真没想到啊！ 我写了个 Web3 新手基础教程，居然惊动到以太坊基金会的老大 Tomasz Tomasz K. Stańczak 他不仅亲自转推，还关注了我！ 太亲民、太接地气了，这波真的受宠若惊。

【情报】WinServer Update Service远程代码执行漏洞🚨🚨🚨 细节链接：hawktrace.com/blog/CVE-2025-… Exp链接：github.com/jiansiting/CVE… CVE编号为 CVE-2025-59287，WSUS主要用于局域网环境中统一分发和管理 Windows 更新，攻击者可向 WSUS 发送恶意的请求，利用反序列化漏洞在目标系统上执行任意代码🧐

《默克诊疗手册》已改版上线，便于查阅。 msdmanuals.cn 这可能是中文互联网世界最全面、最权威、最体系化的医学资料了。

详细介绍：xiaohu.ai/c/a066c4/soulx… GitHub：github.com/Soul-AILab/Sou…

It’s here, and it's free: Credential Monitoring from ProjectDiscovery! Detect leaked credentials tied to your domains or emails from millions of malware-stealer logs. • My Leaks / Employee / Customer classification • Domain verification + API + CSV/JSON export Start monitoring

Link to the Strix GitHub repo: (don't forget to star 🌟) github.com/usestrix/strix

I created a simple but effective tool that examines and analyzes .js files. 🔗 Project: github.com/ynsmroztas/Ins… #DevTools #Js #JavaScript #bugbountytip #bugbountytips #InfoSec #recon

Want to quickly scan code bases for security vulnerabilities? This AI-backed tool helps you scan for vulnerabilities using Claude AI Agents to scan your entire project for all vulnerability types with support for multiple programming languages! 🤠 Check it out!

Came across an interesting DLL sideloading case today: Normally when Steam\bin\steam_monitor.exe loads up, it will load Steam\crashhandler.dll as part of the loading process. When loading the crashhandler.dll dependency, steam_monitor.exe checks for the path of the tier0_s.dll

📼 All about Virtual Host's in Bug Bounty – Uncover Hidden Web Assets Blog: freecodecamp.org/news/virtual-h… Author: Nairuz Abulhul (freeCodeCamp.org)

最近老罗又锤华与华 刚好看到 Listenhub 出了个 Sildes 功能 让他按照老罗的风格出了个讲解视频，然后去克隆了个老罗的语音 效果太炸了….. 真老罗估计也看不出来是AI帮他喷的吧hhhh 看完感觉： 可以做个《我与罗的十字路口》， 人人都能和罗老师进行激情对谈👀

it is wild that 𝚏𝚝𝚙.𝚎𝚡𝚎 -𝚌 "օ𝚏𝚏𝚜𝚎𝚌-𝚌𝚎𝚛𝚝𝚒𝚏𝚒𝚎𝚍-𝚙𝚛օ𝚏𝚎𝚜𝚜𝚒օ𝚗𝚊𝚕.𝚙𝚗𝚐" actually worked.

try this WAF bypass trick for rsc&&next.js CVE-2025-55182 All fields can use utf16le charset #React2Shell

Not indefinitely, but immediately.😆

🚩 #React2Shell 🌐📡 → Censys (+270K assets): services.http.response.headers: (key: `Vary` and value.headers: `RSC, Next-Router-State-Tree`) → Shodan (+380K assets): "Vary: RSC, Next-Router-State-Tree"

I've developed a professional and technical tool for Next.js (CVE-2025-55182) 🥳 I'm offering this tool, which allows you to perform both bulk and individual scans, as well as testing on live subdomains. github; github.com/ynsmroztas/Nex… #DevTools #python #bugbountytip

Another Pentest, another time the NetExec Veeam module didn't work properly. Sometimes SYSTEM impersonation is needed, sometimes it's flagged by AMSI. You need to know about alternatives. SharpVeeamDecryptor now supports v12 and PostgreSQL Veeam instances 😎

x.com/i/article/2000…

一款主动式AI渗透测试工具：shannon，给它源码+测试网址，它自动把网站黑一遍，然后告诉你它咋黑的 在无提示有源码的XBOW基准中成功率96.15% 开发vibe-coding天天上线，Shannon也可以让每次发版都能“一键红队”

#exploit 1⃣. CVE-2025-31200, CVE-2025-31201: github.com/JGoyd/iOS-Atta… iMessage Zero‑Click RCE Chain 2⃣. CVE-2025-14282: github.com/turistu/odds-n… Dropbear - privilege escalation via Unix domain socket forwarding 3⃣. CVE-2025-66224: github.com/richard-natan/… OrangeHRM RCE 4⃣.