1 Bug, $50K+ in bounties: how Zendesk left a backdoor in hundreds of companies #bugbountytips gist.github.com/hackermondev/6…

Yay, I was awarded a $12,200 bounty on HackerOne! hackerone.com/buraaqsec #TogetherWeHitHarder

Ben Sadeghipour Pick a niche, become an expert, find bugs maybe even 0days or reverse n-days, and write blogs. Even if you don’t hit those $100k bounties, it’ll be a stepping stone toward a $100k job. What niche? How to pick? Examples? infosec being so vast from web3 sec to web2, mobile,

This is fun, got my first crown :) Here's the list gist.github.com/buraaqsec/9f29…

very pleased to announce the release of my new article based on my research that led to CVE-2024-46982 titled: Next.js, cache, and chains: the stale elixir zhero-web-sec.github.io/research-and-t… note: does not cover the latest findings shared in my recent posts enjoy reading;

The results are in! We're proud to announce the Top ten web hacking techniques of 2024! portswigger.net/research/top-1…

Leaking the email of any YouTube user for $10,000 brutecat.com/articles/leaki…

Disclosing YouTube Creator emails via Content ID for $20,000 brutecat.com/articles/youtu…

IP whitelisting is fundamentally broken. At Assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: github.com/assetnote/newt…

Leaking the phone number of any Google user brutecat.com/articles/leaki…

Even mature products hide critical flaws – and @XBOW just found another one. CVE-2025-49493: XXE in Akamai CloudTest discovered during our climb to #1 on HackerOne. A complete technical breakdown from an error-based detection to a full exfiltration by djurado

Bug bounty, feedback, strategy, and alchemy frequently asked for advice, roadmaps, and more, I finally took the time, after 2–3 years of bug bounty, to write down my vision, thoughts and perspective on the subject non-technical, no research this time! zhero-web-sec.github.io/thoughts/bugbo…

For our first Christmas in July research post: How we managed to get persistent XSS on every Adobe Experience Manager Cloud instance three times! slcyber.io/assetnote-secu…

1GB/1 CPU of DigitalOcean >>>>>>>>> 6GB/4 CPU of Contabo

cve-2025-55182.com

how to hack discord, vercel and more with one easy trick kibty.town/blog/mintlify/

🎄🎁 Here is a 0day unauthenticated root RCE affecting over 70,000 devices on the internet. pwn.ai/blog/cve-2025-… For our first post, we show how pwnai autonomously found a root rce affecting XSpeeder, over 8 months ago. To our knowledge, this is the first agent-found,

Alright so to end 2025 I am going to post something that people have been requesting for quite some time.. As alot know, I have made over $1 million dollars from SSRF vulnerabilities alone. #ssrftips Below I will provide some information on some of the ways that I beat the

Introducing Cowork: Claude Code for the rest of your work. Cowork lets you complete non-technical tasks much like how developers use Claude Code.

You can now enable Claude to use your computer to complete tasks. It opens your apps, navigates your browser, fills in spreadsheets—anything you'd do sitting at your desk. Research preview in Claude Cowork and Claude Code, macOS only.