#nuclei Js-analyse template is updated now! .The new update include extraction of : .-S3 buckets. -Private keys. -Github-Personal-Access-Token. -Github-OAuth-Access-Token. -Ajax request in JavaScript could led to find more backend requests . Best regards.

RT @infosec_au: Today, we're releasing the new Searchlight Cyber (@SLCyberSec) tools website, which allows you to use several of our open-s….

I earned $1,500 for my submission on @bugcrowd #ItTakesACrowd. My first prompt injection report.

RT @cyb_detective: Go for Dorks. Online generator of advanced search queries for Google, Bing, DuckDuckGo, LeaklX, Shodan, Refseek, Fofa, Y….

I earned $620 for my submission on @bugcrowd #ItTakesACrowd.

Tip#: Don’t rely only on Wayback Machine or crawlers to find hidden endpoints. Always try submitting forms manually — you might trigger requests and discover endpoints that automated tools completely miss. Also use browser console ( inspection) to see requests in real time.

Just earned $6,200 in bug bounties through @Bugcrowd for my latest submissions!. #BugBounty #EthicalHacking #Infosec.

RT @rez0__: I'm a hacker and AI researcher who has reported vulnerabilities to OpenAI, Google, and others. I wrote this guide as a referenc….

4x SQLi to RCE findings today! 💀 Exploiting the unexpected is always fun.

Successfully got my first Blind XSS validated on HackerOne! 🚀 This one enables admin account takeover via the registration form by injecting payload in user name.#BugBounty #XSS

Imagine signing up for a site, setting roleid=0, and suddenly you're an admin! 🚀💀 Found a critical Broken Access Control issue where improper role assignment let me escalate privileges at registration. Always enforce server-side role checks! #BugBounty.

RT @ArchAngelDDay: 100 (very) short bug bounty rules:.

RT @protosphinx: deepseek is a side project.

RT @mrdoornbos: @nixcraft If you're gonna run code from the internet you don't understand, maybe start with:. docker run -it --rm alpine:la….

RT @ryousifacu: سؤال للذكاء الاصطناعي والقرار لكم

you can create a Launcher to run it.

I found a method to use dom-invader without opening burpsuite and without problems. Using the integrated chromium in burp directory. exec:~/.BurpSuite/burpbrowser/XXX/chrome.it will load chromium with the extension without any problem. change (XXX) with your version.

RT @BugBountyDEFCON: We're excited to announce one of our giveaways thanks to "@CaidoIO" 🎉 We will pick 5 winners to win a 1-year Caido Pro….

RT @h4x0r_fr34k: Fuzzing lists - Part 1 .Wordlists for few specific Funtions you can use for Specific Purpuses. 1. Email Providers .https:….

RT @nav1n0x: I just Published - A Comprehensive Guide to Manually Hunting SQL Injection in MSSQL, MySQL, Oracle, and NoSQL (MongoDB) - htt….

RT @ayadim_: @Bugcrowd @Yassineaboukir I download dataset from ipinfo it has all ASN records contain ( geography+ ip range + company).