NOV 2024 Department of Defense 🇺🇸 Vulnerability Disclosure Program (#VDP) #Hacker0x01 DoD VDP received a critical severity submission detailing the presence of AWS instances and SMTP server credentials within public configuration files. Read all about it in the #Knowledgebyte.

A huge shoutout to Roy Solberg (Roy Solberg) for closing out the year with an incredible achievement! From RXSS and SSRF to database extractions, your detailed findings have significantly bolstered DoD cybersecurity. Thank you for your dedication and expertise! #InfoSec #DoDVDP

Big thanks to @Grammatic for uncovering critical SQL injection vulnerabilities. Your diligence helps us safeguard our systems and protect sensitive data.  #DIBVDP #CyberSecurity #InfoSec #WebSecurity #EthicalHacking

Dec 2024 Department of Defense 🇺🇸 Defense Industrial Based Vulnerability Disclosure Program #DIBVDP #Hackers reported a vulnerability involving SQL Injection which could have led to dumping sensitive data. Read all about it in the #KnowledgeByte.

DEC 2024 Department of Defense 🇺🇸 Vulnerability Disclosure Program #VDP #Hacker0x01 DoD VDP received a critical severity submission detailing a vulnerability that allowed for the extraction of database contents from a Lotus Domino Server. Read all about it in the #Knowledgebyte.

🚨 Privacy Alert! 🚨 Jared Hrabak (H1 user badlifeguard) uncovered a serious vulnerability in an internal system exposing military members sensitive information. His vigilance is protecting our service members. Thank you for your dedication! #CyberSecurity #DoDSecurity #InfoSec

Huge thanks to かみちゃん for uncovering the critical JWT info disclosure vulnerability! Your dedication to improving web security helps protect us all. This finding highlights the risks that could impact security frameworks. Stay vigilant! 🔐 #DIBVDP #CyberSecurity #EthicalHacking

JAN 2025 Department of Defense 🇺🇸 Vulnerability Disclosure Program (#VDP) #Hacker0x01 #Hackers reported a critical severity in GraphQL API misconfigurations that could allow for unauthorized data modification. Read all about it in the #Knowledgebyte.

JAN 2025 Department of Defense 🇺🇸 Defense Industrial Based Vulnerability Disclosure Program #DIBVDP #Hackers reported a vulnerability involving JWT vulnerability which could have led to exposing sensitive data. Read all about it in the #KnowledgeByte.

Congratulations to Mohamed Aziz Hassine (Aziz) for his outstanding achievement as Researcher of the Year! 🏆 His research on the dangers of chaining IDOR + Stored XSS is crucial for enhancing online security. Keep up the amazing work! #DIBVDP #CyberSecurity #EthicalHacking

2024 Finale: Celebrating Valeriy—our Researcher of the Year! His tireless work uncovering multiple PII leaks has raised the bar in cybersecurity. Your vigilance inspires and strengthens our defenses. Hats off! #ResearcherOfTheYear #CyberSecurity #DoDSecurity

A big shoutout to hussain, our February 2025 Researcher of the Month, for uncovering a misconfigured API endpoint leaking PII. Their efforts play a key role in safeguarding sensitive information and reinforcing DoD cybersecurity. Well deserved! #InfoSec #DoDSecurity

Thank you, @nzhg3i_nzm, for exposing the serious vulnerability of PII and CAC ID being accessible on an unauthenticated page. This kind of oversight opens the door to identity theft, unauthorized access, and privacy breaches. Your vigilance is critical! #DIBVDP #CyberSecurity

FEB 2025 Department of Defense 🇺🇸 Defense Industrial Based Vulnerability Disclosure Program (#DIBVDP) #Hackers reported a vulnerability involving exposed PII which could have led to an advisory obtaining sensitive data. Read all about it in the #KnowledgeByte.

FEB 2025 Department of Defense 🇺🇸 Vulnerability Disclosure Program (#VDP) #Hacker0x01 #Hackers reported a critical severity vulnerability identifying a security misconfiguration discovered in a DoD Salesforce deployment. Read all about it in the #Knowledgebyte.

Huge thanks to farinhando for uncovering critical vulnerabilities in Authentication Bypass via Response Manipulation! These findings highlight serious security risks that need urgent attention. Stay vigilant, update systems, and prioritize cybersecurity! 🔒 #DIBVDP #CyberSecurity

Huge thanks to Jonas Dias Rebelo for identifying an exposed debug file containing a full database dump—with plaintext passwords. A sharp catch that reinforces the importance of secure development practices. Your work is truly appreciated! #CyberSecurity #InfoSec #DoDSecurity

MAR 2025 Department of Defense 🇺🇸 Defense Industrial Based Vulnerability Disclosure Program #DIBVDP #Hackers reported a vulnerability involving Improper Authentication that could lead to unauthorized access and system compromise. Read all about it in the #KnowledgeByte.

MAR 2025 Department of Defense 🇺🇸 Vulnerability Disclosure Program #VDP HackerOne #Hackers reported a high severity submission identifying misconfigured access controls which could have led to disclosure of unauthorized information. Read all about it in the #Knowledgebyte.

Kudos to Himanshu Nautiyal for the responsible disclosure of hardcoded public/private API keys in a JavaScript file — a critical exposure of sensitive credentials. Your vigilance helps keep the web safer! #DIBVDP #CyberSecurity #InfoSec #WebSecurity #EthicalHacking