I discovered a misconfigured AWS Cognito setup that allowed unauthorized access to Nothing’s cloud storage. Full technical breakdown below, a reminder to always check permissions! Nothing Blog: kaif0x01.medium.com/hacking-nothin… #Cybersecurity #InfoSec #bugbounty #bugbountytips

Can you hack a vibe coded PHP app? Yes. Can you use AI to hack the same app? Yes. Just dropped our workshop on AI for Ethical Hacking. Full materials 👇 github.com/ethiack/ai4eh/… Blog post: blog.ethiack.com/blog/dont-fear…

hey s1r1us can you pls check your dm?

Here are the slides from my TumpiCon talk: Teaching LLMs how to XSS - An introduction to fine-tuning and reinforcement learning (using your own GPU) docs.google.com/presentation/d…

Nginx normalizes paths (/../, %2e, etc.) before applying access rules like: location = /admin { deny all; } But backends like Node.js or PHP handle decoding again, and differently. Requesting /;admin or /admin%2f..%2f might bypass Nginx’s block, but get normalized to /admin by

Hey Grok , based on your analysis of the last 365 days, list in sequence 10 accounts that frequently visit my profile. Do not mention the person, only @.username and the rate of visits to the profile per month.

Hey, Grok, who was the most famous person to visit my profile? It doesn't need to be a mutual, don't tag them, just say who it was

#NewProfilePic

New Android host validation bypass technique! [1/4] All parsed URIs in Android are android.net.Uri.StringUri objects. However, the scheme parser only looks for the ":" delimiter

I was rewarded $1000, for reporting a Critical vulnerability to TECNO Security Response Center Alhamdulillah! #bugbounty #CyberSecurity #pentesting #EthicalHacking

I’m a web guy, so I usually don’t work on non-web applications since my mind doesn’t do binary. With the help of my friend for reverse engineering, I managed to uncover some CVEs. It was very challenging for me, hope you like it: blog.voorivex.team/hacking-veeam-…

At long last - Phrack 72 has been released online for your reading pleasure! Check it out: phrack.org

Today I have a more serious topic than usual, please consider reposting for reach: My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder [1/3]

Here's a full walkthrough for finding security bugs in code with Hound. It should work for up to ~80k lines of code irrespective of coding language. Results may vary. muellerberndt.medium.com/hunting-for-se…

Apple fixed one of my reports. It was a pretty interesting CSRF which allows unauthorised modification of user profile info. #bugbountytips #bugbounty #appsec

Found an RCE in Google Web Designer :) Very similar to the CSS Injection to RCE found by Bálint Magyar. sudistark.github.io/2025/09/23/RCE…

Got $5,000 bounty ;)

FINALLY! I overcame the procrastination wall and published my full breakdown on Dependency Confusion. This post covers my strategy for turning existing research into a 24/7 automated engine. Check out here: sl4x0.medium.com/turning-depend… #bugbountytips #supplychains

You just need PortSwigger Web Academy and consistency!