RT @WebSecAcademy: Learning Path: CORS Misconfigurations. This learning path teaches you how to find, exploit, and escalate CORS misconfigu….

RT @xss0r: 🚨 Did you know? We’ve just published FREE Course Videos on Blind XSS Hunting at . 📍 Visit the “Where to….

RT @NahamSec: HTTP Request Smuggling Explained (with @albinowax) . 🎥👉🏼

RT @KN0X55: 🏆 KNOXSS August 2025 Giveaway 🏆. ➡️ Follow, like and share! 😍. ➡️ 1 Month Pro access for 3 winners on Friday 8th. Good luck! 🤞….

RT @HusseiN98D: 🚀 $100 GIVEAWAY 🚀. Clone ANY website into clean React + TypeScript code in MINUTES!. Watch me recreate GitHub's landing pag….

RT @WebSecAcademy: How to find viable targets for client-side desync attacks:. 1️⃣ Open Burp Suite and intercept requests. 2️⃣ Choose an e….

RT @ryancbarnett: Our @akamai_research response - Understand the SharePoint RCE: Exploitations, Detections, and Mitigations..

I find it overwhelming testing this target and I see many hunters might avoid it because of the heavy reliance on websockets by the app. Please how do you approach a complex target heavily relying on websockets? Do you recommend some tools or techniques?.

The access controls, managing tasks, inbox, and lots more of the core app all depends on websockets. Never seen an app so heavily rely on websockets like this one. In fact the HTTP history is extremely low compared to websocket history in proxy.

RT @phwd_: Facebook page admin and email disclosure.

Hey hunters (esp. manual hunters), don't miss this treasure from @ArchAngelDDay .

RT @0xacb: Hidden or disabled fields are commonly overlooked, but they can still open the door to some cool bugs. Try creating a bookmarkl….

RT @0xTib3rius: Quickest way to reliably find business logic flaws is to change your mindset:. You're not looking for bugs, you're hunting….

RT @Jhaddix: 🛑 GIVEAWAY ALERT 🛑 ⬇️. Today @arcanuminfosec is giving away 3 seats to our training: . "Red Blue Purple AI" - March 27-28….

RT @Doyensec: Despite being central to their security, many orgs struggle to securely implement #OAuth. Our new post walks through common i….

RT @tbbhunter: A Journey of Limited Path Traversal To RCE With $40,000 Bounty!.

RT @S1r1u5_: Imagine opening a Discord message and suddenly your computer is hacked. We discovered a bug that made this possible and earne….

RT @Jhaddix: 🚨 GIVEAWAY ALERT 🚨. Today is DAY ONE of FIVE DAYS of @arcanuminfosec and friends Black Friday and Cyber Monday giveaways!. Tod….

RT @Burp_Suite: 🛠️ Huge shoutout to Oussama Zgheb for their incredible BApp extension, JSON Web Tokens! . Quickly and efficiently assess th….

RT @RenwaX23: New writing: Story of how I got UXSS, LFI and RCE in Arc browser by visiting a webpage and clicking Install Boost. Using a b….