Faisalkhan 🇮🇳

If you test modern web applications, this Next.js security checklist is worth reading. Covers things like: ◆ validation & sanitization ◆ dependency security ◆ secret management ◆ security headers Helpful for both developers and bug hunters ⚡ Source: blog.arcjet.com/next-js-securi… #WebSecurity #BugBounty #NextJS #AppSec

🦖 Autonomous offensive & defensive security research framework built on Claude Code. RAPTOR combines: • Static analysis • Binary analysis • LLM-powered vuln validation • Exploit generation • Patch generation • Fuzzing workflows • OSS forensics • Multi-model analysis pipelines Supports: Semgrep • CodeQL • Z3 SMT solving • AFL++ • Ollama • Claude • GPT • Gemini Built for autonomous security research against source code and binaries. 🔗 github.com/gadievron/rapt… #CyberSecurity #AppSec #CodeQL #Fuzzing #LLM #OpenSource

Useful domain operation tool for bug bounty hunters: bugbounty.zip #BugBounty #BugBountyTips #Recon #PenTest #InfoSec #CyberSecurity #HackingTools

Real pentesters don’t stop at Google dorks 💀 The real recon starts with Shodan, Censys,URLScan, Greynoise, and everything beyond traditional search.

Google dorking is still one of the most useful recon techniques. DorkSearch makes it easier to discover: • exposed admin portals • sensitive public files • hidden endpoints • interesting assets Less manual guessing. More signal ⚡ Source: dorksearch.com #cybersecurity #bugbounty #osint

We tested 9 LLMs on real-world #malware triage and static unpacking tasks, using only #Malcat’s MCP server. We compared not only their results, but also their speed and cost. Full write-up: malcat.fr/blog/benchmark…

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware thehackernews.com/2026/05/four-m…

🔴 Red Team • Cyber Security • Linux 🔥 Telegram: t.me/hackinarticles ✴ Twitter: x.com/hackinarticles Linux is the foundation of modern Red Team operations ⚠️ ⚡ Core Red Team Areas 🔍 Reconnaissance & Enumeration 💣 Weaponization & Payload Delivery 🎯 Exploitation (Web, API, AD, Cloud) 🛡 Post-Exploitation & Persistence 🌐 Command & Control (C2) 📦 Data Exfiltration & Impact 🐧 Linux Privilege Escalation ⚡ Essential Red Team Tools 🧠 BloodHound, CrackMapExec, Impacket 🚀 Sliver, Mythic, Cobalt Strike 🔎 Nmap, Amass, Subfinder 💥 Metasploit, Nuclei, SQLMap 💡 Strong Red Teamers combine Linux, networking, scripting, exploitation & OPSEC skills together ⚠️ Offensive security without Linux knowledge is extremely limiting #redteam #linux #cybersecurity #pentesting #infosec #ethicalhacking

6 months Fully Funded Fellowship in Singapore nlb.gov.sg/main/about-us/…

minishlab/semble: Fast and Accurate Code Search for Agents. Uses ~98% fewer tokens than grep+read github.com/MinishLab/semb…

⏰ It's CHALLENGE O'CLOCK! 👉 Pop an alert before Monday the 25th of May 👉 Win €400 in SWAG prizes 👉 We'll release a tip for every 100 likes on this tweet Thanks @KulinduKodi for the challenge 👇 challenge-0526.intigriti.io

Analysing IPA binaries with MobSF From setup to deep static & dynamic analysis inesmartins.github.io/mobsf-ipa-bina…

🎯 Building a JavaScript Aimbot: SANS Holiday Hack Challenge Breakdown 1⃣ Here is the tactical workflow we used to manipulate client-side variables and automate targeting in this HTML5 CTF game: 2⃣ Inspect the Game State: Use browser DevTools to analyze the running HTML5 application source. 3⃣ Isolate Enemy Variables: Locate the specific javascript objects tracking the elf positions and coordinates. 4⃣ Inject the Script: Deploy a custom JavaScript loop via the console to read and modify those variables. 🏹 Watch the full technical walkthrough: 👉 youtube.com/watch?v=Kbmvy7…

New article: a visual tour of recent LLM architecture advances, from Gemma 4 to DeepSeek V4. I focus on long-context efficiency tweaks like KV sharing, per-layer embeddings, layer-wise attention budgets, compressed attention, and mHC. Link: magazine.sebastianraschka.com/p/recent-devel…

API Mega List (10K+) Agents, AI, Automation, Social Media, Open Source and many others APIs. github.com/cporter202/API…

Ansible security and compliance guide slicker.me/netsec/ansible…

Why do LLMs hallucinate? Let's understand in simple words. An LLM hallucination is when the model gives us an answer that sounds confident but is completely wrong or made up. Now, the question is, why does this happen? The answer is simple. An LLM is a next-token predictor. It does not "know" facts. It predicts the most likely next word based on patterns it has seen during training. Means, the model is trained to be fluent, not to be factual. Let's say, we ask the LLM about a person it has never read about. The model still wants to give us an answer. So, it picks the words that sound most natural in that context. The output reads beautifully. But the facts can be completely invented. Here is the catch. The model does not have an "I do not know" button by default. It will try to complete the sentence, because that is what it was trained to do. A few reasons hallucinations happen: - The model predicts tokens, not truth. - It has no real-world grounding without external tools. - The training data has gaps, errors, and outdated information. - Fluency is rewarded during training, not honesty. So, how can we solve this problem? Here comes RAG, tool use, and grounding into the picture. We give the model real, verified context at the time of the question. Now, the model does not have to guess. It can read the actual source and answer. This is how we reduce hallucinations. The model is doing exactly what it was trained to do. It is our job to give it the right context.

Understanding Integer Overflow in Windows Kernel Exploitation Blog:- whiteknightlabs.com/2025/05/27/und… #windows #kernel #exploit

GraphQLmap is a CLI tool designed specifically for GraphQL exploitation.

There ‘s already an official documentation site burp-ai-agent.six2dez.com