[Blog Post] Flickr: Zero User-Interaction Account Takeover 👉 https://t.co/sv9GGuCgfm 👉 https://t.co/fxj3griIHB #appsec #sso #aws #cognito #flickr #bugbounty

Just figured out @CaidoIO is eating up almost 400G of my storage 😅 Any tips how to deal with it? For Burp, I zip project files and move them to an external drive from time to time... I know that there is a manual backup feature in Caido, but I feel there has to be a nicer way.

Hello! Just published a new research with ( @sml555_ , @codecancare) 🍻 Who Needs A Blind XSS? https://t.co/bUpFj1p0Mh #CyberSecurity #BugBounty

Made a small and fun research about a technique to leak iframe contents, check this out:

ShareHound (@podalirius_), Conquest C2 (@virtualloc), Docker Compose path traversal (@RonMasas), dead domain discovery (@_lauritz_), Narrator persistence/lat movement (@Oddvarmoe ), and more!

Recap of our @Hacker0x01 Hacking Meetup in September 👀 Leaderboard (still in progress): https://t.co/3PMHJraAZn 👉 https://t.co/oBFxHyNb3r #BugBounty #Meetup #HackerOne

4th place in the German Club LHE 😁 (Even tho not all bugs have been rewarded yet) I had 0 expectations joining the event, just exited to hack with some insanely talented folks, and learn as much as i can. And then out of nowhere i started finding some pretty nice bugs.

If you are using Nextcloud Mail... you may want to make sure to update to the most recent version of the extension. https://t.co/CXN5BIpgVt Just stumbled over a trivial XSS issue by accident, just to find out, it was apparently addressed yesterday: https://t.co/DwWTjIXezf

Secured my First Hacker Award at the 3rd H1 Club Event Germany, as Most Helpful Hacker🫡It's been a pleasure as always, huge thanks to @_lauritz_ and @Hacker0x01 for the Event!! Leaderboard results coming soon

@nullcon Berlin was a blast 💥 Thanks for the amazing time, great talks, impactful collaboration with @Krevetk0Valeriy in @yeswehack's Mini-LHE and all the networking! See you all again next year at NullCon Berlin 2026.🤞 Thanks @antriksh_s for organizing this awesome event. ❤️

Unser @Hacker0x01 Bug Bounty Meetup geht in die nächste Runde 🤩 👥 30 Plätze 📆🌐 10. - 20.09.25 (Remote-Hacking) 📆🧑‍💻 20.09.25 (In-Person in Essen) ⏰ 12 - 18 Uhr 📍 Rivvers Essen-Lindenallee https://t.co/lM5bi4iNkq 🚝🚶 10min Fußweg vom HbF Essen 👉 https://t.co/oBFxHyMDdT

I just got the confirmation that I was selected for this year's @nullcon Berlin Bug Bounty Scholarship 🎉 This will actually be my fourth @nullcon, I am looking forward to meeting friends and doing some bug bounty hunting in September. See you there! :) https://t.co/kPeqTkZ7d8

I reported a single, highly critical vulnerability that earned the top payout of the event. 💥🐞 Big thanks to @EXNESS for putting together such a great virtual meetup, and a special shoutout to @_lauritz_! Everything was incredibly well organized! 🙌

Leaderboard:

Thank you very much to everyone who made the event possible! ❤️ Congrats to @marcolivermunz for securing the well-deserved 1st place. 🥇 Join your local https://t.co/Nt9FqpF0f4 chapter to not miss opportunities like this! https://t.co/FxvlJyFkdb #BugBounty #Meetup #HackerOne

Hacking Meetup vol. 3 of the German @Hacker0x01 Club - supported by @EXNESS - was a blast! 💥 We x6 the overall bounties of our previous meetup and scored over 94,000$ overall bounties. 🤯 Additionally, H1 swag is on the way to all attendees and will hopefully arrive soon .🤞

I just found the coolest csp bypass ever! did you know that a valid pdf can ALSO be valid javascript? (details below)

I am getting a lot of spam recently via DM, even though I have the filter for low-quality messages enabled. Sad, but I feel like I have to restrict message requests for now, even though I think open DMs are generally a good thing. If you want to contact me, use Discord or email

It was an honor to participate with a German team for the first time - thanks a lot @Arl_rose and everyone who made the event possible. :) Looking forward to the next AWC 🙌 Make sure to join your regional H1 chapter at https://t.co/FxvlJyFkdb to not miss events like this!

Join our (or your local) club on https://t.co/Nt9FqpF0f4 to not miss future events in your region: https://t.co/AmAJ2azWs1 The leaderboard of the event can be found here: https://t.co/4yOuJWEsZ7 Event wrap-up:

Overall, we submitted 21 vulns and scored (by now) over 13k$ in bounties. And there are still some reports in triage or pending bounty state 🤞 Thanks to @Hacker0x01 and @GrabSG for supporting the event and everyone who attended and collaborated!