🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Today, we are disclosing the details of 4 vulns effecting #Ivanti #EPM which allow an unauth attacker to coerce the machine credential of the EPM server to be used in relay attacks. horizon3.ai/attack-researc… Depending on the environment, compromising the EPM server may be

We've just released Shadow Repeater, for AI-enhanced manual testing. Simply use Burp Repeater as you normally would, and behind the scenes Shadow Repeater will learn from your attacks, try payload permutations, and report any discoveries via Organizer.

JWT Algorithm Confusion and Race Condition Challenge Walkthrough h4ck.run/ctf/jwt-alg-co… #CTF #bugbounty #infosec

Introducing MSFTrecon - MSFTRecon is a reconnaissance tool designed for red teamers and security professionals to map Microsoft 365 and Azure tenant infrastructure. It performs enumeration without requiring authentication, helping identify potential security misconfigurations

Publishing new free tool for bug bounty hunters and IT teams 🎉 crxplorer.com We've built a tool that takes a Chrome Web Store URL as input, fetches the code and manifest file, checks permissions, and reviews them via LLM. Using this, I've found numerous issues in

Just dropped a 🔥 in-depth breakdown of the Facebook OAuth 0-day exploit! Big props to Soufiane el habti for teaming up on this one! 🚀 Security testing just leveled up! 💥 #BugBounty #Meta #infosec sicks3c.github.io/posts/ato-via-…

I am releasing Ollama AI analyzer burp extension. It runs right on your local computer and uses Ollama's AI models to analyze your HTTP requests and response while keeping your data private. github.com/byt3hx/ollama-…

OWASP Noir v0.20.0 is here🥳 Previously Ollama-only, now supporting local LLMs (Ollama, vLLM, LM Studio), online platforms (OpenAI, xAI, GitHub Models), and our OpenAI-style APIs for more endpoints. github.com/owasp-noir/noi… #SAST #Security #DevSecOps #Noir

Semgrep4BurpSuite: burpsuite extension to analyze javascript files using semgrep github.com/TRIKKSS/Semgre…

🚀 Dnsprober v1.0.0 is here! 🎉 A fast, lightweight, and scalable DNS reconnaissance tool with UDP support and TCP fallback. Built for efficiency, concurrency, and reliability. install now: github.com/RevoltSecuriti… #dnsprober #bugbounty #bugbountytips

Read " How I uncover an IDOR led access to Private CV" medium.com/@jeetpal2007/h… #BugBounty #bugbountytips

Checkout systems can get complex... 😓 In our recently rewritten article, we documented 6 different ways to bypass checkout systems and place orders for free! 😎 Read the article on our blog 👇 buff.ly/D8avs1H

🔗 Testing static websites and uncovering hidden security vulnerabilities intigriti.com/researchers/bl…

I have published a tool based on jadx that helps analyze Java applications. github.com/BlackFan/BFScan BFScan generates HTTP requests and OpenAPI specs based on config files and class/method annotations. It also searches strings that look like URIs, paths, or secrets.

We recently looked deeper at the authentication bypass vulnerability in Next.js (CVE-2025-29927) and discovered some intelligent and comprehensive ways to check for the vulnerability. Read more in our blog post: slcyber.io/assetnote-secu…

Exploits often fail because payloads are blocked before they even reach the target ❌ Learn how to disguise your scripts with payload obfuscation techniques such as URL encoding, variable expression assignment and obfuscation in shell environments 👇 yeswehack.com/learn-bug-boun…

Heartbreaking News💔 A massive 7.7 quake devastates Mandalay, Myanmar, and impacts Bangkok, Thailand. A Thread Not for the soft-hearted ⚠️

new paper on a vulnerability discovered in React Router, resulting from a collaboration with inzo that led to CVE-2025-31137; React Router and the Remix'ed path zhero-web-sec.github.io/research-and-t… good reading

If u dont want to modify the apk, just use this method github.com/kaizensecurity…

Just upgraded my bug bounty setup to MacBook Pro M4 Max with 128GB RAM and 4TB SSD.