Somehow AI agents made social engineering in scope...

🙂‍↕️🙂‍↕️

🔥Blog post is up! How extensions could exploit JS bindings to use webRequestBlocking prior to Chrome 118: 0x44.xyz/blog/web-reque…

New: Repeater Strike Written by Gareth Heyes \u2028, powered by Burp AI! Scale IDOR & fuzzing like never before: 🤖 Auto-build regex rules with AI 📊 Scan proxy history for similar bugs 🛠️ Save, edit, and re-run rules easily #BurpAI

New blog post is up: How I leaked the IP addresses of Brave's Tor window and Chrome VPN extension users--plus, a new Popunder technique and connect-src CSP directive bypass. Read more @ 0x999.net/blog/leaking-i…

We are super excited to share that we acquired the Shift Plugin (shiftplugin.com) and we are making it free to Caido paid users 🚀 Shift is a Caido plugin that is a smart AI companion for your hacking. It can craft payloads, Match&Replace rules, HTTPQL queries and much

Exciting announcement - our (cc Joseph Thacker) plugin Shift was acquired by Caido! Aaand they've made it free. ^_^ thanks Caido Now, natural language HTTP modification, AI-powered Replay tab renaming, and much more are available to all. Check the vid below for features.

Bug bounties in the cloud.

The Schedule is Live! Check out the lineup of talks, workshops, panel discussions, and hands-on activities happening at Adversary Village at DEF CON 33! Schedule: adversaryvillage.org/adversary-even… Mark your calendars - we can't wait to see you all at DEF CON! #AdversaryVillage #DEFCON33

After building multiple AI agents in production, I'm convinced 90% of current approaches are fundamentally broken, Most companies are building expensive chatbots and calling them "agents." Here's what actually works (and what doesn't): utkarshkanwat.com/writing/bettin…

Reverse engineering Ecovacs vacuum and lawn mowing robots and using Bluetooth RCE to turn them into moving webcams. 👩🏽‍🦯💥👁️🥷 More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/reverse-engi…

💣 Google Drive Auth Bypass: How View-Only Folder Sharing Leaked Google Form Responses ($5000 Bug) more information: discord.com/invite/h6dKuEt… medium.com/bugbountywrite…

adnanthekhan.com/posts/cloud-bu…

Can you execute arbitrary Python code from only a comment? This was the premise of a recent CTF challenge, which I solved after diving into the CPython source code with the help of Hacktron AI (after a long night chasing a dead end, customising a few Hacktron agents helped me to

In this session at #NullconBerlin2025, intrigus will use formal verification (read: bug-finding with mathematical superpowers 🧠✨) to crack open V8’s Turboshaft JIT engine. Know More: nullcon.net/berlin-2025/sp… #V8Engine #FormalVerification #JSTalks #SecurityResearch

Hacktron is the first company to be backed by Project Europe, and we're incredibly excited to be part of the it's cohort. From the day we met the Project Europe and 20VC Fund team, we knew that they were the kind of people we wanted on our side. We had an oversubscribed

😵

I admire so much how chompie is not only an incredibly intelligent researcher but also such a kind and warm friend I’m truly grateful for. Congrats on Phrack Zine’s 40th anniversary!! #defcon33

Thanks PortSwigger and Bug Bounty Village for this awesome event — and also to my DEVCORE buddies for standing on stage to collect the trophy for me! A little follow-up article on this research is coming soon... stay tuned! 🤘

If you've been keeping track on the Big Sleep bug tracker at goo.gle/bigsleep you might have noticed it lists more bugs now compared to last week. Including a "High impact issue in V8" :)