Today bugcrowd released v1.12 of the Vulnerability Rating Taxonomy. The new additions include my entries for AI application security and LLMs based on the OWASP® Foundation Top 10 for LLMs. Check it out I'd love for you to see what we've been working on 👇 bugcrowd.com/press-release/…

🚨 Hold on tight, we have BIG NEWS! As the leader in crowdsourced security, we're eager to announce the acquisition of Informer! 🎉 This game-changing merger boosts our AI-driven security solutions globally. Seamless asset discovery and continuous penetration testing—all in

You've found a GraphQL target... But you don't have much time to test your target for every vulnerability... 😴 Here are 4 tools you can easily use to find over 5+ vulnerabilities in GraphQL APIs! 🤑 A thread! 👇

Our security researcher hashkitten found one of the most critical exploit chains in the history of Assetnote. Affecting 40k+ instances of ServiceNow, we could execute arbitrary code, access all data without authentication. You can read our blog here: assetnote.io/resources/rese…

Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! blog.orange.tw/2024/08/confus… Highlights include: ⚡ Escaping from DocumentRoot to System Root ⚡ Bypassing built-in ACL/Auth with just a '?' ⚡ Turning XSS into RCE with legacy code

IP whitelisting is fundamentally broken. At Assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: github.com/assetnote/newt…

How ssh got port 22 assigned!!

Ever stumbled on an AEM box and thought “ok… now what?” 😏 We dropped hopgoblin — new research + tool XXE, SSRF, XSS & more (CVE-2025-54251, -54249, -54252, -54250/47/48/46). 👀 time for some crits eh? 👉 github.com/assetnote/hopg…

Interested in Spring Boot Actuators in the context of bug bounty hunting? I wrote something - nothing new - just some insights ;) Article: dsecured.com/en/articles/sp… Retweet appreciated! Dont expect 0days or some fancy magic.

Introducing ipa.zip, offering on-demand static analysis for publicly available App Store iOS apps. We scan for endpoints, secrets, tech stack, and more to uncover potential vulnerabilities. Opening to the first ~100 signups. Try it now, it's FREE!

Claude Code 2.1.63 dropped with a new built-in command: /simplify It reviews your changed code for three things: - Reuse opportunities (duplicated logic, extractable patterns) - Code quality (readability, naming, structure) - Efficiency (unnecessary complexity, redundant

built an extension called - OnlyAds a chrome extension which hides everything in a website except ads

Obsidian CLI. One setting that gives your AI agent hands. Go to Settings -> General -> scroll to the bottom -> find Command line -> enable it. That's the entire setup. > Two ways to use it: For manual control: open your terminal, type Obsidian Help. You'll see every available

I trained a 3.5M param LLM from scratch that only knows how to be a cat 😹. Check it here: github.com/phanii9/MeowLLM

Introducing Project Glasswing: an urgent initiative to help secure the world’s most critical software. It’s powered by our newest frontier model, Claude Mythos Preview, which can find software vulnerabilities better than all but the most skilled humans. anthropic.com/glasswing

Introducing Muse Spark, the first in the Muse family of models developed by Meta Superintelligence Labs. Muse Spark is a natively multimodal reasoning model with support for tool-use, visual chain of thought, and multi-agent orchestration. Muse Spark is available today at

Stop telling ChatGPT "Write me an email" Stop telling ChatGPT "Write me an email" Stop telling ChatGPT "Write me an email" Bad request = Bad result Use this one weird trick instead and you'll see the magic:

Give it a try with your own custom agents levelupctf.com/challenges