We just shipped automated security reviews in Claude Code. Catch vulnerabilities before they ship with two new features: - /security-review slash command for ad-hoc security reviews - GitHub Actions integration for automatic reviews on every PR

That's what happens when you build CTF with full AI The challenge with the flag exposed …challenges.bhusa.bugcrowdctf.com:9300/README.md cc bugcrowd

The whitepaper is live! Learn how to win the HTTP desync endgame... and why HTTP/1.1 needs to die: http1mustdie.com

ActiveScan++ can now detect multiple advanced unicode exploits just dropped at #BHUSA including confusables, codepoint overflows, case-conversion and combining diacritics! Thanks to researchers Ryan Barnett (B0N3) @ hackersummercamp & Angel Hacker for contributing this awesome update.

Can YOU complete this lab before James Kettle provides the solution on August 15? This ✨NEW✨ Expert Lab is based on real-world vulnerabilities discovered by PortSwigger Research! To learn more about 0 .CL request smuggling, check out James' whitepaper "HTTP/1.1 Must Die":

“HTTP/1 is simple” is one of the most dangerous lies in web security. Its hidden complexity has fueled years of desync vulnerabilities across the internet. Here are 5 lies about HTTP/1.1 and why they’re dead wrong👇 1️⃣ Lie 1: An HTTP/1.1 request can't directly target an

3 kata lucu "Polisi ditangkap Masyarakat"

x.com/i/article/1956…

A new tool: Slice 🔪 With the help of build-free CodeQL and Tree-Sitter, Slice can help GPT-5 can reliably reproduce discovery of CVE-2025-37778: use-after-free vulnerability in the Linux kernel! noperator.dev/posts/slice/

I just published a Repeater feature to make it easier to explore request smuggling. It repeats your request until the status code changes. It's called "Retry until success" and you can install it via the Extensibility helper bapp.

Meta, Google, and Microsoft all use encryption built by the same 50-person nonprofit. Zero revenue from 2 billion users. The founder uses a fake name. And when the FBI subpoenaed them, they only provided 2 pieces of data. Here's how a non-profit secures the internet🧵

Remote Code Execution in Adobe AEM Forms via CVE-2025-54253 (Struts2 DevMode misconfig: auth bypass + OGNL eval) and CVE-2025-49533 (Insecure Deserialization). Both rated critical, identified in a VDP (now patched). Original research: tinyurl.com/mprcjp9b

I discovered how to use CSS to steal attribute data without selectors and stylesheet imports! This means you can now exploit CSS injection via style attributes! Learn how below: portswigger.net/research/inlin…

Dear infosec community in Australia, we can't reach Osirys for a couple months. He had some issues and lost contact with him totally. If you have somehow ability to reach or find him, please contact to me. We are worried for his safety and life. #infosec #BugBounty

Indonesia’s President Prabowo Subianto has called for calm after police ran over and killed a man during anti-gov't protests. Demonstrators took to the streets of Jakarta after finding out lawmakers receive benefits totalling almost 20 times the average monthly salary.

Noh, berita kebobrokan lo pada dah nyampe Qatar

Short writeup about bug which helped me to win Meta BountyCon 2024 hacking event vulnano.com/2025/09/remote…

Facebook Messenger for Windows RCE worth $112K via Slack/Viber DLL files override using path traversal in attachments by Dzmitry Lukyanenko vulnano.com/2025/09/remote…

Jejak digital. orang kaya di indonesia itu kalo ga eksploitasi manusia, eksploitasi alam, ya eksploitasi sistem birokrasi 🙈

udah banyak banget yang bilang gini real kah?