https://t.co/slnyjjR1eH

Do you know why navigating to this still pops an alert even though it uses textContent (so HTML is escaped)? https://t.co/2MY3oaG0nK

Simple SQLi I don't usually hunt SQL injection, but I will usually at least take the time to try some single quotes to see how the server responds because it only takes a few seconds. If I get a database statement or error back, or one quote errors and two single quotes does

if btc goes down to 69k, i'll go in with $100

https://t.co/HNuRvz69gH

🚨 The watchTowr team is rapidly reacting to CVE-2026-1281 & CVE-2026-1340 - unauth RCE vulnerabilities within Ivanti's Endpoint Manager Mobile (EPMM). Active watchTowr Platform clients have been made aware of their exposure - reach out via the watchTowr website for support.

Someone knows Bash disgustingly well, and we love it. Here's our analysis of the Ivanti EPMM Pre-Auth RCE vulnerabilities - CVE-2026-1281 & CVE-2026-1340. This research fuels our technology, enabling our clients to accurately determine their exposure. https://t.co/BT9c78uuh5

🎉 $3,000 PC Giveaway 🎉 🖤 All Black MSI Stealth Build 🖤🔥 This is our last giveaway for the month, and concludes our 20k pc builds to celebrate the new year ❤️ How to Enter: 1️⃣ Like ❤️ and reshare 🔁 this post 2️⃣ Follow @brittnaynay3 @msiUSA 3️⃣ Drop a comment 💬 That’s it

-Drops a unsandboxed chrome RCE!!! -Gets Rewarded $250k!!!!!!!! -Asks for the report to be made public to help the community and vendors -Drives into horizon

When my neighbor asked me if this AI toy was secure... I never imagined it would result in what @0xteknogeek and I found:

It’s time to lock in. If you’re struggling with bug bounties, spend the next few weeks finding a target you personally enjoy. Bigger the scope the better! Then focus on them everyday for the entire year. Aim to hack 2-3 hours minimum a day. You’ll learn lots and find bugs. GL!

The number of pushups won’t matter until you change how you see yourself. If you see yourself as a lazy person, you’ll always quit. If you start to change who you are, and become someone who trains and doesn’t give up, that’s what matters. Identity change requires action. It’s

Set your #xss hunting 🎯 on easy mode! In the latest edition of our Eval Villain video series, @bemodtwz demonstrates the time-saving power of the "needles" feature. https://t.co/NqEls2TThm #appsec #doyensec #bugbountytips #security

We've just hit a very important milestone - our XSS Cheat Sheet now has 1337 vectors!

Thank you sir @Jhaddix for the giveaway! Will continue supporting @arcanuminfosec in the best way I can. Awesome as always! 💯

𝕏

Stealing Salesforce OAuth Tokens via the WAF: A write-up on SFRA context and escalating XSS to Account Takeover using the WAF as a gadget. Hope you enjoy it https://t.co/vUNKbjUeWk

It costs $0.00 to support a dark artist 🖤

A new AI research safe harbor framework published by HackerOne and multiple new LLM-adjacent security workflows landing in the wild. On the technical side, OAuth token handling, WAF edge cases, and cloud identity misconfigurations kept showing up across write-ups . Full issue →

Instead of making a 3rd how to bug bounty and share resources and labs, I decided to reflect on my journey in the last 3 years and share some of things that helped me earn over $1,000,000+ in bounties in these 3 years . Here's what I have learned 👉🏼 https://t.co/TRoFnuxrqb