Microsoft promises more bug payouts, with or without a bounty program

2026 just called, it wants its cyber apocalypse early 😂 https://t.co/qoxX0SVcH6

With more than 8,500 satellites in orbit, Starlink provides connectivity through harsh weather conditions, network disruptions, and natural disasters. Order online in under 2 minutes.

🚨 React has disclosed two new, additional vulnerabilities to the critical RCE vuln of last week - CVE-2025-55183 and CVE-2025-55184. Patches are available and urged to be applied immediately. Track live attacks against React honeypots 👉 https://t.co/GXFaqggV8a

I wrote up a little post about OPSEC and how to learn from other people’s failures. https://t.co/Wk8bnoy4xT #OPSEC

#Pruva reproduction and Detection/Scanner for the CVE-2024-55947 bypass CVE-2025-8110 , but as @wiz_io said, it could be that the artficats are gone or private. Gogs Path Traversal Vulnerability https://t.co/DpoWafsAcq

Extending Burp Suite for fun and profit – The Montoya way – Part 9 - HN Security

@NomaSecurity we just published a critical security vulnerability in Gemini Enterprise, and indirect prompt injection that exposed Google Docs, Calendar and Gmail. Thanks to @GoogleVRP for the collaboration. https://t.co/yEc63WHLmC

Air-gapped cybersecurity assistant for security professionals. 100% offline AI-powered analysis tool for Nmap, Volatility, BloodHound, Metasploit, YARA, and more. Built for environments where cloud AI isn't available.

Meet AutoVader. It automates DOM Invader with Playwright Java and feeds results back into Burp. Faster client side bug hunting for everyone. 🚀 https://t.co/ZWWX4y2IRC

🔴 Watch out, someone is "patching" (?) servers vulnerable to #React2Shell and leaving a warning message about CVE-2025-55182 in English, Chinese, Japanese, and Spanish. According to Censys, 314 servers had/have this condition at this very moment. The vast majority of domains

Polish police detained three Ukrainians with professional hacking equipment: FLIPPER, spy detector, antennas, laptops, SIM cards. Charges include attempted damage to IT data critical for national security. Suspects couldn't explain equipment's purpose (when asked, they suddenly

https://t.co/ySFjj7hGyw

Holy shit… the exploitation of CVE-2025-55182 has reached a new level. There’s now a publicly available Chrome extension on GitHub that automatically scans for and exploits vulnerable sites as you browse. Absolutely wild. 🤦‍♂️

🚨BREAKING: The EU has fined X €120m for refusing to engage with censorship This is a direct assault on free speech. The EU is the enemy of the people.

China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182)

Somewhere right now, there are ten thousand laptops sounding like jet engines running the exact same CVE-2025-55182 POC. All sprinting to be the 9,999th duplicate so Hackerone/Bugcrowd can bless them with a kudos. Dream big, kings, history remembers the duplicates! 😂

An unauthenticated RCE PoC for the React vuln (CVE-2025-55182) is now public. Confirmed to work on my test setup (Next.js 16.0.6 with React 19.2.0).

You can now scan for #react2shell in @Burp_Suite. To enable, install the Extensibility Helper bapp, go to the bambda tab and search for react2shell. Shout-out to @assetnote for sharing a reliable detection technique!

Since I started to analyze CVE-2025-55182 (React, NextJS RCE) at work today, I decided to publish my analysis findings so far, given all the fuzz about the vulnerability: https://t.co/VFu7NxJ3TQ Feel free to contribute to the search for a proper RCE sink!

Today we partnered with Meta to disclose a critical vulnerability in React Server Components, impacting Next.js. Huge credit to Lachlan Davidson for responsibly reporting this to Meta and to our industry partners for responding quickly to our call-to-action. This is how open