🚨 Active Exploitation of Gladinet CentreStack and Triofox Local File Inclusion Flaw (CVE-2025-11371) I've created a vulnerability detection script here: https://t.co/sOr7tZBjGP As reported by Huntress this is an unauthenticated Local File Inclusion flaw in Gladinet CentreStack

The new https://t.co/IdhsGWLVo7 search allows for regex, which means brand **new** regex GitHub Dorks are possible! Eg, find SSH and FTP passwords via connection strings with: /ssh:\/\/.*:.*@.*target\.com/ /ftp:\/\/.*:.*@.*target\.com/ #infosec #cybersecurite #bugbountytip

Now any bike can be turned into an electric bike Former BYD and Huawei engineers have created a compact electric drive that attaches to the frame and accelerates the rear wheel up to 32 km/h. https://t.co/JexcSLtgJ5

From Recon to Exploit: A Technical Playbook for Bug Bounty Hunters https://t.co/DpbHuiB8gL #bugbounty #bugbountytips #bugbountytip

I scanned a Jenkins endpoint hosted at 135.181.217.213, discovered a script console exposed on port 8080, and injected code to dump environment variables. From the logs, I exfiltrated Git credentials and triggered a private pipeline to dump artifacts from a staging server

A surprising one by @KN0X55 <<https: https://t.co/vLjSCq7it9>> Demo:

For adding your wordlist ✨ #infosec #cybersec #bugbountytips

0-click Account Takeover via Punycode https://t.co/wqU3SnnzLD #bugbounty #bugbountytips #bugbountytip

SIM card and its cyber secrets: how to analyze and attack this small network-connected computer. 🎫📶📦👨🏻‍💻📳 More details on: LinkedIn: https://t.co/uTosGUt39a Substack: https://t.co/RFFzHJaQfG

For some reason, Azure is assumed to be secure by design, which is not the case. Validating the default user permissions is important to ensure that everything that can be hardened is hardened. #Azure #RedTeam https://t.co/1q8AxyuTSY

How James Kettle's Desync Research Started

This is how DJ Shipley returns home each day to his wife and kids. It’s as regimented as his morning routine- nothing left to chance (on his side). Anyone trying to balance work and personal life should listen to this.

1️⃣ Visited https://target/asset-manifest.json 🚨 2️⃣ Found a main.js and https://t.co/1NXIk5a5qc file. 👀 3️⃣ Parsed the source map to extract API endpoints. 4️⃣ Results - Ended up with multiple IDORS 🔥 #bugbountytips #BugBounty

At this point I'm questioning if I'm breathing wrong

One Click to All Baisc Recon for Bug Bounty https://t.co/K6EXdFK0PM #bugbounty #bugbountytips #bugbountytip

Scan smarter, not harder. Here are 5 Naabu tweaks for faster, cleaner port discovery 👇 1️⃣ Tune -rate & -retries for speed vs false-positives 2️⃣ -exclude-cdn → only scan 80/443 for CDN IPs 3️⃣ Run -wn host discovery first 4️⃣ Bind -interface when routing matters 5️⃣ Use -resume

Cross Site Scripting (XSS) Akamai WAF Bypass try this payload : <!--><svg+onload=%27top[%2fal%2f%2esource%2b%2fert%2f%2esource](document.cookie)%27> #BugBounty #XSS #Akamai

This simple SSRF earned me $5K: - Target had a Posts section - It let users send requests to any host when actions were triggered - Set the post URL to the AWS metadata URL - Triggered the action → no response - Target had a Logs section - From there, I could see the response

https://t.co/mzVogcIPO1

Every day Zoom.exe is re-started from the %AppDir% through a scheduled task it seems, making this an excellent persistence mechanism for side-loading.