This is a beautiful piece of cache poisoning research, demonstrating what you can achieve if you focus on a single framework.

always examine the .js files in the source code, for this I can recommend this simple but effective tool github.com/w9w/JSA from here you can access the endpoints of critical data, the places where backup files are stored and many endpoints credit: Yunus Emre Öztaş #BugBounty

Coming soon… 👀 thanks to No Starch Press! nostarch.com/zero-day

HTTP: The Hacker's Guide (Almost) Exhaustive list of topics you should know about HTTP as a Hacker.

Part 2: Advanced JS Extraction & Analysis Automation for Bug Bounty Recon cyberw1ng.medium.com/part-2-advance… #bugbounty #bugbountytips #bugbountytip

🎉 GIVEAWAY TIME! 🎉 My friends at hackcubes giving away 10 FREE HackCubes Exam Vouchers to our amazing cybersecurity community! Worth $100 each 💰 To enter: ✅ Solve the CTF: hackcubes.com 📅 Giveaway ends: August 26th 🏆 Winners announced: August 27th Let's go!

From humble beginnings with meetups in 2022 to preparing for our very first Cybersecurity Conference 2026 — what an incredible journey this community has had! 🙌 #infosec #conferences #bugbounty #cybersecurity #AI

I'm sharing my fully automated JS analysis workflow that finds high-impact vulnerabilities JS Recon Automation: Modern Bug Bounty Workflow youtu.be/p2JcE_7_TFQ #BugBounty #JSRecognition #CyberSecurity

An OIDC/OAuth security article I wrote recently engineering.mercari.com/en/blog/entry/…

🏆Prizes revealed for SecurityBoat Community CTF 2026. Top 3 winners ✔️ParrotCTF VIP access for 6 months ✔️PCWPT exam vouchers ✔️OffSec Proving Grounds 1-year access ✔️€50 Gift Voucher by TheXSSRat ✔️winner certificates Register free: securityboat.net/event/security… #SBCommunityCTF2026

Late one, hunted for 2 weeks in December and made $6000+. Excited for what we can achieve this year. Below are some writeups I published in 2025: $1,500 Recon Tips: medium.com/@tinopreter/1-… Lets $ Leak $ OTP: medium.com/@tinopreter/ot… From 429 to 200: medium.com/bugbountywrite…

Android Reverse Engineering Notes notion.so/Reverse-Engine…

Client-side bugs are still one of the most overlooked areas in bug bounty. In this video, I break down postMessage from first principles. How it works, where it fails, how developers mess it up, and how to exploit it step by step. 🎥 Client Side 01: postMessage Bugs 🔗

Sharing my Burp Extension that earned me $200k in 2025 while API testing heavy JS-rich targets. github.com/jenish-sojitra… The tool helps find endpoints, files, internal emails, and some secrets from minified JS. Its goal is to achieve maximum efficiency with reduced noise in

HTTP toolkit for security research github.com/dstotijn/hetty

Crawl URLs to find secrets and endpoints github.com/edoardottt/car…

"MCP is a client-server architecture whereby the AI application acts as a client and MCP servers deliver external service data back to the application." Read more: blackhillsinfosec.com/model-context-… Model Context Protocol (MCP) by: ʝօʄʄ ȶɦʏɛʀ 🇦🇺🇺🇸 @yoda66.bsky.social Published 10/22/2025

In December, I discovered a very simple yet critical vulnerability in elysiaJS (CVE pending). The bug has been fixed for almost a month now, so I'm sharing the details: ElysiaJS Cookie Signature Validation Bypass devansh.bearblog.dev/elysiajs/

Stop manual hunting and start automating. This one-liner takes you from subdomains to leaked S3 buckets in seconds.👇