Persistent, creative, community-driven: that’s how @aituglo describes himself as a hacker. In our latest interview, the full-time bug hunter opens up about his methodology, the bug he’s proudest of finding & tips for helping newbies stay motivated 👇 https://t.co/VL69OpJTC5

Last chance to pwn Ghost Whisper, our beginner-friendly Dojo challenge! Discover an OS command injection and capture the flag 🙀 Solve the CTF challenge to boost your @yeswehack profile with points 👉 https://t.co/Q9NV2HFHMd #BugBounty

We’re proud sponsors of #NahamCon2025 – Winter Edition! Here’s what we’re bringing to the event: 🎤 An exclusive workshop led by @Brumens2 👾 3 CTF challenges by @Brumens2 and @pwnwithlove 📆 17-18 December - mark your calendars! More info: https://t.co/AJyWYZEP84 @NahamSec

new cve on Keycloack https://t.co/RyAKyXpakp @truffzor @yeswehack

You’ll know how to build an Android #BugBounty lab if you read the first article in our Android hacking series 📱 Part two has now landed: an in-depth guide to performing recon on your mobile targets! 👇 https://t.co/g8rqa9bkHz

💰 Want to earn your first bounty faster? @amrelsagaei has put together an excellent guide to help you master GraphQL and find unique bugs. Rumour has it that it also includes our latest research on the topic 👀 Check out the video 👉 https://t.co/7GVxyiqfDE #BugBountyTips

Want to step into the world of high-impact findings? 🚨 @Brumens2's research on "Limitations are just an illusion – advanced server-side template exploitation with RCE everywhere" shows how SSTI can lead to RCE in different engines. Check it out 👇 https://t.co/SPy1ak66os

€15,000 for a critical bug = @fdj_united just upped the ante on their Public #BugBounty Program 💸 The program covers over 30 assets across @fdj_united’s online gaming and betting platforms - web and mobile alike. There's plenty to explore 👉 https://t.co/Vz8SZ2qj8X

We've written an article that covers HTTP request smuggling! And the best part is.... You now have a complete, ultimate guide for each technique, with explanations & clear examples 🤯 Everything you need to start finding these high-impact bugs is here 👇 https://t.co/k2waincerJ

The minefield between syntaxes: exploiting syntax confusions in the wild - @yeswehack https://t.co/877g4gP6t8

Final days to take on Ghost Whisper! 👻 Rumor has it that this is your favourite Dojo challenge so far... 👀 Give it a try before Nov 30th: https://t.co/Q9NV2HFHMd It's a great warm-up for newcomers, and a smart way to increase your chances of landing private programs. 📩

🎯 New target unlocked: @Memento_Bc's public #BugBounty program is live on @yeswehack! Test your skills on a real #blockchain platform, help strengthen its security, and earn rewards of up to US$4,000 💰 Ready to hunt? Check out the scope 👉 https://t.co/biaFsx5YoG

Have you ever wondered if that dangling DNS record could be exploited? 🤔 "Can I takeover XYZ?" by @EdOverflow has you covered! Your ultimate checklist for finding subdomains to takeover 👉 https://t.co/R4GPIvBEnF #YesWeRHackers #BugBountyTips

“If the YesWeHack hunters didn’t find a bug, the pentesters most likely also won’t” 🤔 So said the #BugBounty lead for Tokyo-based payments provider @komoju in our latest customer story 🇯🇵 In this Q&A, Eric explains how crowdsourced security testing facilitates compliance even

Want the full research? Find out how syntax confusion has been used to exploit real Bug Bounty targets in the wild👇 https://t.co/QhORQbKBIn

💡 Practical gadgets to test: try the Content-Disposition filename* parameter with percent-encoded bytes. Some filter mishandle it while some parsers handle it, allowing a possible file upload vulnerability.

What’s the issue? Small changes, for example turning port 443 into 000443 can slip past filters and reach unexpected code paths, which often lead to bugs 🐞

What is syntax confusion? It's when different parsers normalise or decode the same text differently: one layer sees a safe payload, the other one normalises it into something unsafe 💉