Lets revive Wappalyzer :) Github: github.com/s0md3v/wappaly… - Uses the official firefox extension for accurate results. - Supports exporting results to json and csv. - Can scan urls in bulk. - Can be used as a python library for easy integration.

Leaking the email of any YouTube user for $10,000 brutecat.com/articles/leaki…

I’ve shared the detailed writeup below. I hope you’re finding it useful! Happy hacking! ;) blog.voorivex.team/css-data-exfil…

Just dropped a 🔥 in-depth breakdown of the Facebook OAuth 0-day exploit! Big props to Soufiane el habti for teaming up on this one! 🚀 Security testing just leveled up! 💥 #BugBounty #Meta #infosec sicks3c.github.io/posts/ato-via-…

I developed a Burp vulnerability scanning plug-in based on #DeepSeek model, which can detect injection vulnerabilities and XSS vulnerabilities at present #bugbounty #bugbountytips I welcome your questions in the Github Issues section github.com/momika233/Deep…

testbnull.medium.com/bypass-gitlab-… A quick note while analyzing CVE-2025-25291 gitlab saml auth bypass

the research paper is out: Next.js and the corrupt middleware: the authorizing artifact result of a collaboration with inzo that led to CVE-2025-29927 (9.1-critical) zhero-web-sec.github.io/research-and-t… enjoy the read!

FUZZ yo aarnavsaboo.medium.com/fuzz-yo-67c26b… #bugbounty #bugbountytips #bugbountytip

After receiving great feedback on my recent video, I created a detailed article on the topic—including a dorking script and a custom Nuclei template for mass hunting SQL injection. Definitely check it out! infosecwriteups.com/waf-bypass-mas…

just wrote a blog post based on this technique and described the methodology to take advantage of it, the post also includes an easy-to-set-up testbed to practice with, hope you find it useful blog.voorivex.team/leaking-oauth-…

Hidden or disabled fields are commonly overlooked, but they can still open the door to some cool bugs. Try creating a bookmarklet to instantly reveal these fields. Here are some quick examples you can copy and paste: 🔖 Enable all disabled or readonly fields:

medium.com/@bug_vs_me/how…

publication of my latest modest paper; Eclipse on Next.js: Conditioned exploitation of an intended race-condition - (CVE-2025-32421) enabling a partial bypass of my previous vulnerability, CVE-2024-46982 by chaining a race-condition to a cache-poisoning zhero-web-sec.github.io/research-and-t…

How to grab subs for a target using subfinder, validate them and extract the text body from each response using httpx and jq, extract a wordlist of keywords using NLP then resolve them using puredns to find valid subdomains 👇 You can also use LLMs and tools like alterx to

🚨 New Tool Drop! 📱 Android Native Scanner — automatically detects RCE, tokens, API keys, URLs & base64 payloads inside .so files! 🔍 Features: 🧨 system, exec, popen → RCE scoring 🔐 API key / token / JWT detection 🌍 Extracts hardcoded URLs & endpoints 🧬 JNI & native

🚀 $100 GIVEAWAY 🚀 Clone ANY website into clean React + TypeScript code in MINUTES! Watch me recreate GitHub's landing page with RiveCode.AI ⚡ To enter: ✅ Like this post ✅ RT & tag a developer friend ✅ Follow @hussein98d Grok pick the Winner 48 hrs from

Xbow raised $117M to build AI hacker agents, in Alias Robotics open-sourced it and made it completely free. Github: github.com/aliasrobotics/… Paper: arxiv.org/abs/2504.06017

I found another vulnerability to leak Microsoft Employee PII ($7500 Bounty) and 700M+ Microsoft partner records. Here's the writeup: blog.faav.top/microsoft-part… #BugBounty #bugbountytips