email protected]
jonpalmisc @jonpalmisc
799 Followers 317 Following iOS exploits, (de)compilers, etc. — https://t.co/Tdx9Z5i1Ks
pam @pamoutaf
317 Followers 151 Following Host of chITchat by pamoutaf, you can listen on most platforms. I also write blogposts 😊
شوق و هراسِ ... @navid280
1K Followers 1K Following تنها خدا میداند این حقیقت دارد یا نه اما به هر تقدیر این برداشت من است... فرد است که فکر میکند فرد است که استدلال میکند فرد است که عمل میکند. لیبرالیسم کلاسیک
Ben Sadeghipour @NahamSec
248K Followers 1K Following Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
Sina @_SecurityAttack
4K Followers 538 Following BugHunting! Jump 0x90 - Graduated in software engineering & Loves Cyber security R&D
Teegra 🧝♀�... @Teeegra
19K Followers 2K Following 🔞 𝕏 🤖 Infrastructure Cyber Security 💊 🎓 M.S. Cybersecurity ⁶⁶⁶𖤐 🍄 #cybersecurity
Mahdi Mirsoltani @MirsoltaniMahdi
2K Followers 2K Following 🏍️ 🎾 :) #DFIR 🕊️ #Cyber_security #Data_Analyser
Reza Sharifzade @safe_mode01
2K Followers 138 Following Security Researcher| bug hunter | redTeamer Instagram: PentesterLand
amirpayamani @amirpayamani
2K Followers 2K Following Cyber security engineer🕸️Penetration tester🕷️Bug hunter
🛡VAHID NAMENI @vahidnameni
4K Followers 172 Following 🕶39 Years Old Security Engineer/DevSecOps 🔥Expertise: Enterprise Security 🧪Hobbies: *nix/Human Behavior Analysis
علی شریفی ز�... @SharifiZarchi
183K Followers 495 Following Ali Sharifi-Zarchi. Faculty of AI, Aryamehr University of Technology, Iran. Elected Member of the International Olympiad of Informatics (IOI).
joshua steinman (🇺... @JoshuaSteinman
101K Followers 2K Following startup founder. 2x iraq vet. trump 45 nsc. citizen.
Austen Allred @Austen
470K Followers 2K Following Founder/CEO https://t.co/m6TigM5azr: Free AI training for the smartest engineers. Will tweet as I wish and suffer the consequences. Accelerando: @kellyclaudeai
Elie Bursztein @elie
61K Followers 133 Following AI Cybersecurity @Google & @DeepMind. Help advance AI cybersecurity capabilities and make AI safe & secure for all. @EtteillaOrg Art Foundation founder.
Ryan Hurst @rmhrisk
6K Followers 3K Following Dropout. Father. I build things. Security, Cryptography, Engineering, Entrepreneurship. @peculiarventure + xMSFT + xGOOG ++. also on https://t.co/FaDXJfnZBm & Bluesky
Yishan @yishan
106K Followers 530 Following I run Terraformation, and I was once the CEO of Reddit. Both are very interesting challenges. AMA in a subscriber-only newsletter! https://t.co/zA2F2S7etG
Michael Girdley @girdley
261K Followers 3K Following Starting businesses is my business. Current Passion Project: explaining why 500+ great companies failed (100 videos so far).
Rob Leathern @robleathern
24K Followers 2K Following Founder and CEO, InfoHawk. Helping businesses protect their users from scams. 🇺🇸 + 🇿🇦. Former VP of security and privacy product at Google.
Forrest Brazeal @forrestbrazeal
41K Followers 218 Following Purveyor of good tech things. prev. @google. PARADOX INC is out from Ballantine Jan 27! Preorder: https://t.co/c0zzUlbfS5
Phil Venables @philvenables
14K Followers 590 Following All about cyber, resilience, risk, AI - at scale. Partner - Ballistic Ventures / 4 x CISO / Board Director / Chief Risk Officer
Dan Lorenc @lorenc_dan
11K Followers 2K Following OSS Supply Chain Security. Founder/CEO/Primary Ariba Admin at https://t.co/sGmuUU9JbG Sigstore: https://t.co/dWKlyYu6kv
Kimi Developers @KimiDevs
59K Followers 1 Following The official Kimi account for developers building with Kimi Code and the Kimi API.
johnny @zeroxjf
4K Followers 166 Following iOS & MacOS Researcher (AI-Assisted). https://t.co/4vu4rvK5b5
YasharSaljoughi🇮�... @yasharsaljoughi
5K Followers 1K Following Blockchain Expert| whistleblower | Founder of: @Theblockunity | $BTC 🇮🇷
Aaron Grattafiori @dyn___
6K Followers 2K Following Offensive Security / AI Red Teaming @ NVIDIA. Ex-GenAI and OffSec Red Teaming Lead at Meta. Ex-Principal Consultant and Researcher @ NCC Group/iSEC Partners.
