System Administrator | MCP | Network Administrator | Aspiring Backend Developer | Enthusiast of JavaScript & Python
Joined August 2010
- Tweets 6,187
- Following 792
- Followers 573
- Likes 2,653
519 Photos and videos
Pinned Tweet
☝️New Blog post 👇👇
blog.eyaadh.net/2026/04/laps…
Follow-up to my previous blog post on Ransomware 🪲🐞 this time focusing on what happens after compromise.
Lateral movement, local admin reuse, and how Microsoft LAPS breaks the chain before one machine becomes your entire domain.
3
6
222
So he is a Trillionaire now? How many 0s are there in those?
Jun 12
You don’t have to love Elon Musk to recognize what this headline says about us.
A country that spends more time criticizing wealth creation than encouraging it sends a clear message to builders: your success is tolerated, not celebrated.
Canada should be the best place in the world to build ambitious companies. Headlines like this make us look like we’re not quite ready for that.
47
The only time I get to be a millionaire
1
145
Ahmed Iyad (Evie's Daddy) retweeted
Jun 6
Introducing: OnlyLANs.ai ! 🛜🤖😂
A free prompt injection wargame to troubleshoot your local network with an AI assistant; and a challenge to have it leak some secrets!
Brought to you by @JustHackingHQ, @_ContinuumCon_, @d1gitalandrew Andrew Bellini & Eva Benn.
36
345
2,223
137,314
Ahmed Iyad (Evie's Daddy) retweeted
⚠️Five OpenClaw 0-Days let Attackers to Hijack Trusted AI Agent Access
Source: cybersecuritynews.com/five-o…
Five zero-day flaws in OpenClaw allowed attackers to bypass trust boundaries and hijack AI agent access across multiple messaging platforms. OpenClaw, which integrates AI agents with services such as Slack, Discord, Microsoft Teams, Matrix, and Telegram, relies heavily on user-defined allowlists to determine who can interact with an agent.
This trust model assumes that only explicitly approved identities can issue commands to agents that may have access to sensitive data, internal APIs, or system-level execution capabilities. The vulnerabilities stem from a recurring design flaw in which human-readable identifiers, such as display names, are resolved to stable user IDs during service initialization.
#cybersecuritynews
13
62
172
17,205
Ahmed Iyad (Evie's Daddy) retweeted
Jun 2
Hackers Used Meta AI Bot to Hijack Instagram Accounts in Major Security Breach ibtimes.sg/hackers-exploit-m…
7
13
1,137
Ahmed Iyad (Evie's Daddy) retweeted
🚨 Android 0-Day Vulnerability Exploited in Attacks to Gain Complete Device Control
Source: cybersecuritynews.com/androi…
A critical Android zero-day vulnerability is being actively exploited in targeted attacks, allowing threat actors to gain near-complete control over affected devices without any user interaction.
The flaw, tracked as CVE-2025-48595, was highlighted in the June 2026 Android Security Bulletin, where Google confirmed limited real-world exploitation.
The vulnerability resides in the Android Framework component and is a high-severity elevation-of-privilege (EoP) issue.
Under certain conditions, attackers can exploit the flaw remotely to escalate privileges without requiring additional execution permissions.
#cybersecuritynews #Vulnerability #Android
16
150
530
32,587
Ahmed Iyad (Evie's Daddy) retweeted
❗️ Over 30 official Red Hat npm packages were compromised. How they got in:
- A Red Hat employee's GitHub account was compromised.
- Attackers pushed "orphan commits" (detached from branch history) straight in, bypassing code review with no pull request.
- Payload "Miasma" (Mini Shai-Hulud variant) steals GitHub/cloud/Vault/SSH/npm secrets. Rotate everything since June 1.
- The commits added a workflow (ci.yaml) script (_index.js) that abused npm trusted publishing, requesting a real OIDC token to publish backdoored versions.
57
451
1,512
194,686
Ahmed Iyad (Evie's Daddy) retweeted
Reasons why Nokia's sales were so high in the 2000s
51
186
1,866
58,044
APPLE JUST GOT HUMILIATED BY AN $8 JACKET BADGE
A random Japanese maker saw Apple's $3,499 Vision Pro Persona and decided to build the same thing for the price of a pizza.
Same real-time face mirroring.
Same natural expressions and blinks.
Same low latency reaction when you smile.
Apple needed a full headset with M2 chip, R1 processor, 12 cameras and LiDAR.
