Super happy to see our research ranking #3 in @PortSwigger Top Web Hacking Techniques of 2024! 🚀 This one was a wild ride! Huge thanks to @_medusa_1_ & @sw33tLie for the amazing teamwork and to @Bugcrowd, who supported us! ❤️ What next? Keep tuned 👀🥷🏻 #BugBounty #Hacking

I interviewed the dynamic duo of @busf4ctor and @monkehack who just received the Top AI Hackers award from the last Google live hacking evnet 😊

Diegoooo! 🔥 What a beast! Congratulations, man! One of the best mindsets out there, achieving one of the best results. Super well deserved! 💪👏

I yearned for the truth to confirm my identity as a genuinely honest man—someone reliable in both speech and action. Yet the truth remained elusive. It wasn’t present in my family, nor in the religion I had known; not in school, nor in the workplace. Where could it be found? I

What a legend!!! 🎉 Congratulations, Mr. Ali — you super well deserve it. Your talent and consistency keep setting the bar higher every single time. 🔥💪

During my bachelor's thesis, I reviewed several web apps of my university and ended up finding a large number of vulnerabilities. Here are a few that stood out, technically simple, yet highly critical. https://t.co/KBNC1KjBqf

We recently carried out a series of Supabase audits for clients - and we kept running into the same pitfalls. Our latest write-up covers the most common misconfigurations and strange defaults we see in Supabase - along with how teams can avoid them. 👇 https://t.co/IeRowx4X1d

Are you in São Paulo on Dec 13–14? Join us at the Bug Bounty Village @ H2HC! Call for Papers is open

My favourite finding from @SLCyberSec's Security Research team in 2025 so far is a secondary context path traversal in Omnissa Workspace One UEM (CVE-2025-25231). Really interesting bug, and fun kill chain to RCE.

This is 🔥

Moving to upstream HTTP/2 slams the door on desync attacks. Binary framing eliminates the ambiguity HTTP/1.1 suffers from, reducing exploitability. In this blog, @albinowax, Director of Research at PortSwigger, outlines a clear case for replacing HTTP/1.1 with HTTP/2 to prevent

NEAR 🤝 Sovereign AI Want to learn more about @svrn_ai? Join them live at 9am EST Oct 29th to hear how they will be supporting NEAR Protocol in powering the agentic future. Featuring: Sal, David, NEAR Legion

Just released a new recollapse version thanks to @ryancbarnett and @4ng3lhacker after their talk in @BlackHatEvents today. What’s new? 💥Mode 6: Fuzz case folding/upper/lower 💥 Mode 7: Fuzz byte truncations 💥 Recollapse is now available to use as a python library and

Super glad to have collaborated on @albinowax’s research this year with @bsysop and @_medusa_1_. Funny enough, it all started with a random Slack DM that revealed a potential research collision with James, and things took off from there.

Thanks for the transparency and support during the research @ryancbarnett @akamai_research

It was great to see you all 🤟🏻

🕵️‍♂️ 🎩 The desync endgame has just begun. New expert lab has just dropped. Straight from @albinowax’s #BHUSA talk: Understand the latest request smuggling techniques, sharpen your skills, unlock new bounties, and solidify your organization’s defenses with the new expert lab ⬇️

At #BlackHat? Catch "HTTP/1.1 Must Die! The Desync Endgame" today at 3:20 in Oceanside A, Level 2. Hope to see you there!

Let’s hear it for Bugcrowd’s Top P1 Hacker of 2025… priyanshuxo! 👑👏 This title is so much more than a badge. It celebrates the quiet grind behind every critical find. Long nights, dead ends, and countless hours dissecting complex systems… all fueled by curiosity and the

At the moment, it is only compatible with @Bugcrowd, others are in the backlog. Any AI interaction is powered by @OpenAI and linked to your own ChatGPT account. Pull Requests and/or Issues are welcome in the repository 🙏🏻 CrowdAssist Link: https://t.co/QLy9Rb96Va #BugBounty

CrowdAssist can help you to: - Let AI ✨ help review and polish your reports and comments - Write reports with AI ✨ (Experimental) - Respond faster and more efficiently to triagers and Programs - Export report in Markdown - Add your IP in One-click - and more 🧵👇 #BugBounty

CrowdAssist is a Chrome Extension built to simplify your workflow and help you interact with Bug Bounty platforms (Bugcrowd by now), adding some key features to improve the quality of your reports and reply more effectively when required. 🧵👇 #BugBounty #BugBountyTIps

TOOL RELEASE🔥🚀 Clear reports and good communication with the teams can make the difference in the outcome of your report, including the final bounty/bonus. To assist you in the reporting and communication, here is CrowdAssist ✨. @Bugcrowd compatible. 🧵👇 #BugBounty #AI