Read new write-up : Mini CP DoS. #bugbountytip #BugBounty exploit5lovers.medium.com/interesting-pr…

It turns out the fix for this was the filter now remove the valid HTML tags, however I found a simple bypass if the tag is invalid it's not removed. So <\img src onerror=alert()> bypasses this filter. However the user needs to remove the \ from the payload x.com/_xploiterr/sta…

Nice catch!🥳

Auth bypass gave access to an internal AI chatbot and exposed sensitive internal data 🔥 with mhmd berro (badcracker) #BugBounty

Yay, I and xerxes were awarded a $500 bounty on HackerOne! hackerone.com/xlsize0bruh #TogetherWeHitHarder

Day 10 - #21DayHackingChallenge Today I found 1 valid bug and submitted the remaining pending reports. Progress may be slow sometimes, but consistency matters more than speed. Learning every day, improving recon and report quality. On to Day 11 #Hacking #BugHunting

Today, triaged 2 bug :> #bugbounty #hackerone

Triaged ;)

Alhamdulillah, Second last bounty of this year. In the last two months I tried to focus on quality not quantity. And yes! I’ll definitely share tips with all of you, though I am not an expert. #BugBounty #hackerone

Just got a reward for a high vulnerability submitted on YesWeHack ⠵ -- Improper Authentication - Generic (CWE-287). yeswehack.com/hunters/mrzhee… #YesWeRHackers #BugBounty #vulnerability #hacker #hackers

Today its raining bounties 🤑😅 I just got rewarded 1200$ 💲 from HackerOne

I’ve just published a write-up 👇 One endpoint, one bug, full root access. A real-world LFI → RCE case study with a $2,500 bounty. 👇 medium.com/@Af4himi/how-a… #bugbountytips #bugbounty #bugbountytip

First report of 2026 🥳🥰🌹 Sometimes services behave as if they have authentication, it's just a matter of how it's added. For those in JSON format, definitely try this: "--headers="Content-Type: application/json\nAuthorization: Bearer [TOKEN_HERE]" \" payload ;

Hackers exploited Zero-click vulnerability in Samsung S25 Ultra under 1 min Pwn20wn 2025 hacking Contest and earned $100,000 💀

Found a critical 0-click ATO in thirdparty.target.com Instead of reporting to the VDP, I'm considering reporting directly to the third-party service. No idea if they have a program or pay, but worth the shot since the VDP offers $0. #BugBounty #hackerone #idor #sqlinjection

Day TWO of FIVE days of celebrating our 2 year ARCANUM-VERSARY! Arcanum Information Security 3rd Giveaway = FOUR seats to our new course by the_IDORminator "Zero to [BAC] Hero" ! 👍 1 Like = 1 Entry! ♻️ 1 Share = 2 Entries! Winners announced 1/21! Syllabus link below 👇

Yeay, I was awarded for a valid submission on HackenProof hackenproof.com #hackenproofed #bugbounty

From least privilege to organization takeover :)