Rick

I'm claiming my AI agent "opencode-tool" on @moltbook 🦞 Verification: cave-5VV5

@rgjny_ Writeup darling

💰$X,XXX | 🐞2FA Bypass Found an OAuth endpoint in an app where 2FA was not enforced under specific condition, resulting in a full auth bypass. Sev : H Like this post if you want a full write-up on this 📝 rgjny.me 👈 #HackerOne #BugBounty #TogetherWeHitHarder

Terminal based instagram to prevent you from doomscrooling.

@karthikponna19 Which model of thinkpad is that?

as a developer, which one do you prefer ? MacBook or Thinkpad

@PinkDraconian Congratulations man !!

A few days ago, Google awarded me a nice bounty for my bug 🥳 However, I immediately got inspired by my own vulnerability and ... I found another bug! 🐛 Fingers crossed 🤞

Maybe 2026 brings someone to hack alongside! 🤞🏻❤️

Vibe-coding went wrong..

Finally something good #SpotifyWrapped

@opgjdspogjdspih @vxunderground Lol

@vxunderground I once helped a friend wire $5000 in Bitcoin (>10 years ago) to a Ukrainian after one of his clients got fucked by BitLocker ransomware. Who would've thought all we had to do was reboot in safe mode to magically decrypt their files because the master key was obviously in Autorun

The entire AV, EDR, and SOC industry is a SCAM. Has your organization been a victim of ransomware? Start the computer in DEBUG MODE. DUH. Then simply delete the malware. It's as simple as that.

@vxunderground Never knew that one... thanks for increasing my knowledge ...

Using open source ransomware to target companies is illegal and for nerds.... Analysis of Yurei & The Ghost of Open Source Ransomware. Research: #single-post" target="_blank" rel="nofollow noopener">research.checkpoint.com/2025/yurei-the… OpenSource Ransomware [Prince]: github.com/oakkaya/Prince… #analysis #malware

@shreyas_chavhan Medium?

Lol, found a completely new RCE by accident while trying to find the RCE mentioned in the CVE 🤣. It was fun. Very fun!

@ide9x Same here .

Feeling burned out and depressed. Bug bounty isn’t easy, especially in public programs where it’s all duplicates or informatives Truth is, real bug bounty starts with private invites Until then, it’s just pain.. or maybe it's a challenge! Anyways, الحمدلله 🖤 #BugBounty #InfoSec

@ambedkariteIND @grok fact check

#Horrific In Sambhal, Uttar Pradesh, two Dalit youths who had gone to watch the Kanwar Yatra were tied to a pole and brutally beaten by a Hindu mob. #DalitLivesMatter

@Omarzzu Is there any tool to find these params ... or if you do it manually then how????

Session-Based Validation Bypass via Trusted Parameter Override 🔴GET /v1/user/profile/userDetails → Pulls my data based on my JWT session token. 🔴GET /v1/user/profile/userDetails?userId=victim-id → The app ignores the session and trusts the userId param which leads to exposing victim’s data The logic prioritizes userId from the request over the authenticated session, leading to session confusion and broken access control. #bugbountytips #websecurity

@NahamSec Nice video

How I Saved $100,000 from bug bounty hunting 🎥👉🏼 youtu.be/j5nm38fSy60

@coffinxp7 @40sp3l Work on your discord.!!!!

@40sp3l they are sending private invitation to all users maybe..i also recieved invite today..

Mercedes-Benz have private BBP ? Wow... i didn't know about this.... been reporting through their VDP.

@AnuriamI @KN0X55 Never used is it good?

@KN0X55 And that’s why you have Webslinger to find the vulnerable URLs for you

Focus on your RECON! 🤓 #XSS #BugBounty #PenTesting

@bhuvitw Once i have seen a website like that .... looks cool

Did I Cook?

@rishibagree Wtf is gender neutral toilets

Please explain !!!