Please stop asking Ethical hackers to hack Instagram, Snapchat and other Social medias account we don’t do that stuff

Tomorrow is a new episode. Listen to it in a carpeted room. Because your jaw is going to hit the floor, and I don't want you to get hurt. 🧑‍💻

🚘 A Research on Exploiting HTTP Parsers Inconsistencies Blog: blog.bugport.net/exploiting-htt… author: rafa #infosec

Thrilled to share that Corellium is being acquired by Cellebrite! I'm excited to join Cellebrite as CTO and continue pushing the boundaries of mobile security and digital forensics. Big things ahead. forbes.com/sites/thomasbr…

Transform Your Old Smartphone into a Pocket Cyberdeck with Kali NetHunter mobile-hacker.com/2025/06/06/tra…

Cuz feds demanded? What a disgrace these companies are to cave in to their demands!

Most IT teams don’t have a security problem…They have a bandwidth problem. Security gets pushed aside because everything feels urgent. To make progress we have to free up those IT folks to work on things that matter and have real impact

spencer Most breaches don’t happen because teams are clueless, they happen because they’re underwater. Security isn’t a knowledge gap, it’s a prioritization casualty, and I saw so many teams get rekt for putting security last

UDRL + Sleepmask is pretty powerful. You can extend Cobalt Strike's BeaconGate functionality to any API you want, no longer limiting you to the officially supported set of API's. Attached example shows proxying HttpOpenRequestA through BeaconGate

I'm thrilled to announce "HTTP/1 Must Die! The Desync Endgame" is coming to #DEFCON33! This talk will feature multiple new classes of desync attack, mass exploitation spanning multiple CDNs, and over $200k in bug bounties. See you there!

Remember DEF CON 31’s dive into space & cybersecurity? Our own Jacob Oakley broke down satellite hacks, threats, and how attackers target orbiting tech. Watch the recap while gearing up for DEFCON 33!  youtu.be/bHsGfX18DQs?si… #DEFCON #CyberInSpace

Another blog on CVE-2025-33073 - The Reflective Kerberos Relay Attack blog.redteam-pentesting.de/2025/reflectiv…

Another Fortinet VPN Vulnerability! cybersecuritynews.com/fortios-ssl-vp…

🚨 Heads up for web devs! 🚨 The HTML spec just got an important update to protect against mutation XSS (mXSS). Find out how escaping < and > in attributes is making the web a safer place. bughunters.google.com/blog/503874286…

I hope they shut down Meta.

youtu.be/23Mz7qcRz50

Drag a file, leak a hash—Chrome’s quiet secret exposed. In this blog, Drew @hoodoer reveals how Chrome’s drag-and-drop API lets web apps initiate complex actions; with some social engineering, it can also trigger NTLM hash leaks on Windows via SMB. Read now! trustedsec.com/blog/dragging-…

Do Yum! Brands have a private bug bounty program?

What a historic day! Today I reported 43 vulnerabilities (on all platforms combined), different classes of bugs of varying severities. Included both, VDPs and BBPs. Let's see how many of them will be duplicates... #BugBounty

0-day CVE reports falling under programs' 30/60/90 days timelines are being closed informative left and right by triage teams. Lost $$$$ 🥲