There’s a code base I audited about 3 years ago, and at the time, I was so certain that I wasn’t going to find any more bugs. There was a narrow minded view of what existed, and this severely limited what was possible.

XSStrike v3.1.5 is here🎉 This release focuses on fixing major bugs reported by the community. Github: github.com/s0md3v/XSStrike

if i had the choice to be a cat i would be "cat /etc/passwd" :")

x-middleware-subrequest: true doesn't work

We recently looked deeper at the authentication bypass vulnerability in Next.js (CVE-2025-29927) and discovered some intelligent and comprehensive ways to check for the vulnerability. Read more in our blog post: slcyber.io/assetnote-secu…

Take a look at my blog w/ bugcrowd where I talk about RCE and one of the ways it landed me a critical payout! bugcrowd.com/blog/remote-co…

we are literally at "jailbreak yourself" rofl

IP whitelisting is fundamentally broken. At Assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: github.com/assetnote/newt…

How to bypass Cloudflare WAF? FearsOff Cybersecurity #bugbountytips #cloudflare #waf #bypass 1. Found an SQL injection but getting blocked by Cloudflare? Here's a pro tip 😏

Gemini can read such pixelated text?!!!!!!! THIS IS CRAZY.

wappalyzer v0.1.15 adds 271 new fingerprints making the total 5964 🎉 github: github.com/s0md3v/wappaly…

I want to open devtools by default. Then scan all these URLS and if it hits an eval sink I want you to pause the devtools debugger. All done using AutoVader!

Why the revenue of curl with UI is > $300 million dollars

guys i just created my own web browser!

No mercy, #TogetherWeHitHarder got real😭 #BugBounty

Thought: We created VS Code, open sourced it, and didn't become billionaires.

Make an app that gives people app ideas.

okay, this is getting chaotic