Google Gemma @googlegemma
86K Followers 0 Following The official home of Google's Gemma. Lightweight, state-of-the-art open models by Google DeepMind, built on Gemini tech. What will you build? 🚀💻
ɐpnH @0x0Huda
643 Followers 193 Following Offensive Security | Python, Rust & C++ Interested in Complex Adaptive Systems and technical research.
patterniha @patterniha
20K Followers 0 Following
Swing @bestswngs
3K Followers 462 Following Security Researcher Focus on PWN/Reverse Blog: https://t.co/yRv3acwHEJ 2025 off-by-one speaker
Bhavna Soman @bsoman3
816 Followers 228 Following
Priya Chalakkal @priyachalakkal
1K Followers 244 Following Infosec | Siemens | ShaktiCon | Blackhoodie. My opinions are my own. She/her.
Morgan @SynapticRewrite
2K Followers 4K Following Hardware, prototyping, RE, firmware, lockpicking, makering, and various other hackings. @[email protected] @SynapticRewrite.bsky.social
Thaís (@barbie@chaos... @barbieauglend
3K Followers 334 Following mountains 🏔 computers 💻 cosmology 🔭 karaoke 🎤 dancing 🙆🏽♀️ 4x4 🚙 an octonion prime 𝕆 whip of @offensive_con https://t.co/RpWHOCI92s
Aviram Jenik @aviramj
2K Followers 517 Following Active Investor and former entrepreneur. Founded and exited multiple profitable bootstraps; investor x50:Israel, Silicon Valley and Korea; Let's go, fight, win
Ransom-DB @Ransom_DB
4K Followers 101 Following 💀 Real-time ransomware intelligence. 📊 Tracking victims, groups & trends.
Jiayuan (JY) Zhang @jiayuan_jy
115K Followers 1K Following Building @MulticaAI. Ex-@devv_ai. Ex-@tiktok_us.
FuzzingLabs @FuzzingLabs
9K Followers 4K Following Research-oriented Cybersecurity startup specializing in #fuzzing, Vulnerability Research & Offensive security on Mobile, Browser, AI/LLM, Network & Blockchain.
IPA @DUpk3
10K Followers 889 Following I’m not a developer and I don’t know how to crack things — I’m just sharing. I rely heavily on translation for English.
Amelia @elihwyma
6K Followers 696 Following mastodon: @[email protected] bluesky: @anamy.gay; thoughts my own not my employers
Huy Nguyen @Little_34306
25K Followers 327 Following Employee of @Calif_io, opinions are my own. Others platform: https://t.co/qY3jaBjkDn
App Hunter @Sn0wbrave
44K Followers 1K Following Free Apps • Open Source • AI Tools 🔥 https://t.co/NIpvoaDpGY
CoolStar @CStar_OW
133K Followers 668 Following I make iOS apps & Windows kernel drivers. I make computers run software they weren't designed to. 3623 https://t.co/QQqWTKhhac main. 28. [email protected]
Noah @GinsuDev
9K Followers 456 Following iOS Developer || Swift, NodeJS, Typescript || Jailbreak tweak developer || Speaks: Mandarin & English. 自学中文的澳洲开发者。🇦🇺👨💻
ONE Jailbreak @onejailbreak_
29K Followers 286 Following The best iOS & Jailbreak News website on the Internet.
The Jailbreak Hub @thejailbreakhub
36K Followers 193 Following “The ESPN of the Jailbreak Community” Provide jailbreak news! Donations Appreciated:https://t.co/8YhMNI2Pci
TyphoonCon🌪️ @typhooncon
8K Followers 4 Following TyphoonCon is an annual all Offensive Security Conference, taking place May 24-29, 2026 in Seoul, South Korea 🌪️
Nightmare Eclipse @ChaoticEclipse0
12K Followers 576 Following
Louis hur @Louishur
2K Followers 341 Following CEO at Stealthmole | OSINT Specialist | Bug Hunter | Author & Keynote Speaker | Investor for start-up
𝕡𝕨𝕟𝕚𝕖 @0day_ninja
3K Followers 693 Following Building things, Breaking things Day-0 to Zero-Day marathon (believe it) my dm here is useless so chat me on my alt: @Aegis_122
brymko @brymko
879 Followers 345 Following Exploit Dev, Security Researcher, Hobby Quant, Solving Problems Ex ctf @FluxFingers, @allesctf, @Sauercl0ud Affiliated @the_secret_clubTrends for United States
You might like
