Want to learn how to hack LLMs? The research team at Ethiack just launched a 5-level CTF. And we’ll be handing prizes to top performers every week, including Caido licenses! 👉 hacktheagent.com

The whitepaper is live! Learn how to win the HTTP desync endgame... and why HTTP/1.1 needs to die: http1mustdie.com

Thanks to HackerOne for the Vulnerability Vibes Event! I was awesome to finally meet many bug hunters in person. Joseph Thacker André Baptista Ciarán Cotter bsysop sw33tLie Brumens Roll4Combat we didn’t get a pick!

Can AI truly be trusted in cybersecurity? With our multi-agent Hackbot and a dedicated Verifier that reviews the AI’s conclusions, we’re aiming for more reliable and transparent ethical hacking. The Verifier adds an extra layer of reasoning that helps catch weak assumptions,

Hackbots can be prone to hallucinations. The AI team at Ethiack was able to achieve a very low false positive rate through a specialized sub-agent known as the verifier. If you are interested about hackbot development👇

In addition - we also worked with André Baptista on updates for REcollapse tool as well! github.com/0xacb/recollap…

i invented the computer open.spotify.com/album/6c9v1GaJ… music.apple.com/us/album/i-inv…

And that's a wrap 🎰 First time with Ethiack at #hackersummercamp This year I didn't participate in any Live Hacking Events, so I pivoted to the OSINT competition from Recon Village. I'm now an uncertified geoguesser📍 It was awesome to see friends, meet new people, and learn

Meet the Guy Who Hacked Google AI (Twice)🚨 We’re thrilled to welcome Roni Carta (aka Lupin) to the stage at #HackAIcon! Co-founder of Lupin & Holmes and an Ethical Hacker with a serious talent for breaking things (for the right reasons), his track record speaks for itself:

What happens after Black Hat and DEF CON? HackAIcon 2025.  We're hosting a conference dedicated to combining AI and ethical hacking in Lisbon! And we have some incredible speakers lined up for you. Early Bird tickets are available! Get your ticket:

How to turn iframes and window.open into weapons for XSS. From origin manipulation to sandbox escape, this paper by huli is stacked with juicy info.  Huli dives deep into the magical world of iframes and window.open and is definitely worth a read!

At long last - Phrack 72 has been released online for your reading pleasure! Check it out: phrack.org

Typical CSS injection often relies on repeated context loading (usually via iframes) to exfiltrate sensitive tokens. I found this tool by مُحمّد that's both fast and works in Chrome and Safari. It can leak tokens with just a single CSS import by leveraging -webkit-cross-fade 🤯

Hack the Agent Week #3 has arrived! The lucky hacker of Week 2 of Hack the Agent is h4ndsh. Congrats on scoring the Free HackAIcon ticket! 🏆 🎙️ This week’s prize is a 3-month Critical Thinker Discord subscription from the Critical Thinking - Bug Bounty Podcast (Critical Thinking - Bug Bounty Podcast)!

Want to win a ticket to HackAICon, Caido licenses or even a Critical Thinking - Bug Bounty Podcast discord subscription?  We're currently running a simple 5-level LLM CTF Challenge, where your goal is to jailbreak your way into a free ticket given by the LLM!  Complete all levels to enter our weekly