NullSecurityX

🎬 We’ve created special playlists for you! 🚀 📌 Hacking 101: PenTesting & Cybersecurity 👉 youtube.com/playlist?list=… 📌 TryHackMe & HackTheBox Walkthroughs 👉 youtube.com/playlist?list=… 📌 Bug Bounty POC's 👉 youtube.com/playlist?list=… ⚡ Learn, practice, hack! - Share #BugBounty

Sorry for the delay everyone. The cPanel vulnerability video drops Wednesday full technical breakdown + live exploitation on real targets.Friday/Saturday we’ll publish a live bug bounty PoC showing how we triggered an IDOR via UUID handling issues on UBER

@taviso “Localhost-only” is not a security boundary. Too many Electron/Python apps expose loopback HTTP services with weak CORS/WebSocket protections, enabling browser-assisted local pivoting or CSRF-style abuse. PNA enforcement can’t come soon enough.

I really wish browsers would hurry up and implement private-network-access, developers often don't understand the implications. This weekend I tried a random flashcard application for language learning... and it started a localhost web service 😔

@catgirl_root @CyberRacheal shanice yapa yapa yapa sjsjsjsj

Interviewer: HTTPS encrypts everything. Then how do CDNs still cache content?

@catgirl_root Hahah senin mesajın daha iyi boşver 😄

This warning always holds a special place for us cybersecurity folks too..

@catgirl_root @elormkdaniel Bire bir aynısı desem yalan olmaz ajajajaj

When a Hacker Finds Your Password...

New Videoo: How Hackers Exploit XSS Vulnerabilities | Understanding XSS Attacks Learn how attackers abuse XSS flaws, inject malicious payloads, and compromise browsers in real-world scenarios during live bug bounty style testing. youtu.be/QuSytRm-pz4

@catgirl_root @DailyDarkWeb Türk milletine hizmet eden herkesin TÜRKçülük günü kutlu olsun 🇹🇷

As I said before, SiberXL is trying to gain attention with false information and fabricated documents. I already told you the claims shared were not true, and you acknowledged it by removing the posts. Please stop giving engagement seekers the attention they want. @DailyDarkWeb

@sorunsalladi @DailyDarkWeb Sen öyle deyince index2.html index.html geldi aklıma :D keşke o yıllara dönebilseydik. Hack'e başladıktan sonra ki 3-4 yıl sonra ki pastebin açıklamamı buldum :D Burdan yeri gelmişken 3 Mayıs Türkçü'ler günü kutlu olsun.:)

@NullSecurityX @DailyDarkWeb Yıllar önce bir dernek sitesinde zafiyet bulmuştum. Racon gereği hacklemedim, adminin telefonunu bulup bildirdim. Teşekkür edip bana iki kişilik sinema bileti almıştı. O dönem kız arkadaşımla gitmiştim. İlk bug bounty anımdır. Sene 2014 falan.

@sorunsalladi @DailyDarkWeb Önceden giren şerefi ile indexini atar bilgileri public yayınlar geçerdi. Şimdi bir reklamcı lamer grup gibi public .xslx dosyalarından eriştiği verilerle olmayan db mimarisi inşa edip, bilgileri leak ettik diye etkileşim kaşarlığı yapıyorlar

@NullSecurityX @DailyDarkWeb Eskiden hiç değilse black hatlerden bir şeyler öğrenip defansif tarafı güçlendiriyorduk. Şimdi götten sallama leak yayınlıyorlar.

@sorunsalladi @DailyDarkWeb En son sallamasyon yayınladığı bilgileri yalanlayıp kanıtlarıyla ispatladım. Gönderileri vs hepsini kaldırdılar. Yine yayınlamaya başladılar. Bu darkwebintelligence de etkileşim kaşarlığı yapıyor. Hatırlamışken burdan eski dostlara selam olsun..:)

@NullSecurityX @DailyDarkWeb Yine ne sallamış bu Doğan SLX götünden acaba... Aylardır sallamasyon veri yayınlıyor. Biri de sesini çıkartmıyor. Çok bozdu bu black hat tarafı. Eskiden daha kaliteliydi. Nerede o eski black hatler...

FBI reportedly leveraged iOS notification preview persistence to recover deleted Signal message artifacts. E2E encryption remained intact the exposure was entirely OS-side. Apple patched it in iOS 26.4.2 by replacing cached content with metadata/length-only storage.

@xfeylesof Thanks for becoming a member. The upcoming videos will definitely be worth the wait.. :)

@NullSecurityX We became members and turned on notifications. now we’re waiting 🔥

Get ready next week, some legendary videos are coming. The high-level ones will be shared exclusively for members only. Everyone who joins, even at the lowest membership tier, will have access to the videos. youtube.com/channel/UCTeWg… Big thanks to everyone who became a member ❤️

Copy Fail is a Linux privilege escalation bug that lets any local user get root using a 732-byte Python script, and itworks on basically every major Linux distro shipped. CVE-2026-31431 Write-up: xint.io/blog/copy-fail… YouTube: @NullSecurityX" target="_blank" rel="nofollow noopener">youtube.com/@NullSecurityX

@vitobotta I think it’s a very low amount too.

@NullSecurityX $15K for ATO on Facebook seems low. They can afford more for something this critical.

🔐 Facebook Account Takeover | $15000 Bug Bounty PoC This video walks through a critical Account Takeover vulnerability on Facebook, including a step-by-step PoC, 📌 Now members-only Get access by joining at the lowest tier. 👉 youtu.be/Sm_2JJPm2g4

Bug Bounty Course: Recon, Dorking, XSS/LFI, CORS & Open Redirect on Live Targets | YesWeHack ✅ Subdomain Recon ✅ Google Dorking ✅ XSS & LFI ✅ CORS Misconfiguration ✅ Open Redirect Mass Hunt Perfect for beginners👇 youtu.be/wcZxhXel7jQ