⚡ Account Takeover via Password Reset without user interactions 👨🏻‍💻 asterion04 ➟ GitLab 🆘 Critical 💰 $35,000 🔗 hackerone.com/reports/2293343 #bugbounty #bugbountytips #cybersecurity #infosec

I reached level 5 and you?

RT PRA AINDA ESTOU AQUI GANHAR O OSCAR!!!!!!

Foi revelado recentemente que a clonagem de IA foi usada para melhorar a voz de Karla Sofía Gascón, em "Emilia Pérez" E ESSE FILME LEVOU MELHOR CANÇÃO ORIGINAL! #Oscars

🏆 AINDA ESTOU AQUI (I'm Still Here) vence o Oscar de “Melhor Filme Internacional”. #Oscars

É OUROOOOOOOOOOOOOOOOOO 🇧🇷🇧🇷🇧🇷🇧🇷🇧🇷🇧🇷🇧🇷 #Oscars

How to normalize you tweeter feed as a security researcher in the musk era: - Start scrolling - Click / Stop only on security related topics. Don't dare to blink / delay over something else ... No matter what !! - Do this for about an hour

RIP jwt.io

🔥 You can now add TruffleHog to Burp Suite! 🌐 Install it directly from the BApp Store 🔍Scan web traffic for live, verified credentials—active & exploitable Because secrets don’t just leak in code… 😬 Big Thanks to PortSwigger ! 🙌 🔗trufflesecurity.com/blog/introduci…

Paged Out! #6 is out! pagedout.institute Totally free, 80 pages, best issue so far! 'nuff said, enjoy! (please RT to help spread out the news!)

CVE-2025-29805: My latest contribution involved discovering a vulnerability in Outlook for Android that could have allowed attackers to read and write sensitive user data. msrc.microsoft.com/update-guide/e…

Are you a Burp Repeater power user? The latest release introduces a new feature called 'Custom actions'. With these you can quickly build your own repeater features. Here's a few samples I made for you:

🤬🤬

If you want to integrate PugRecon with your tools, you can now use our new API. It's available at pugrecon.com. Also, our subdomains dataset grew and sits currently at 2.5 billion. Lastly, I plan on developing niche features and make them available. More on that soon.

While vendors dismiss the risk of vulnerabilities that require a third-party app to exploit, considering such scenarios unlikely to occur in practice Google bans Google Bans 158,000 Malicious Android App Developer Accounts in 2024 thehackernews.com/2025/01/google…

One of the most interesting things I realized over the years is that the greatness of a #bugbounty program (even at huge companies) is often in the hands of a single passionate employee or at most a few. When they leave, things can quickly become very different

Full-Width Symbols, a useful cheatsheet to bypass WAF by Anton

Você se lembra de quando ingressou no X? Eu me lembro! #MeuAniversárioNoX

first vacation day a bug reported :D

CHAMADA DE ARTIGOS 2025 Mais artigos, novos autores, pwnage e 0days. Com esses objetivos iniciamos a nova Chamada de Artigos 2025 para a segunda edição! Envie seu artigo para : [email protected]