samael0x𝟜 ☠

🚨 Credited by Oracle in CPU April 2026 Reported a security issue on Oracle infrastructure → responsibly disclosed → fixed by the vendor → publicly acknowledged Proof 👇 oracle.com/security-alert… #halloffame #bugbountytips #oracle

@GodLDeViL07 @intigriti Congratulations 🎊 👏🏽

My first bounty on @intigriti 🥳

🚨 Credited by Oracle in CPU April 2026 Reported a security issue on Oracle infrastructure → responsibly disclosed → fixed by the vendor → publicly acknowledged Proof 👇 oracle.com/security-alert… #halloffame #bugbountytips #oracle

🚨 URGENCY + VIRAL New Critical CVE 🚨 CVE-2026-21643 — Unauthenticated SQL Injection (9.1) Demo + PoC 👇 youtu.be/dpCi0EW3N-s

Quick check: npm list axios If vulnerable → assume full compromise. Fix: • Downgrade immediately • Rotate ALL credentials • Rebuild system from clean image

The real weapon = postinstall script Runs automatically when you do: → npm install No user interaction needed. Payload behavior: • Downloads cross-platform RAT • Executes in ~1.1 sec • Works on Windows / Linux / macOS

🚨 Axios supply chain attack (2026) — this should scare every developer. 100M+ weekly downloads. No exploit. No click. Just npm install… and you're owned. 💀 Attacker took over the maintainer’s npm account. No code vuln. No zero-day. Just account compromise → full access.

Claude code source code has been leaked via a map file in their npm registry! Code: …a8527898604c1bbb12468b1581d95e.r2.dev/src.zip

@3XS0 hey can you tell me more about this ???

🕵️Arab Bug Bounty Hunters🕷️ #SecurityCommunity #TechCommunity #DigitalSecurity #CyberAwareness #TechTrends #DigitalTransformation #OnlineSecurity #InternetSafety #CyberTips #TechUpdates #DailyTech #Geek #TechLife #InnovationHub #FutureOfTech #GlobalTech #TechWorld #SecurityNews

🚨 KNOXSS GIVEAWAY March 2026 ✅ Follow us ✅ Like and share this 🎁 Prize: KNOXSS Pro for 1 Month 🏆 Results: March 6th (3 winners) Want to find some vulns? Get one of our plans and test for #XSS consistently. Sign up now! 😀 knoxss.pro #BugBounty #PenTesting

@IranTimes9 “One stand. Many shadows.” 🔥

🚨 CVE-2026-22200 — Confirmed & Validated [ osTicket Arbitrary File Read ] Manual validation ✔ Root cause analysis ✔ "/etc/hosts" manipulation for controlled testing ✔ 🔗 github.com/samael0x4/CVE-… #CVE #BugBounty #OffensiveSecurity #AppSec #CVE202622200 #nuclei #osTicket

@KN0X55 Excited

Prepare for the 1st GIVEAWAY of 2026! 🤩 Despite the service issues, the lack of true (or fake) testimonials and unprofitable usage of the majority (which is expected)... KNOXSS remains the most smart and comprehensive tool for #XSS with a loyal user base. Stay tuned! 😉

#الحمدالله Successfully worked with a major Enterprise vendor on a Responsible Disclosure. 🐞🔥 Issue resolved. Credit coming in next advisory. Patience is part of the process. 🛡️

🚨 Unauthenticated RCE in WordPress One vulnerable plugin. One request. Full compromise. CVE-2025-13486 Explained + EXPLOITED 👇 youtu.be/B1k1ofH56-w #WordPress #CVE #BugBounty #CyberSecurity #rce

Reflected XSS identified via unsanitized error parameter — mapped to CVE-2020-19282. User input is reflected back without proper sanitization, allowing script execution in the browser. Minimal PoC used. Reported responsibly. Now waiting for Response 🕶️ #RXSS #BugBounty

Blind XSS → Stored XSS → Admin panel execution. User input from a feedback form reached the backend without proper sanitization. Impact validated, sensitive data redacted. #BugBounty #BlindXSS #WebSecurity #InfoSec

We have only one life, if we can't achieve what we desire, then what's the point of living it?

WhatsApp End-to-End Encryption vs. Forensic Extraction Although WhatsApp uses end-to-end encryption to protect messages, calls, and shared media during transmission, this protection only applies while the data is moving between devices. Once the content reaches the device, it is stored unencrypted within WhatsApp’s local databases and media folders. Out of the volumes of content, such as 733,543 WhatsApp messages, along with videos, audios, images, and documents. I was able to get a conversation between my kid sister @ama_Anyemedu in November 11, 2020. The chat preview shows a typical WhatsApp conversation recovered from a mobile forensic extraction. At the top of the chat, WhatsApp displays the standard banner “Messages are now secured with end-to-end encryption.” This banner simply means that when messages are being transmitted between two devices, WhatsApp’s servers cannot read them because they are protected by encryption keys stored only on the users’ devices. However, end-to-end encryption does NOT protect data stored on the device itself. Mobile forensics work by accessing the phone’s internal storage, not by intercepting messages from WhatsApp servers. Once a device is unlocked or decrypted by the lawful extraction process, the tool can read the local WhatsApp databases stored on the device (usually the `msgstore.db` and related SQLite databases). This is why, despite the presence of the "end-to-end encryption" banner, the forensic tool is still able to extract: * Full chat history * Timestamps * Participants * Message contents * Attachments * Deleted messages (if still recoverable in the database) End-to-end encryption protects data in transit, not data *at rest* on the device. Forensic tools exploit lawful access to the device’s decrypted file system, enabling them to parse and display the stored WhatsApp database, which is why you can see the complete message timeline, content, and timestamps on the right side.