I'm happy to share my story on bug bounty journey. Thanks bugcrowd for choosing me to make inspire everyone in the community 🙏 Be patient, focus and keep ethical success will come to you 💯💪🔥

Now in private beta: Aardvark, an agent that finds and fixes security bugs using GPT-5. https://t.co/xwtJhfDM3X

Love this creative chain exploit. So amazing 💯 Great reproduce PoC 🔥

We just posted our AttackerKB @rapid7 Analysis for the recent Cisco ASA 0day chain; CVE-2025-20362 and CVE-2025-20333. The auth bypass appears to be a patch bypass of an older 2018 vuln. The buffer overflow is in a Lua endpoint, but unsafe native code operations allow a buffer to

Interested in Spring Boot Actuators in the context of bug bounty hunting? I wrote something - nothing new - just some insights ;) Article: https://t.co/aki2AaEZER Retweet appreciated! Dont expect 0days or some fancy magic.

“I've taken that same anointing upon Ronald, speaking of Ronald Reagan, and I've put it upon my Donald .” @TheElijahList @ElijahStreamsTV

We triggered WhatsApp 0-click on iOS/macOS/iPadOS. CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300. Analysis of Samsung CVE-2025-21043 is also ongoing.

Ever stumbled on an AEM box and thought “ok… now what?” 😏 We dropped hopgoblin — new research + tool XXE, SSRF, XSS & more (CVE-2025-54251, -54249, -54252, -54250/47/48/46). 👀 time for some crits eh? 👉 https://t.co/mt7Hy0L8DN

We will have a small game show with attractive gifts at the booth. Visit and share about hacking with my team @ViettelCyberSec 🔥🔥🔥

Checkin at #ROOTCON now Amazing conference and can't wait to see hacker guys here 🤩

Today and every day, Anduril honors our heroes. Veterans are core to our mission. They make up over 13% of our employee base. That’s more than twice the share in the US Labor Force. We asked our employees to nominate their Veteran teammates to recognize their impact. Here's

@japzdivino @shipcod3 See you tomorrow 👋

I am in Manila for a private workshop and will be at #RootCon this year. If you are in Manila we can meet at Viettel Cyber ​​Security Booth @japzdivino

Scattered Spider methods to gain access, publicly available legitimate tools and malware. source: https://t.co/MUeNdFdpoy

Tran Trung Kien (M4n0w4r) @kienbigmummy with his topic: APT35: The Silent Adversary Under the Radar 👀🔥 🌟 Agenda: https://t.co/iszlixaSfN

https://t.co/xvgdsvTs00

The information security arena at #SecurityBootcamp2025 is very hot 🔥🔥🔥 Where all information security professionals demonstrate their attack-defense skills to exploit vulnerabilities and defend their information systems 💪

My favourite finding from @SLCyberSec's Security Research team in 2025 so far is a secondary context path traversal in Omnissa Workspace One UEM (CVE-2025-25231). Really interesting bug, and fun kill chain to RCE.

Thanks to the awesome work by our team we can finally announce our official urlscan cli tool: https://t.co/CpiL9jUdDv - Submit scans, run searches, find domains, get creative. Feel free to share your use-cases with us on X! Download on Github or homebrew.

Short writeup about bug which helped me to win Meta BountyCon 2024 hacking event

This week, Disclosed. #BugBounty Spotlight on Android labs, LLM “sleeper” agents, big bounties for NGINX & GPT‑5, Zoomtopia & IoT hackathons, write‑ups on SSRF, UUID takeover & RXSS escalation, plus upgraded tools and hunting tips. Full issue →

This week, Disclosed. #BugBounty Spotlight on CodeRabbit Exploit, NahamSec’s DEF CON vlog, Swiss Post’s €230K challenge, new tools for hunters, and more. Full issue → https://t.co/Affe2Yws7J Highlights below 👇 @KudelskiSec details how vulnerabilities in CodeRabbit’s AI

I've been in crypto for over 10 years and I’ve Never been hacked. Perfect OpSec record. Yesterday, my wallet was drained by a malicious @cursor_ai extension for the first time. If it can happen to me, it can happen to you. Here’s a full breakdown. 🧵👇