yso

💰 Just 10 public bug bounty reports paid researchers $26,075,042 - all in Web3/DeFi. These are some of the biggest public bounty payouts ever. We're collecting them - and hundreds more - at VulnIndex, now live: vulnindex.ys0.dev 1/6 #BugBounty #DeFi #AppSec #hacking

@alisaesage Just go ahead. Give us a series of tweets with your opinion on this situation

Actual zero day vulnerability researcher and exploit developer here. Top-of-the-field skills across Browser full-chain, hypervisor VM escape, OS kernel and baseband on record since before AI existed. And a proud solo owner of a zero day intelligence company. Anthropic just dropped the mic on my industry. Where do I begin…………

The most sad thing in #bugbounty is when management changes, bounties decrease and inconsistency in the payouts (if any) are present again. Why, just why would you sacrifice your asset?

Or repeat them if you re a bug bounty hunter or pentester (on authorized targets of course)

"It's internal, we're fine" is how you get breached. I just used a simple SSRF + OpenAPI hints to elevate privileges and leak a customer DB. Your internal documentation shouldn't be a roadmap for attackers. Don't repeat mistakes of others P.s. bb subm #BugBounty #AppSec #infosec

@damian_89_ github.com/swisscom/bugbo…

Is there a public github repo with bug bounty programs that are self hosted (except Salesforce, FB, MS, Apple, ...)?

@damian_89_ PMs are closed

And let me know what you think via PM (or maybe I missed something you want to add to the article, feel free)

Interested in Spring Boot Actuators in the context of bug bounty hunting? I wrote something - nothing new - just some insights ;) Article: dsecured.com/en/articles/sp… Retweet appreciated! Dont expect 0days or some fancy magic.

@AnmolSecSavvy I am away on vacation, and I think there is a bug somewhere in the representation. Will fix it and then let you know

@0a_yso Hii, Why this is showing like this?

💰 Just 10 public bug bounty reports paid researchers $26,075,042 - all in Web3/DeFi. These are some of the biggest public bounty payouts ever. We're collecting them - and hundreds more - at VulnIndex, now live: vulnindex.ys0.dev 1/6 #BugBounty #DeFi #AppSec #hacking

Oh wow, I just found out that @TechCrunch reported on a vulnerability 2 days after I discovered and reported. Despite that @OpenAI rejected me a bounty 🫠 techcrunch.com/2025/04/18/cha… blog.ys0.dev/p/thoughts-tha… #bugbounty

@0x0SojalSec What kind of nonsense did I just read? Please prove me wrong

(LLM injection) Bypass payment in Chat GPT - @VulnRAM/llm-injection-bypass-payment-in-chat-gpt-34b194d1210a" target="_blank" rel="nofollow noopener">medium.com/@VulnRAM/llm-i…

@Magn4_ x.com/0a_yso/status/…

@0a_yso Access, and i loooove the initiative. Great work 🙌🙌

Parsed 12k+ bug-bounty write-ups & blogs (and counting 24/7) and mapped each to CWE + language. Quick hits: • ~60% of RCEs happen in PHP/JS • >50% of GraphQL bugs are plain access-control issues Free site coming soon - reply "access" for an early invite! #bugbounty #hacking

@MiniMjStar x.com/0a_yso/status/…

@0a_yso access

@VC0D3R x.com/0a_yso/status/…

@0a_yso Access

@Nishantbhagat57 x.com/0a_yso/status/…

@0a_yso access

@dstmx x.com/0a_yso/status/…

@0a_yso access

@0x0SojalSec x.com/0a_yso/status/…

@0a_yso access

@0xchoudhary x.com/0a_yso/status/…

@0a_yso access

@vinhacks x.com/0a_yso/status/…

@0a_yso access

@Mdhsan19 x.com/0a_yso/status/…

@0a_yso access

@k0imet_ x.com/0a_yso/status/…

@AyatoShitomi x.com/0a_yso/status/…

@0a_yso Access