Bug bounty, feedback, strategy, and alchemy frequently asked for advice, roadmaps, and more, I finally took the time, after 2–3 years of bug bounty, to write down my vision, thoughts and perspective on the subject non-technical, no research this time! zhero-web-sec.github.io/thoughts/bugbo…

Automaticity is necessary for creativity.

back to work with zhero; and a new vulnerability on Next.js that led to CVE-2025-49826 both routers are impacted: app router: framework's cache is directly impacted on ISR pages, regardless of the presence of a CDN pages router: SSR pages only + requires a misconfigured CDN

63 years ago Algeria won its independence and broke free from the chains of colonization at the heavy cost of 1.5 million martyrs a generation that gave its blood and dreams so ours could live in dignity and liberty may Allah have mercy on their souls one single hero,the people

new discovery: cache poisoning on next.js - CVE-2025-49826 indefinite caching of a 204 response, rendering the affected pages inaccessible affected versions: >15.0.4 and <15.2.0 there will be no research paper for this one

This week, Disclosed. #BugBounty Career insights from zhero; & Geluchat, Bug Bounty Village badge & CTF announcements, new tools, XXE & XSS write-ups, and more. Highlights below 🧵

don't hesitate to check out the latest episode of the pod, packed with the usual high-quality discussions and some great reads my latest article "Bug bounty, feedback, strategy, and alchemy" was mentioned along with some great insights/personal takeaways from Rhynorater and Rez0

the trail was right, the hunt was good keep wandering

Gaza is starving.

I'm happy to release a script gadgets wiki inspired by the work of Sebastian Lekies, koto, and Eduardo Vela in their Black Hat USA 2017 talk! 🔥 The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇 gmsgadget.com 1/4

blog.malicious.group/the-quiet-side… This is a living document at the moment, but here it is for now. 😅As mentioned in the paper, if you are a researcher and have questions after reading, just reach out to me and I will answer everything I can.

Writing is thinking

Cybersec has one of the most diverse and helpful communities out there, for sure

In an age of stochastic compressors, be incompressible.

It's important to remember that "technology influencers" can be bad role models. Many encourage people to be "fans of technology" instead of actual developers of technology. Hot takes are easy, writing good code is not.

leaked from yacine’s neuralink chip, man’s imagination is wild

state-of-the-art research, truly outstanding work this was my GTA VI and it didn’t disappoint; massive impact on the web ecosystem, the kind of paper that fuels my motivation