Marius Avram

17K posts

Marius Avram banner
Marius Avram

Marius Avram

@securityshell

Web Application Security Consultant. Two sons' proud dad! https://t.co/uEjJ0UQkhV

Online Katılım Mayıs 2009
1.3K Takip Edilen16.2K Takipçiler
Marius Avram retweetledi
Will
Will@BushidoToken·
New Blog! 🇬🇧 UK Cybercrime Journal: SMS Blaster Gang Convicted - New details emerge about the use of an SMS Blaster device to send fraudulent text messages as part of an organised criminal operation in London 🔗 blog.bushidotoken.net/2026/07/uk-cyb…
English
0
6
26
9.4K
Troll Football
Troll Football@TrollFootball·
England vs Argentina 1st half highlights
English
473
6.6K
63.7K
1.6M
Marius Avram
Marius Avram@securityshell·
One GOAT: Lionel Messi!
English
0
0
0
237
Marius Avram retweetledi
bitangel84
bitangel84@bitangel84·
This morning I was HACKED! I’m a blockchain developer with over 8 years of experience. I’m familiar with many of the techniques hackers use, but they are often one step ahead. They strike when you are most vulnerable. What happened: - A few days ago, I was contacted on LinkedIn by Kostiantyn Pustovyi. They offered me a collaboration opportunity on a Web3 game. - I immediately suspected they would send me a suspicious link, ask me to download some software, or something similar. But they didn’t. - This morning, I started the interview. The person explained the role, how I would be expected to help manage the team, and other details. - They showed me the repository I was supposed to work on. - I cloned it and ran yarn install. That’s when they got me. - An obfuscated script sent the credentials stored in process.env to their server. - They also asked me to test their online game and connect my wallet. They almost certainly intercepted my wallet password as well. I’M DESPERATE! I haven’t finished investigating yet, and I still don’t know exactly how many wallets were drained. I’ll continue posting updates as I learn more. BTSG, the bridge, and other related systems do not appear to be affected.
bitangel84 tweet media
English
121
79
331
81.3K
Marius Avram retweetledi
International Cyber Digest
International Cyber Digest@IntCyberDigest·
‼️ Nightmare-Eclipse just dropped "LegacyHive," a new Windows privilege-escalation zero-day PoC that targets the Windows User Profile Service, the component that loads a user's settings during sign-in. The PoC reportedly uses a carefully timed path-switching trick to make Windows mount another user's Registry file, potentially an administrator's, under a standard "helper" account. Nightmare-Eclipse claims it works across supported Windows desktop and server builds patched through July 2026. Nightmare-Eclipse says a private version could load arbitrary Registry hives, but that broader version has not been published. Interestingly, Nightmare-Eclipse previously told us that vulnerability names are inspired by random events in his life. "LegacyHive" appears to break from that convention. Deja vu: Microsoft patched this broad ProfSvc trust-boundary failure in 2015 as CVE-2015-0004, which also loaded another user's hive. LegacyHive appears to use a new path-swap to revive that bug class. As of writing: no CVE, no Microsoft advisory, no comment.
International Cyber Digest tweet mediaInternational Cyber Digest tweet media
English
24
176
1.5K
78.8K
Marius Avram retweetledi
Rapid7
Rapid7@rapid7·
In conducting a 0-day research project against #SharePoint, Rapid7 Labs discovered 2 new vulns that, when chained together, achieve RCE against a vulnerable server. Today, Rapid7 and Microsoft are disclosing CVE-2026-55040 – the first vuln in this chain: r-7.co/4f2HpQO
Rapid7 tweet media
English
2
72
278
38.6K
Marius Avram retweetledi
cr3ghost
cr3ghost@cr3ghost·
Lazarus used this as a zero-day. No BYOVD needed. The vulnerable driver is already on every Windows machine. CVE-2024-21338 exploits appid.sys (AppLocker's driver) to call a user-controlled function pointer in kernel mode. The exploit uses ExpProfileDelete as a valid kCFG target to decrement PreviousMode from 1 to 0. Once PreviousMode is flipped, NtWriteVirtualMemory and NtReadVirtualMemory skip all security checks. Full admin-to-kernel LPE with token manipulation. Works on Windows 10 and 11 with HVCI enabled. Full PoC included. If you just read the PreviousMode mitigation post by @yarden_shafir, this is the CVE that forced Microsoft to add it. hakaisecurity.io/cve-2024-21338… github.com/hakaioffsec/CV… Author: @HakaiOffsec #WindowsInternals #ExploitDevelopment #InfoSec
cr3ghost tweet mediacr3ghost tweet media
English
7
112
575
54.1K
Marius Avram retweetledi
International Cyber Digest
International Cyber Digest@IntCyberDigest·
❗️ An Israeli startup founder secretly uploaded a cluster of malicious typosquatted npm packages that impersonate Anthropic, Vercel, LangChain, Ollama, OpenAI and Aspect Security and profile developer machines on install. The packages skip passwords and tokens by design. Instead, the install script harvests identity: hostname, every git and SSH email on the box, teammate emails from the git reflog, AWS/GCP profile and account details, and the corporate DNS domain, all shipped to a Google Cloud Run endpoint. There were about 20k downloads before takedown.
