🚨 Google told devs: API keys aren't secrets. Gemini changed that. 😱 We found ~3,000 public keys silently authenticating to Gemini - exposing private files, cached data & charging for LLM usage 💥Even Google's own keys were vulnerable. 🔗 trufflesecurity.com/blog/google-ap…

Are you still searching for your first valid vulnerability? Q2 is just around the corner! It's time to lock in! 🫡 Join us in #BugQuest! Starting today, we'll share bug bounty tips, techniques, and resources that anyone can use to find Broken Access Control (BAC)

We finally had dawgyg - WoH on the pod to talk about his origin story, recent Chrome research and how he optimises his AI workflow, his famous 180K payout on Yahoo and a LOT more. This is an episode we know a lot of people have been looking forward to, check it out!

It's always great to catch up with Justin Gardner <3

Here's how to deliver reflected XSS through a HTTP request smuggling vulnerability! 👇 Try this Practitioner lab now: portswigger.net/web-security/r…

Overcoming public speaking fears? Toastmasters is your secret weapon. Recording yourself on video revealed you *don't* look as nervous as you feel. Practice speaking, refine your delivery, and build unshakeable confidence. #PublicSpeaking #Toastmasters

Alright, I've stayed away from the Mythos stuff for a little bit. Going to comment on that, but AI as a whole. First, this AI industry is absolutely insane. I feel like I'm back in the 90s/2000s with innovation, but it's not tempered or methodical - it's pure chaos. Everyday

AI is giving every CEO the same advice

I've begun working on a long overdue follow up to the post I get the most questions about, specifically, how I use obsidian to manage my entire career. A lot has changed since 2023 and it's now more useful than ever. This will be a long one worth your time

Me in 6 months

Happy to share that my first CVE is now public: CVE-2026-5189 This allowed an attacker to gain unauthorized read/write access to the internal database and execute arbitrary OS commands. 🔗 Public Advisory: support.sonatype.com/hc/en-us/artic… #bugbounty

I've discovered CVE-2026-32173 by steering a single agent The vuln: you could listen to anyone's AI chat stream on Azure SRE agent. Including LLM thinking, commands, tools. The auth check was there, but at the wrong place. Patched. Critical, Information Disclosure. $20k bounty

The distance between your dreams and reality is called action. #DailyMotivation #inspiration #motivation #bestadvice #lifelessons #changeyourmindset

The best career move I ever made was abandoning traditional employment and doing my own thing! The "safe" path is not that safe in the long run!

Day in the life of a solopreneur who makes $77k per month:

Meet the Burp Ambassadors: Rana Khalil 🇵🇸 🌍 Rana Khalil is a security educator and founder of Rana Khalil’s Academy. Her mission: make web app testing accessible to more people. #BurpAmbassador #BurpSuite

cPanel fixed A critical authentication Bypass 🧐 no CVE yet lnkd.in/d5En73Zd

i'm taking a pause from hacking to resume building bugbountyhunter.com. i regret closing it down and I shouldn't of done it. everything will be back online EXACTLY as it was very soon and i've got some big plans for the future. and yes, that includes zseano methodology v2 ;)

Ever wondered how to hide your most sensitive data in plain sight? 🕵️‍♂️ One file, two different volumes, two different passwords!  Learn how to create a hidden VeraCrypt volume, a "secret room" inside an encrypted container that only appears if you use a specific password! 🔐

Learning Code Review? Master THIS