Here’s our Apple RCE writeup!

I and Rahul Maini reproduced this latest CVE of Moveit (CVE-2023-36934). This is pretty neat finding, props to original finder.

Amazing article by gmhacker, all you need is discipline and focus. gmhacker.com/why-are-you-no…

The security research team at Assetnote found and reported a critical pre-auth RCE vulnerability to Metabase earlier this month CVE-2023-38646: blog.assetnote.io/2023/07/22/pre… This one was an incredibly fun discovery as there are many roads to RCE through JDBC. We've published details

New writeup: Between March, 2023 and May, 2023 we found multiple critical vulnerabilities in points[.]com the global provider for major airline and hotel rewards programs. Full post is available here: samcurry.net/Points-com/ Work from: shubs Ian Carroll

[NEW-RELEASE] Nuclei Template Editor - AI-powered hub to create, debug, scan, and store templates. Collaborate effortlessly with your team and community. Public signup is open; we're eager to hear your feedback on this early release. - Editor: templates.nuclei.sh - Docs:

Chandrayaan-3 Mission: 'India🇮🇳, I reached my destination and you too!' : Chandrayaan-3 Chandrayaan-3 has successfully soft-landed on the moon 🌖!. Congratulations, India🇮🇳! #Chandrayaan_3 #Ch3

I've made $500k+ from SSRF vulnerabilities. Here are my tricks:

Unbelievable chain of bugs <3 sonarsource.com/blog/code-vuln…

Thanks everyone who attended my keynote presentation at Security BSides Ahmedabad. I've published my slides here: drive.google.com/file/d/1aeNq_5… I hope that the keynote was informative and inspiring :)

This bug is fixed now so sharing a small writeup :) github.com/Sudistark/BB-W…

Check out our new blog post! We hacked into Apple Travel Portal (yes, again!) using a 0-day Remote Code Execution exploit. Part 1 is live now, stay tuned for the follow-up on another RCE worth a total bounty of $40k! blog.projectdiscovery.io/hello-lucee-le…

Binni Shah FWIW, I didn't actually start looking due to the 500ms - I started looking when I saw failing ssh logins (by the usual automated attempts trying random user/password combinations) using a substantial amount of CPU. Only after that I noticed the slower logins.

Kraken Security Update: On June 9 2024, we received a Bug Bounty program alert from a security researcher. No specifics were initially disclosed, but their email claimed to find an “extremely critical” bug that allowed them to artificially inflate their balance on our platform.

new blogpost time!! this one's a fun writeup on a vulnerability chain i found across multiple google services that earned me a $4133.70 bounty lots of fun css as usual! i had to recreate a bunch of drive/docs/gmail/youtube UIs c: have fun! lyra.horse/blog/2024/09/u…

Amazing swags and interesting quiz at Immunefi booth 0xrudra Aman Rawat #hacking #web3

tau at his best 😂

Imagine opening a Discord message and suddenly your computer is hacked. We discovered a bug that made this possible and earned a $5,000 bounty for it. Here's the story and a beginner-friendly deep dive into V8 exploit development. Watch: youtube.com/watch?v=R3SE4V…

A knock to remember by Nitish. He has impressed me right from the 1st Test and his composure and temperament have been on display right through. Today he took it a notch higher to play a crucial innings in this series. Wonderfully and ably supported by Washington Sundar as well. Well

the research paper is out: Next.js and the corrupt middleware: the authorizing artifact result of a collaboration with inzo that led to CVE-2025-29927 (9.1-critical) zhero-web-sec.github.io/research-and-t… enjoy the read!