In August, watchTowr Labs hijacked parts of the global .mobi TLD - and went on to discover the mayhem that we could cause. Enjoy.... labs.watchtowr.com/we-spent-20-to…

When burp after 20-30k requests [Extensions Loaded] forces you to buy this ☠️

I recently started using Warp to replace my traditional terminal. The best part is the AI integration, which is incredibly helpful for getting commands on the fly! Other features include creating custom workflows, themes, a fantastic UI, and more. app.warp.dev/referral/X5XY8R

I've just released HTTP Request Smuggler 2.17 which fixes a nasty Client-Side Desync false-negative. Big thanks to Thomas Stacey for reporting it! Hope you all find some nice CSDs in 2025 :)

During my year-end vacation, I reported a vulnerability to Apple that allowed brute-forcing of app-specific accounts. Read my blog for more details - blog.agilehunt.com/blogs/security… #CyberSecurity #AppleID #Vulnerability #BruteForce #2FA #infosec

very pleased to announce the release of my new article based on my research that led to CVE-2024-46982 titled: Next.js, cache, and chains: the stale elixir zhero-web-sec.github.io/research-and-t… note: does not cover the latest findings shared in my recent posts enjoy reading;

[$55000](CVE-2024-8904)[365376497][wasm][jspi] 😅Add regression test chromium.googlesource.com/v8/v8/+/208862…

This is a great infoleak exploit chain targeting YouTube by skull. Love the use of a DoS flaw to make the attack stealthier! brutecat.com/articles/leaki…

while waiting for the big article to come (soon), I share with you a small article concerning a small research which led to a simple CP-DoS on Nuxt Nuxt, show me your payload - a basic CP DoS resulting in CVE-2025-27415, good reading zhero-web-sec.github.io/research-and-t…

I have published a tool based on jadx that helps analyze Java applications. github.com/BlackFan/BFScan BFScan generates HTTP requests and OpenAPI specs based on config files and class/method annotations. It also searches strings that look like URIs, paths, or secrets.

URL validation holding you back? Don't stress, we've got your back! Our URL Validation Bypass Cheat Sheet has 200+ Payloads for all occasions! Check it out: portswigger.net/web-security/s… #burpsuite #hacking #bugbounty #pentesting #cybersecurity

Nginx/Apache Path Confusion to Auth Bypass in PAN-OS (CVE-2025-0108) #CVE-2025-0108 #PANOS #AuthBypass #NginxApache #SearchlightCyber slcyber.io/blog/nginx-apa…

The Most Advanced Client-Side Prototype Pollution Scanner Credit URL: github.com/edoardottt/pph…

Advanced Bug Bounty One-Liners 1.Recon Pipeline: Automates subdomain discovery, port scanning, and vulnerability detection: subfinder -d target.com -all | anew subs.txt; shuffledns -d target.com -r resolvers.txt -w wordlist.txt | anew subs.txt; dnsx -l

Urx (short for "Extracts URLs") is a Rust-based tool I built to collect URLs from various OSINT archives. Inspired by Gau, it’s designed with the features I needed. I’d love to hear your ideas for improvements! Feel free to share them via GitHub issues or leave a comment

autogdb.io exploits a heap use-after-free

Have you ever come across Flutter APKs and wondered how to intercept their network requests? reFlutter by PT SWARM is a game-changer for mobile bug hunters! 📱 reFlutter works by replacing the original Flutter engine in the APK with a modified one, allowing real-time

My friend made a very interesting disclosure while searching for vulnerabilities. I personally couldn't believe it when I saw that he was able to make Self-XSS in a Ruby on rails application to RCE. Deserves time to read 👇 medium.com/@handball10/fr…

Just learned a neat way of hiding file within favicon (.ico). You can manipulate the dual directory entry structure and smuggle any file type in it. Here is a quick raw script I put together for testing.(github.com/RootUp/Persona…) #infosec #redteam

I think many people are familiar with the topic of blind CSS exfiltration, especially after the post by Gareth Heyes \u2028 However, an important update has occurred since then, which I wrote below ->