Looking for payloads to bypass weak URL validations? Check out the new PortSwigger URL validation bypass cheat sheet! It contains payloads to help you exploit SSRFs, CORS misconfigurations, open URL redirects and more! 🤑 🔗 👇 buff.ly/4ja2KYs

🚨BREAKING: Google will soon install an app called #AndroidSystemSafetyCore They say it's a "safety measure" to protect your #privacy, but in fact it's client-side scanning. Yet, we all know that client-side scanning is bad: tuta.com/blog/eu-client… Deinstall the app #Android:

Remember what I told you? I used that method and snagged this bounty a few days ago 😉 #BugBounty #bugbountytips #infosec

When you're diving into fuzzing files, start off with .html and .js. Trust me! 😉 my experience shows this approach gives you the best shot at landing that bounty! #FuzzingTips #BugBounty #bugbountytips #infosec

North Korean cyber actors have stolen approximately $1.5 billion in Ethereum from Bybit—a cryptocurrency exchange—and are dispersing the stolen assets across addresses on multiple blockchains. The FBI recommends blocking transactions with these addresses: ic3.gov/PSA/2025/PSA25…

The security research team at Assetnote reported a critical pre-auth RCE vulnerability affecting Sitecore XP 10.4 late last year. We continue to protect our customers from 0day vulnerabilities long before patches arrive. Read the blog here: slcyber.io/blog/sitecore-…

4 Ways to bypass checkout systems in e-commerce targets! 🤑 A thread! 🧵 👇

I execute this command regularly to eliminate domains linked with a particular nameserver. You can modify this command according to your specific requirements. Replace "markmonitor.com" with your target NS . #Bash #bugbounty #infosec #bugbountytips

Using common crawl for hacking is genius! Here's a small snippet from the latest Critical Thinking - Bug Bounty Podcast episode about what Truffle Security did to find 12,000 live api keys and secrets.

Common Security Issues in Financially-Oriented Web Applications by Soroush Dalili is a guideline for pentesters (& bug bounty hunters) to test checkout and payment systems in all sorts of targets! 😎 🔗 soroush.me/downloadable/c…

🤯 Full-time bug hunters, check this out! I built this powerful Nginx Server Status Telegram Bot in under 5 minutes using Cursor! 🚀 It actively monitors Nginx status pages (even ZIP compressed files!), searching for your specified URL patterns and sending instant Telegram alerts

Creating custom wordlists with GAP Burp Suite extension by / XNL -н4cĸ3r (and @xnl-h4ck3r in the new Sky)! 👇 🔗 🛠️ buff.ly/zYYbJ1l

10 OSINT search engines for bug bounty hunters 👇 🪲 hunter.io 🐛 intelx.io 🐞 shodan.io 🐜 censys.com 🪳 crt.sh 🦟 virustotal.com 🕷️ zoomeye.ai 🪲 nerdydata.com 🐛

Shame on HackerOne Please like and retweet Previously, this platform demonstrated racial discrimination when it blocked all researchers in Russia. And today it's back to do that with the The Arab community and Muslims in particular I got a full-time ban on H1 me H4x0r.DZ &

To kick off our Christmas and July research posts, we explain how we achieved persistent XSS on every Adobe Experience Manager Cloud instance, not twice, but thrice! This is now patched across all of AEM cloud, but what an interesting attack surface! slcyber.io/assetnote-secu…