🚨Alert🚨CVE-2024-27348: Unauthenticated users can execute OS commands via Groovy injection in Apache HugeGraph-Server. Upgrade to version 1.3.0 to mitigate. 🔥Python Scanner:github.com/Zeyad-Azima/CV… 📊200+ Services are found on hunter.how 🔗Hunter

Excited about the opportunity of getting back to one of my absolute favorite places: Buenos Aires and the mainstage of this years Ekoparty | Hacking everything! Grateful and hyped to have Joona with me on the adventure! Can’t wait to meet up with yall and hang out with Bug Bounty Argentina

🔴 CVE-2024-47575: FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests (critical) / aka #FortiJump. Vulnerability used in zero-day attacks 🔥 Reported malicious IPs: - 45.32.41.202 -

Two weeks ago, my team (Capability Development Group @ Bishop Fox) published a deep dive on FortiManager in support of analyzing FortiJump (CVE-2024-47575, missing authentation in fgfmsd), which is being actively exploited in the wild. We cover prerequisite steps for discovering

We’re finally live! You can now watch “Listen to the whispers: web timing attacks that actually work” on YouTube: youtube.com/watch?v=zOPjz-…

arthur aires If you check my DEFCON talk about cache poisoning in Imperva you can find another useful bypass. Just add 16 / between the dot segments and it also works perfectly. However, according to Bugcrowd’s triage, that’s not a vulnerability. 🤷🏼‍♂️

Want to level up your learning in security? 🚀 Stop scrolling and start reflecting. 'Reading Between the Lines' challenges you to dig deeper: 1️⃣ What can I learn from this? 2️⃣ What patterns apply elsewhere? 3️⃣ Why didn’t I spot this? The real breakthroughs come when you ask

DeepSeek jailbreak, system prompt extracted, and some OpenAI data distillation model response after the jailbreak lab.wallarm.com/jailbreaking-g…

🚨Alert🚨 CVE-2025-1094: PostgreSQL psql SQL injection 🔥PoC:github.com/rapid7/metaspl… 🧐Deep Dive :attackerkb.com/topics/G5s8ZWA… 📊 956K+Services are found on the hunter.how yearly. 🔗Hunter Link:hunter.how/list?searchVal… 👇Query HUNTER : protocol="postgresql" FOFA :

📅 Registration for #picoCTF2025 is open!. 🌟 Competition Dates: ⏰ Start: 12:00pm ET, March 7 ⏰ End: 3:00pm ET, March 17 📝 Write-ups due on March 17, 2025 Ready to test your skills and have fun? 💻 Let’s go! 🌐 Practice daily at picoCTF.org

We've just published Turbo Intruder 1.52 which fixes some bugs, and makes the response table silky smooth. PS there's something awesome coming from PortSwigger Research tomorrow.

Check out "TruffleHog Integration" on the BApp Store - use TruffleHog with Burp to scan traffic for 800+ different types of secrets. Available in Burp Suite Professional.

One of my old Google VRP (Google Bug Hunters) reports just went public -- check it out if you want to see an example of CEF exploitation. bughunters.google.com/reports/vrp/qM…

the research paper is out: Next.js and the corrupt middleware: the authorizing artifact result of a collaboration with inzo that led to CVE-2025-29927 (9.1-critical) zhero-web-sec.github.io/research-and-t… enjoy the read!

Los invito a ver la ciudad con los ojos de Fabian Bia y Carlos Lebrato. Porque el nuevo cambio de Montevideo exige del amor por el departamento y su gente. Mirá Montevideo, estoy hablando de vos. 🔴🔵⚪️

During one CTF competition, our team found xss in python markdown2, you can read the issue from my teammate renbou github.com/trentm/python-…

As promised... this is Loki Command & Control! 🧙‍♂️🔮🪄 Thanks to Dylan Tran for his work done on the project and everyone else on the team for making this release happen! github.com/boku7/Loki

Just made the Wanderer Prep playlist live! It’s designed to help people get started with the Wanderer Pro Lab on Hack The Box (which I created). Even if you don’t plan on playing Wanderer, I’d still recommend checking this playlist out—it highlights a lot of the techniques I’ve

New episode is out! — youtu.be/cHQXlF4p-Ro In episode 130: Justin Gardner is joined by Valentino Massaro, who shares his journey from hacking Minecraft to becoming a Google hunter. He talks us through several bugs, including an HTML Sanitizer bypass and .NET deserialization, and