JD on Security

Good post, great read.

@intigriti Swordfish

what hacker movie are you watching this weekend? 😎

@zseano Definitely worth a the read.

Interesting thread…. Worth a read through the replies. reddit.com/r/bugbounty/co…

Pretty please….

@zseano @imhaxormad I was part of the beginning, you helped me a lot with what I know about bug bounty. Thanks to you and bugbountyhunter.com Can’t wait to see what V2 will bring us.

i'm taking a pause from hacking to resume building bugbountyhunter.com. i regret closing it down and I shouldn't of done it. everything will be back online EXACTLY as it was very soon and i've got some big plans for the future. and yes, that includes zseano methodology v2 ;)

A lot of people probably do not have the guts or balls to say this but I will say it. I have noticed that a lot of known security researchers are almost "in bed" with Hacker platforms and forget where they came from or just don't care anymore because they've already made it. The only one that I haven't seen like this is @Jhaddix. Every single time I see someone stand up for themselves against the atrocious injustices and ACTUAL unethical practices of these Hacker platforms against security researchers, I see these big names white-knighting for the platform, as if the platform isn't already a multi-million or multi-billion dollar corporation with multiple white knights on their payroll already. And it's honestly very disappointing and frustrating. People like @rez0__ and @InsiderPhD are prime examples, and should be using their platform to fight for the bug hunters, not against them. It's honestly not only incredibly disrespectful but also a massive letdown. Like, we see these people as not only peers but pillars in the community. For me personally it pains me to write this this since I followed the Critical Thinking podcast in the past, the podcast "by Hackers for Hackers" by the way, unless apparently you post about a Hacker platform hosting a corrupt program that is ghosting you and not paying you for your find. And that my friends is an example of what's become the downfall of the entire bug bounty ecosystem: say one thing, do another. Hacker platforms say they'll pay you X bounty for Y finding, and when you do the report and follow their own "good-faith" principles, they'll downplay your find, ghost your requests, and scam you of your bounty. And the same people you thought were there to defend you when you try to take a stand are actually waiting to be outraged by your stance instead, because they've "met" and "are friends" and "partied at DEFCON" with employees from these platforms 🤡. STOP defending hacker platforms and START defending the hackers, THE PRODUCT. Without us hackers these platforms would be useless.

Hey @2K — closing a bug report as "N/A" then silently remediating the exact same host within 30 days isn't oversight. It's stiffing the researcher who told you it was broken. @Hacker0x01 #bugbounty

Bug bounty programs are killing their own disclosure pipeline. Real vuln on something.org.com → CNAMEs to a vendor → program closes as N/A → bug stays open → breach happens anyway. Microsoft just reversed this. Most haven't. jdonsec.com/essays/its-you…

Anthropic just pulled Claude Code from the Pro plan. Pro users wanting it need Max now. $100/month minimum. 5x jump. I'm on Max 20x so I'm fine. Flagging for anyone on Pro who's about to find out. No announcement. Just a pricing page edit.

For the enterprises using Claude, if you are using it for heavy enterprise type stuff - be extremely careful. It's introducing massive bugs, security issues, and code quality is way worse than Opus 4.5, substantially worse on both 4.6 and 4.7. Our entire development team is shifting off of it. It's unusable at the moment aside from beautiful UI stuff, it's code quality is not something you can trust. Still no word from Claude on why they mangled their models and didn't tell anyone - which is particularly alarming on every front. I would recommend switching teams over to something like Cursor, Perplexity, or AWS Bedrock - as the frontier models continue to innovate (or regress) - having the ability for flexible model selection that doesn't disrupt development workflow will be insanely important for enterprise.

Hey @Hacker0x01 super disappointed. Reported a critical bug on a private program: full access to 73 storage containers, (RCE) entire company's candidate PII downloadable. Triaged valid. Fixed by the team (confirmed). Then 2 months later closed as N/A "third-party SDK issue." If the key is served from your domain, leaking your users' PII, and your team fixes it how is that N/A? Filed mediation but 6–7 months is a long wait. Can someone from the team take a look? Bug is genuinely worth your time.

@elonmusk They need to be investigated for pedophilia, just imagine what must be happening at that organization.

The New York Times is utterly disgusting

A poker bot farm where multiple bots sit at the same table and share their cards to collude against humans

@boston_drives @opd6799 @LyftUberDriver Why did it fell apart. I was about to read it, than i saw your comment.

@opd6799 @LyftUberDriver Read the whole thread earlier, guy’s story fell apart.

@boston_drives @LyftUberDriver 👀

We have frozen all child care payments to the state of Minnesota. You have probably read the serious allegations that the state of Minnesota has funneled millions of taxpayer dollars to fraudulent daycares across Minnesota over the past decade. Today we have taken three actions against the blatant fraud that appears to be rampant in Minnesota and across the country: 1. I have activated our defend the spend system for all ACF payments. Starting today, all ACF payments across America will require a justification and a receipt or photo evidence before we send money to a state. 2. Alex Adams and I have identified the individuals in @nickshirleyy's excellent work. I have demanded from @GovTimWalz a comprehensive audit of these centers. This includes attendance records, licenses, complaints, investigations, and inspections. 3. We have launched a dedicated fraud-reporting hotline and email address at childcare.gov Whether you are a parent, provider, or member of the general public, we want to hear from you. We have turned off the money spigot and we are finding the fraud. @ACFHHS @HHSGov

@OnlyInBOS Cavaleiros - Lowell.

Need your help: where do you go for Portuguese food in Massachusetts?

@NahamSec Is it a self hosted AI? Also do you happen to have YT videos on bug bounty with AI?

I just used AI to reverse engineer an N-day in a Wordpress plugin in like 50 minutes 🫠

🚨JUST IN!: According to the NY Post, Nancy Pelosi's return on her stock OUTPERFORMED THE DOW by 17,000% for raking in 133 million from 1987-2025!! ARE YOU KIDDING ME RIGHT NOW?? She OUTPERFORMED the damn DOW? This is EXACTLY why Americans hate D.C. & nothing will be done!!👇

The new salary transparency law begins next week in Mass. Employers have to post salary range for openings AND if you want to know what colleagues with your job title are making - your boss needs to give you the high and low. So… will you be asking for that info?

@Matt_Pinner Yes, my oldest daughter is currently attending a trade school.

Be honest because I’m trying to prove a point Would you back your child or grandchild's decision to attend trade school rather than college?