Hey Bounty Hunter Here are the steps to configure your iOS device with the Burp Suite proxy. 1. Change your burp settings to below. Go to Proxy > Proxy Settings > Select running proxy > Change it to "All Interfaces". 2. Copy the IP address(arrowed one). 3. Later in the

New write-up on the bugs we found in Adobe Experience Manager. Dispatcher bypasses, SSRF, XXE, EL injection — the usual suspects 🦆 enjoy! slcyber.io/assetnote-secu…

Just scored a reward Intigriti, check my profile: app.intigriti.com/profile/jb10 #HackWithIntigriti

I’ve improved my JSMap Inspector tool and added lots of new features! Perfect for exploring, analyzing, and understanding JavaScript source maps effortlessly. 🔍 Check it out on GitHub: github.com/ynsmroztas/JSM… #DevTools #JsMap #bugbountytip #bugbountytips #InfoSec #recon

If you found a package.json file in the wild, you might find some internal packages vulnerable to a dependency confusion attack 👀 Check for it quicker using this cool new tool by JSMon: app.jsmon.sh/tools/npm-vali… 👇

I created a simple but effective tool that examines and analyzes .js files. 🔗 Project: github.com/ynsmroztas/Ins… #DevTools #Js #JavaScript #bugbountytip #bugbountytips #InfoSec #recon

Latest CVEs with their Proof of Concept exploits. GitHub: github.com/0xMarcio/cve

Added a wordlist for path(s) scan on Assetnote React2shell-scanner github.com/orwagodfather/… And now you can use it on a huge list of subs python3 scanner.py -l hosts.txt -t 20 --path-file paths.txt --safe-check -o results.json #bugbountytips #bugbountytip

Big #Bugbountytip / #bugbountytips Google Services Hunting Google services are amazing, and for bug hunters, it's amazing as well. In some cases, you can get some P1-P2-P3 from these services, such as Workspaces / Sheets / Groups / Drives / Etc... In groups: you can access

CVE-2025-32432: Unauthenticated Remote Code Execution in Craft CMS: opswat.com/blog/cve-2025-… #exploitation #cms #vulnerability #cybersecurity #informationsecurity #cve

Recon Smarter: Finding Sensitive Files in Large URL Lists Most bug hunters stop at URLs. Real impact comes from what those URLs expose. This workflow combines: • high-risk file extensions • real-world secret patterns • automated URL discovery Result → fewer URLs, higher

Always delve deeper into your ASN number searches for your goals, sometimes a .zip file changes everything 🥳🌹😊 For Windows IIS fuzzing, I generally use the .../raft-medium-words.txt wordlist. #bugbountytip #bugbountytips #InfoSec #recon YesWeHack ⠵

Hey guys, I just launched argosdns.io - if you are into IT security, bug bounty hunting, red teaming, ... this is interesting for you! argosdns.io

💉 Weekend Read: The SQL Injection Knowledge Base Website: websec.ca/kb/sql_injecti… author: Roberto Salgado #infosec

Claude Bug Bounty Hunter - github.com/shuvonsec/clau… Claude Code skill that turns Claude into your AI bug bounty co-pilot. Point it at any target and Claude maps the attack surface, runs your scanners, validates findings, and writes the HackerOne or Bugcrowd report — all from a

Claude-OSINT — AI-Driven OSINT Framework 🔎 • OSINT skills + methodology (Claude-based) • Structured recon workflows + scripts + examples • Focus: passive intel (no exploitation) • Includes automation, testing, skill modules • Clean methodology for real investigations

Wow Yandex Dork is Very Crazy 🔥🔥🔥🔥🔥 Glad they write to Yandex to remove there index 🚀🚀🚀 Big up Sachin Pandey for the Yandex dork Simple url: yandex-dork.lovable.app 🔥🔥🔥🔥 so insane Yandex Never Fail 🔥🔥🔥🚀🚀🚀

CVE-2026-23870, CVE-2026-44575, CVE-2026-44579, CVE-2026-44574, CVE-2026-44578, CVE-2026-44573, CVE-2026-44581, CVE-2026-44580, CVE-2026-44577, CVE-2026-44576, CVE-2026-44582, CVE-2026-44572 github.com/dwisiswant0/ne…

If the admin panel you targeted has a username enumeration , you can brute-force using a wordlist. This has worked many times for me in this case, the username was "admin" My password wordlists: Basic: raw.githubusercontent.com/danielmiessler… Advance: raw.githubusercontent.com/mrtc0/honeylog… Usernames