International Cyber Digest tweet mediaInternational Cyber Digest tweet media
English
77
382
2.1K
178.8K
Marius Avram retweetledi
Kirill Firsov
Kirill Firsov@k_firsov·
I got permanently banned from @Hacker0x01. Account deleted. No explanation. Years of work gone overnight. Submission history, achievements, leaderboard ranks, every contribution I made to the security and crypto ecosystems through HackerOne. Wiped, like I was never there.
Kirill Firsov tweet media
English
69
69
709
133.5K
Marius Avram retweetledi
International Cyber Digest
International Cyber Digest@IntCyberDigest·
‼️ BREAKING: Apple's Hide My Email lets almost anyone uncover the real address behind a "hidden" alias, and Apple has left it unpatched for over a year. It was reported to Apple in June 2025 by Tyler Murphy of EasyOptOuts. He says every Hide My Email address checked in limited volunteer tests was exploitable. If you use Hide My Email to keep a real address off people-search sites or away from someone dangerous, treat that anonymity as unreliable.
International Cyber Digest tweet mediaInternational Cyber Digest tweet media
English
53
294
2.2K
264.7K
Marius Avram retweetledi
Anthropic
Anthropic@AnthropicAI·
We’ve received notice that the Department of Commerce has lifted export controls on Claude Fable 5 and Mythos 5. We'll begin restoring access tomorrow, and will share an update soon. We’re grateful to our users for their patience, and to everyone who worked with us on redeploying the models.
English
4.1K
12.9K
84.9K
14.9M
Marius Avram retweetledi
International Cyber Digest
International Cyber Digest@IntCyberDigest·
‼️ BREAKING: Anthropic has embedded hidden spyware-like code in Claude Code that covertly targets Chinese users. It then sends information regarding every user by injecting it into their prompt message. Claude Code is sending info like timezone, proxy and possible AI Lab connections into the system prompt in ways Chinese users can't notice. A coding agent with repo and command permissions should not silently hide routing metadata inside prompts. This is a serious breach of user trust.
International Cyber Digest tweet mediaInternational Cyber Digest tweet media
English
859
2.7K
17.6K
5.4M
Marius Avram retweetledi
JFrog Security
JFrog Security@JFrogSecurity·
🚨 Successful PoC for Linux Kernel CVE-2026-43503 (DirtyFrag variant) 🚨 JFrog researchers successfully developed a privilege escalation exploit for CVE-2026-43503, a newly discovered DirtyFrag variant we dubbed "DirtyClone". The vulnerability was patched and merged into mainline Linux on May 21 (v7.1-rc5, commit 9e171fc1d7d7). Make sure your systems are up to date. Read the full technical writeup: research.jfrog.com/post/dissectin…
GIF
English
7
68
217
24.6K
Marius Avram retweetledi
International Cyber Digest
International Cyber Digest@IntCyberDigest·
‼️🚨 Critical remote code execution in libssh2, the SSH client library embedded in countless tools: CVE-2026-55200, rated CVSS 9.2 by VulnCheck. Every version up to and including 1.11.1 is affected. It's an out-of-bounds heap write in ssh2_transport_read(), which fails to bound-check the SSH packet_length field. A malicious or MITM'd SSH server can send oversized packets to corrupt memory and run code on the connecting client. No known exploitation yet and it's not in CISA's KEV. Fix: move to a build that includes commit 7acf3df (PR #2052), and inventory anything that links libssh2 for SSH, SCP, or SFTP.
International Cyber Digest tweet mediaInternational Cyber Digest tweet media
English
27
310
1.6K
252K
Marius Avram retweetledi
International Cyber Digest
International Cyber Digest@IntCyberDigest·
‼️🚨 BREAKING: NSA and Cyber Command chief, Gen. Joshua Rudd, said Mythos "broke into almost all of our classified systems, not in weeks, but in hours." A week after Washington forced Anthropic to disable its most powerful models, the likely reason is sharpening. According to reports Senator Mark Warner told a hearing that the NSA and Cyber Command chief said the firm's Mythos model penetrated almost all of the agency's classified systems within hours during authorized testing. That demonstration sits behind the June 12 Commerce Department directive, which barred every foreign national, including Anthropic's own non-citizen employees, from using Fable 5 and Mythos 5, leading the company to pull both for all customers. It is the first time the US has export-controlled an AI model itself rather than the chips behind it. Anthropic disputes the rationale, calling the cited trigger a narrow jailbreak that other models like GPT-5.5 also exhibit and the recall an overreaction.
International Cyber Digest tweet mediaInternational Cyber Digest tweet media
English
133
360
2K
310.4K
Marius Avram retweetledi
International Cyber Digest
International Cyber Digest@IntCyberDigest·
‼️🚨 BREAKING: A breach at competitive-intelligence platform Klue let attackers steal OAuth tokens and pull Salesforce CRM data from multiple customers, with Huntress, Recorded Future, Tanium and Jamf disclosing impact. The new extortion group Icarus is already emailing victims demanding contact within 48 hours, and Salesforce has disabled the Klue Battlecards integration.
International Cyber Digest tweet media
English
13
58
337
51.3K