Hrithik Mishra

Our Security Research team at @SLCyberSec just published a high-fidelity detection mechanism for the Next.js/RSC RCE (CVE-2025-55182 & CVE-2025-66478) - slcyber.io/research-cente…. There are a lot of PoCs on GitHub that are adding noise to the problem; I hope this helps people!

@_naaash_ @amazon @H4cktus @jayesh25 @itz_mg_ Congrats

Just wrapped up an amazing IPC with @amazon in Amsterdam! 🇳🇱🚀 Our team - @H4cktus, @jayesh25, @itz_mg_ & I - came 1st on the leaderboard, finding ~80 vulnerabilities from medium to critical 💪 Also grabbed some bonus awards: 🏆 Most critical issues on an asset 💥 Most impactful bug on an asset 🎤 Show & Tell Big thanks to @Hacker0x01 & the organizers for an awesome event! 🙌

@Ganofins @Hacker0x01 Congrats

🚀 Finally joined the 10K club on @Hacker0x01! After 5 years of bug bounty hunting, I’ve crossed 10,000 reputation 🎉 Some stats along the way: Total reports: 784 Resolved: 235 Triaged: 114 PPR: 5 New: 8 Duplicate: 171 Informative: 232 N/A: 19 #BugBounty #hackerone

@VendBugBounty @Hacker0x01 Can I get invitation: hrithikbot@wearehackerone.com

Happy to have re-launched our program on @Hacker0x01 last week! Let's squash them bugs!

🔍 We're entering a new era of vulnerability discovery, where AI and human ingenuity come together to unlock new possibilities. Over the past five months, AI hasn’t replaced researchers—it’s amplified them. Together, we’re achieving new levels of speed, scale, and precision in offensive security. With these changes, HackerOne is reshaping how collaboration drives impact in security testing. 📽️ Hear from our co-founder Michiel Prins on what this means for the future of our platform and our community. 🔗 Read Michiel's blog for more: lnkd.in/eheCvBDj #OffensiveSecurity #AIinCybersecurity #togetherwehitharder #AI #cybersecurity

@_naaash_ @jayesh25 @Hacker0x01 @salesforce Congrats

Wrapped up #h16102 teaming up with @jayesh25 — not our best run, but still managed to land 3️⃣ Critical and 2️⃣ High severity bugs, and picked up the 🏆 bonus for Most Impactful Bug on one of the targets. Huge thanks to @Hacker0x01 and @salesforce 🔥

@jobertabma @NahamSec @stokfredrik @Hacker0x01 hrithikbot

Hey hackers! We're running a beta for Hai for Hackers, our AI security agent. If you're interested, please reply with your HackerOne username (we will probably limit to ~100 hackers for now). After it's been enabled, you can start using it by clicking the Hai button in the top right corner of the app. It’s free to use (with a limited daily budget for now). It is like any other AI you’ve interacted with, with the added benefit that it has access to a whole bunch of HackerOne data, like reports and programs. We’re shipping improvements to Hai almost every day. Here are some neat use cases: - “take all the learnings from STÖK, jhaddix, and nahamsec's recon strategy and build one for me!” - “write a python script for a typical recon process” - “i need an XSS payload that doesn’t use single or double quotes” - “my XXE payload doesn't call back to my server, what could go wrong?” - “write a response for report #133337” The beta also comes with Hai Plays for you, which allows you to build your own security agents in HackerOne. You can create them at hackerone.com/settings/hai_p…. Some of the cool use cases we’ve seen so far are: - write reports with minimal input from you (efficiency++!) - convert reports into blogposts with a single prompt - AI mentor to give feedback about your communication and increase the likelihood of a reward In the background we’ve been working on agentic behavior, which we expect will soon come to Hai for Hackers as well. These AI agents can act like your hacking buddy and hack alongside you. We’ll keep you in the loop on our progress.

🎉 Hyped for #NahamCon2025! ✨ Day 1: Full AI x Offensive Security track with @jhaddix, @rez0__ , @DanielMiessler,@wunderwuzzi23, @monkehack, @xssdoctor. Details: NahamCon.com #InfoSec #bugbounty #CyberSecurity

We're excited to announce a brand new format for #NahamCon2025! This year features 2 specialized tracks across 2 days: Day 1 focuses entirely on Hacking AI/Hacking with AI, while Day 2 delivers our signature main track. Kicking of Day 1 with @rez0__ and @Jhaddix!

@_jensec @Hacker0x01 Congrats

See you in Sydney #h16102🚀 Thanks @Hacker0x01

@05__Yash @Hacker0x01 Congratulations

April 15th, 2021 —> First ever bounty received on @Hacker0x01 April 23rd, 2025 —> Reached all-time top 100 hackers on @Hacker0x01 Glad to be a part of cybersecurity 🫡 #bugbounty #cybersecurity #hackerone

Just got a reward for a vulnerability submitted on @yeswehack -- Improper Access Control - Generic (CWE-284). #YesWeRHackers

@sudhanshur705 @Hacker0x01 Congratulations

Completed 5k reputation on @Hacker0x01 , slow and steady !! Thankyou so much hackerone for everything🩷

Just scored a reward @intigriti, check my profile: app.intigriti.com/profile/hrithi… #HackWithIntigriti

Last month, our Security Research team discovered and disclosed a critical pre-authentication RCE in CraftCMS (CVE-2024-56145). You can read our blog post on the issue here: assetnote.io/resources/rese…

🦢 Proud to have submitted 317 vulnerability reports in 2024! From critical web security findings to exploring AI security, every report helps make the internet safer. Special thanks to @Hacker0x01 for providing the platform to make this impact! 🛡️ #HackerOne #BugBounty

A 12,600$ Bounty and a Software Supply Chain Attack that could have impacted millions 🤯 Let me share you those 2 stories in this article ! 🤟 Link in the thread 🧵

@05__Yash @Hacker0x01 Congrats

Crossed 10000 reputation points on @Hacker0x01, gaining 8013 reps in last 365 days. Also reached all time top 170 hackers on @Hacker0x01 Next target - Reach all time top 100 on @Hacker0x01 without disturbing my personal life and as chill as possible like before. #bugbounty #cybersecurity #achievement

@itz_mg_ @Hacker0x01 Congratulations

Wrapped up #h10131 by @Hacker0x01 and barely making into the top 10 on Amazon Retail! xD Huge thanks to the Amazon team for inviting me! Though I couldn’t join onsite, it was an awesome experience hacking with all the elite hackers. Already looking forward to the next one! :p

New writeup from @_specters_ and I: we're finally allowed to disclose a vulnerability reported to Kia which would've allowed an attacker to remotely control almost all vehicles made after 2013 using only the license plate. Full disclosure: samcurry.net/hacking-kia