The currency of life isn’t money. It is not even time. It’s attention.

how to gain code execution on millions of people and hundreds of popular apps and of course, firebase was (partially) the cause kibty.town/blog/todesktop/

We (+sagitz Ronen Shustin Hillai Ben-Sasson) found a series of unauthenticated RCEs in core @KubernetesIO project "Ingress-NGINX". The impact? From zero permissions ➡️ to complete cluster takeover 🤯 This is the story of #IngressNightmare 🧵⬇️

new paper on a vulnerability discovered in React Router, resulting from a collaboration with inzo that led to CVE-2025-31137; React Router and the Remix'ed path zhero-web-sec.github.io/research-and-t… good reading

I think one of the most unique and impactful content creators in the bug bounty industry is actually Blaklis. While he does do interviews and talks from time-to-time, his weekly content creation is very under-the-radar: he read and replies to EVERYTHING in every BB discord.

another research effort with inzo led to the discovery of two new vulnerabilities in React Router (14M+ downloads/week), resulting in: - CVE-2025-43865 (High-8.2) - CVE-2025-43864 (High-7.5)

During last week, I've played FCSC2025 and managed to reach first place in the web category ! I've written two writeups this year: one about pwning a Chrome extension, and another about a PostgREST service. worty.fr/post/writeups/… worty.fr/post/writeups/… Enjoy the read !

Here's my research about Python dirty Arbitrary File Write to RCE via overwriting shared object files or overwriting bytecode files. Enjoy! siunam321.github.io/research/pytho… #Research #WebAppSec

Today I used a technique that’s probably not widely known in the community. In what cases could code like this lead to a vulnerability? ->

My Salesforce 0-day got patched! I noticed today that an SOQL injection in Salesforce itself that I reported a few months ago is not working anymore. Since they did not release any CVE or advisory I decided to post a small writeup, enjoy! mastersplinter.work/research/sales…

Hey the community! I feel the need to react to x.com/GodfatherOrwa/…, as it targets me specifically and is doing a clear defamation there. I guess it's useless to say that the claims of me telling that I'll block people based on the fact that they're muslim is a complete lie,

Our team recently used a novel technique to increase the impact of what seemed to be only a blind SSRF. This novel technique involving HTTP redirect loops and incremental status codes led to full HTTP response leakage. Read more on Searchlight Cyber blog here: slcyber.io/assetnote-secu…

lightyear just got 6 times faster! Although I now work at Synacktiv, I proposed a PR for the tool to support threading and compression, greatly reducing the time required to dump a file. Dumping the demo /etc/passwd now takes 48s instead of 5m30. github.com/ambionics/ligh…

This weekend, for the Midnight Flag CTF final, I created a web challenge called JavaNote, which asked players to modify the ysoserial tool to do something other than execute a command, you can read the write-up here: worty.fr/post/writeups/… Congratulations again to all the players!

Today was my last day as a pentester at Bsecure, and it feels a bit surreal. After a three-year journey of hunting on the side, I’m finally ready to go all-in as a full-time bug bounty hunter. To celebrate this milestone, I've written an article sharing the full story. It’s a

New blog post is up: How I leaked the IP addresses of Brave's Tor window and Chrome VPN extension users--plus, a new Popunder technique and connect-src CSP directive bypass. Read more @ 0x999.net/blog/leaking-i…

I'm happy to release a script gadgets wiki inspired by the work of Sebastian Lekies, koto, and Eduardo Vela in their Black Hat USA 2017 talk! 🔥 The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇 gmsgadget.com 1/4

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…

Whoever that promises you their tool, their course or whatever will make you make big bucks is lying. Learn, work hard on your skills, understand the things. There is no other magic in the field. Don't listen those that are saying otherwise #bugbounty

We believe this is the first documented case of a large-scale AI cyberattack executed without substantial human intervention. It has significant implications for cybersecurity in the age of AI agents. Read more: anthropic.com/news/disruptin…