Top Alternatives to Burp Collaborator: Using Interactsh for SSRF Detection and Bug Bounty Hunting medium.com/@hacker_might/… #bugbounty #bugbountytips #bugbountytip

My 20th CVE is live — published by Cybersecurity and Infrastructure Security Agency . CVE-2025-6260: Authentication Bypass in Network Thermostat X-Series WiFi thermostats cisa.gov/news-events/ic… #CVE #CyberSecurity #AuthenticationBypass #IoTSecurity #OTSecurity #InfoSec #CISA

CVE-2025-7742→ Remote Code Execution in LG Innotek LNV5110R Cameras A vulnerability I reported has now been officially published by Cybersecurity and Infrastructure Security Agency Thanks to the CISA coordination team for their support and timely handling cisa.gov/news-events/ic…

Black Hat’s SATCOM talk from 2018 still echoes in 2025. I analyzed Ruben Santamarta’s research, tied it to live data using Censys & Modat , and found exposed systems — still online. #SATCOM #CyberSecurity #OSINT #CVE #infosecurity medium.com/@hacker_might/…

SATCOM Part 2: Digging into VxWorks inside aviation communication and in-flight connectivity. OSINT, banner queries, real exposure mapping. #SATCOM #VxWorks #OSINT #AviationSecurity medium.com/@hacker_might/…

My latest OSINT hunt: I found 170+ industrial data loggers exposed online. No password, full Telnet access. This is a critical risk for operational technology, allowing for data theft and operational disruption. #OTSecurity #Cybersecurity medium.com/p/unauthentica…

I found a no-pass backdoor in 4k+ Dahua CCTV cams via Censys , risking retail, healthcare & mfg. Kudos to Dahua Technology for confirming it's a patched legacy flaw. Full analysis with the discovery query & IOCs is here: #Cybersecurity #ThreatIntel #IoT medium.com/p/how-a-2015-d…

@aliasrobotics has been quiet for a reason: what’s coming next for the world’s most powerful open-source autonomous pentester and is BIG. The upcoming CAI release is a massive leap forward—far beyond 0.5—in speed, cost-efficiency, and real-world capability. Here’s a glimpse of

160+ flood monitoring systems protecting entire communities are wide open online. No password. Just Telnet. A single REBOOT could blind a city during a storm. This isn’t a vendor flaw — it’s a default config issue. #CyberSecurity #IOTA medium.com/@hacker_might/…

kb.cert.org/vuls/id/763183

I just published Hackers Can Control Yamaha MusicCast Sound Systems Remotely — Like Ghosts in Your Speakers medium.com/p/hackers-can-…

I just published When Bootloaders Go Wild: Exposed Broadcom CFE Consoles on the Open Internet medium.com/p/when-bootloa…

I just published Aquarium Chaos: How Broken API Let Me Hijack Smart Fish Tanks Remotely medium.com/p/aquarium-cha…

I just published How OSINT Revealed Publicly Accessible Defense-Grade Dashboards for Unmanned Systems medium.com/p/how-osint-re…

CVE-2025-61945 Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modi… cve.org/CVERecord?id=C…

Dreams do come true ☺️☺️☺️☺️ cisa.gov/news-events/ic…

New #IoTResearch! Found N-day RCE (CVE-2020-28899) in Zyxel 4G Routers' Simple trick = full control. Modat scan: Over 2,646 vulnerable devices globally! Big thanks to Zyxel Networks for transparent disclosure & Modat for scanning power medium.com/p/out-in-the-o…

🚨 New OSINT case study on Medium! We used Modat to expose how critical OT devices in global railway infrastructure are easily found online. "Secure by design" is non-negotiable! medium.com/p/an-osint-cas…

New blog out now. An unusual behaviour in energy systems led to a full review with Cybersecurity and Infrastructure Security Agency & VictronEnergy — revealing user-side modifications, not a product flaw. medium.com/p/superuser-vi… Powered by Modat visibility.

🚨 CVE-2025-9994 Alert! Found a 0-click admin exploit on Amp’ed RF BT-AP 111 Bluetooth AP (no password!). Discovered with Modat . Big thanks to Cybersecurity and Infrastructure Security Agency for CVE assign! Full details: medium.com/@hacker_might/… #CyberSecurity #Vulnerability #Bluetooth #OSINT