Novran.

Account Takeover through XSS on websites is nothing new. But does the same attack vector exist on Android? This was one of the most complex findings we came across in 2025. flawseekr.com/xss-in-android…

Just organizing some notes, other write-ups are in progress. Hope it's helpful. flawseekr.com/turning-html-i…

@Masonhck3571 Thank you man!

@xchopath Great job!

I am actually taking a break, but out of nowhere, an old report got paid "again." Alhamdulillah.

@fteagleeye1 Thank you brother.

@xchopath Mah Sha Allah, congrats

@MAbdullah78619 Thank you!

@xchopath Many congrats 👏🏼👏🏼

@devmuzzaiyyan Thank you!

@xchopath Congratulations

@LocalHost31337 That's pretty new for me mas, thanks for the reference.

@xchopath Kalau dibandingin sama yang ini, yang JavaScript bookmarklets: handy, quick recon tools. lebih banyak ngeluarin endpoint yang mana mas? yeswehack.com/learn-bug-boun…

Quick track Next.js target front-end endpoints using browser devtool, maybe some are missing from your HTTP history. window.__BUILD_MANIFEST

“Curse of knowledge” is real 🫠

@ramizwebti Action Bias, being too focused on finding bugs instead of learning how the app works. Also tends to switch programs too often.

@xchopath @xchopath, you're right about this. what patterns are you seeing come up the most?

Once, a friend told me, "If you know how to hack but still struggle with dupes or informatives, stop asking for technical advice, start asking for psychological advice instead." Now, my ChatGPT is basically my personal psychiatrist 😂

@wearehackerone Lol

@xchopath lmao personal psychiatrist always giving tips to live better

@OriginalSicksec Was* 😅

@xchopath Someone is hacking grab 👌

For a naturally lazy and moody person, this felt like a significant achievement, lol 😂

@wearehackerone It's pretty normal to be a young dad in my country, lol.

@xchopath bro I am also in 20s but not married I saw your bio

💯 When I was a teenager about 6 years ago, it hit me hard... made me quit hunting, and now, in the middle of this year, I'm starting again from zero. Just enjoy your hundred rejections/duplicates/informative. But don't stop.

@wearehackerone Thanks man! 20s 😅

@xchopath welcome back how old are you now

@amansmughal Thanks man! But I still don't have much experience, gotta put in more grind.

@xchopath Your findings are cool.

@get_root1 @Troll_13 Lol, but healing takes time. My friend once said, "Don't fall in love with one finding. Submit it, report it, and move on."

@xchopath @Troll_13 You’re a good person to forget this. I would hold it as a grudge for so long and never hunt there 😭( not good I know!). Good on restarting thought!

@Troll_13 It was in scope, but suddenly oos. But forget it, it was 6 years ago.

@xchopath seems when you reported it was in scope..no? weird triage said to self close