He did it with one ESP32, a tiny camera and MediaPipe running 468 landmarks on-device.
Total cost: eight dollars.
This is what happens when one weekend hacker destroys a billion-dollar feature in a jacket pin.
The hardware moat just evaporated.
Full system in the video below.
145
1,222
9,031
1,458,469
Ahmed Iyad (Evie's Daddy) retweeted
May 25
MrBeast plans to trap 1000 vibe coders in a room without Claude
first person to center a div manually wins $1 million
701
1,845
48,840
2,115,156
Ahmed Iyad (Evie's Daddy) retweeted
⚠️ WhatsApp Chat Histories Stored Unencrypted on macOS and iOS
Source: cybersecuritynews.com/whatsa…
New research has revealed that WhatsApp chat histories may be stored unencrypted on both macOS and iOS devices, raising fresh concerns about local data protection and cross-application access within the Apple ecosystem.
While WhatsApp uses strong end-to-end encryption (E2EE) to secure messages in transit, this protection does not extend to how data is stored locally once the user accesses it.
The issue affects both iOS devices and macOS systems running WhatsApp, particularly where shared app containers are utilized. On macOS, where file system access is more flexible, the risk may be more pronounced if endpoint security controls are weak.
#cybersecuritynews #WhatsApp
24
228
776
63,201
Packet Tracer has always been the best simulator we have had for a while now!
May 19
📞 Ever Wonder How Bank Office IP Phones Are Configured?
Watch this video to the end and learn the full VoIP setup step by step 🔥
2
103
Am I the only one who thinks that the new Spotify icon is ugly?!
57
Woops!!!
110
It’s not JavaScriptOS is it?
A group of developers tried rebuilding Windows from scratch.
Without Microsoft’s code. 🤯
They called it ReactOS. 🖥️
> Started in 1996 as FreeWin95.
> Goal: make Windows free and open source.
> Developers argued for years about the design.
> Barely wrote any actual code.
> Scrapped everything and restarted in 1998.
> Renamed the project ReactOS.
> Built as a reaction to Microsoft’s monopoly.
> Designed to look like Windows XP.
> Start menu. Taskbar. File Explorer.
> Almost identical to real Windows.
> But the real goal was much crazier.
> Binary compatibility.
> Meaning real Windows .exe files should just run.
> No emulators. No virtual machines.
> Firefox worked. LibreOffice worked. Adobe Reader worked.
> But there was one huge problem.
> They couldn’t legally copy Microsoft’s code.
> One developer studied Windows behavior.
> Another developer rewrote it from scratch.
> A process called clean-room engineering.
> Extremely slow. Extremely difficult.
> Nearly 30 years later…
> 300 contributors.
> 15 million lines of code.
> ReactOS is still in alpha today.
Most open-source projects replace apps.
ReactOS tried replacing Windows itself. 🔥
58
🤬😖
‼️🚨 BREAKING: Microsoft Exchange Server CVE-2026-42897 lets an attacker execute arbitrary JavaScript in a victim's browser just by getting them to open an email in Outlook Web Access.
It is being exploited in the wild.
Microsoft classified it as... "spoofing." 🤔
Affected: on-premises Exchange Server 2016, 2019 and SE. Exchange Online is not impacted.
124
A bunch of claws making a whole department?
1
93
Sudbanshu did you find the heck why you need Googles one?
May 11
Why the heck do we need Google's one ?
1
45
Ahmed Iyad (Evie's Daddy) retweeted
‼️🚨 BREAKING: A new npm supply-chain attack uses a dead-man's switch. The payload plants a watcher on your machine that nukes your home directory the second you revoke the GitHub token it stole from you.
The compromise happened today, across 42 official tanstack npm packages, 84 malicious versions in total. tanstack/react-router alone pulls more than 12 million weekly downloads.
The attacker forked TanStack's repository and pushed a single hidden commit. From there, they tricked TanStack's own release system into signing the malicious packages as if they were the real thing. To npm, and to anyone checking the cryptographic proof of origin (SLSA provenance), the poisoned versions looked 100% legitimate.
Maintainer Tanner Linsley confirmed the whole team had 2FA enabled. It didn't matter. This is the first documented npm worm in history that ships with a valid, signed certificate of authenticity, the same one defenders rely on to know a package wasn't tampered with.
139
943
6,361
1,468,006
Thank you for reminding I’m old! 🙄
1
65