Super happy to see our research ranking #3 in @PortSwigger Top Web Hacking Techniques of 2024! 🚀 This one was a wild ride! Huge thanks to @_medusa_1_ & @sw33tLie for the amazing teamwork and to @Bugcrowd, who supported us! ❤️ What next? Keep tuned 👀🥷🏻 #BugBounty #Hacking

Are you more of a night hacker or a daytime hunter? 🌃 If you're neither, sign up and start hacking today: https://t.co/a7nbuFrT6D

São Paulo delivers! #bugbounty

CrowdAssist Update. - Auto-Renew Session If you keep getting disconnected from BugCrowd every few hours, CrowdAssist can automatically renew your session for you (eventually, this feature may be removed later) - Firefox Compatibility Happy Hacking 🤟🏻 #CrowdAssist #BugBounty

I interviewed the dynamic duo of @busf4ctor and @monkehack who just received the Top AI Hackers award from the last Google live hacking evnet 😊

Diegoooo! 🔥 What a beast! Congratulations, man! One of the best mindsets out there, achieving one of the best results. Super well deserved! 💪👏

What a legend!!! 🎉 Congratulations, Mr. Ali — you super well deserve it. Your talent and consistency keep setting the bar higher every single time. 🔥💪

During my bachelor's thesis, I reviewed several web apps of my university and ended up finding a large number of vulnerabilities. Here are a few that stood out, technically simple, yet highly critical. https://t.co/KBNC1KjBqf

We recently carried out a series of Supabase audits for clients - and we kept running into the same pitfalls. Our latest write-up covers the most common misconfigurations and strange defaults we see in Supabase - along with how teams can avoid them. 👇 https://t.co/IeRowx4X1d

Are you in São Paulo on Dec 13–14? Join us at the Bug Bounty Village @ H2HC! Call for Papers is open

My favourite finding from @SLCyberSec's Security Research team in 2025 so far is a secondary context path traversal in Omnissa Workspace One UEM (CVE-2025-25231). Really interesting bug, and fun kill chain to RCE.

This is 🔥

Moving to upstream HTTP/2 slams the door on desync attacks. Binary framing eliminates the ambiguity HTTP/1.1 suffers from, reducing exploitability. In this blog, @albinowax, Director of Research at PortSwigger, outlines a clear case for replacing HTTP/1.1 with HTTP/2 to prevent

Just released a new recollapse version thanks to @ryancbarnett and @4ng3lhacker after their talk in @BlackHatEvents today. What’s new? 💥Mode 6: Fuzz case folding/upper/lower 💥 Mode 7: Fuzz byte truncations 💥 Recollapse is now available to use as a python library and

Super glad to have collaborated on @albinowax’s research this year with @bsysop and @_medusa_1_. Funny enough, it all started with a random Slack DM that revealed a potential research collision with James, and things took off from there.

Thanks for the transparency and support during the research @ryancbarnett @akamai_research

It was great to see you all 🤟🏻

🕵️‍♂️ 🎩 The desync endgame has just begun. New expert lab has just dropped. Straight from @albinowax’s #BHUSA talk: Understand the latest request smuggling techniques, sharpen your skills, unlock new bounties, and solidify your organization’s defenses with the new expert lab ⬇️

At #BlackHat? Catch "HTTP/1.1 Must Die! The Desync Endgame" today at 3:20 in Oceanside A, Level 2. Hope to see you there!

Let’s hear it for Bugcrowd’s Top P1 Hacker of 2025… priyanshuxo! 👑👏 This title is so much more than a badge. It celebrates the quiet grind behind every critical find. Long nights, dead ends, and countless hours dissecting complex systems… all fueled by curiosity and the

At the moment, it is only compatible with @Bugcrowd, others are in the backlog. Any AI interaction is powered by @OpenAI and linked to your own ChatGPT account. Pull Requests and/or Issues are welcome in the repository 🙏🏻 CrowdAssist Link: https://t.co/QLy9Rb96Va #BugBounty