adibou

We have a rare opportunity to observe a bold move by Xiaomi's bug bounty program. After several internal discussions and a meeting with the board of directors, a Chinese conglomerate finalized the increase in the low-severity bounty range from $1 to $1-$2.

We've published a new blog post by RyotaK @ryotkak ! He exploited a directory deletion race condition in Google Cloud's Looker, leading to full RCE and K8s privilege escalation. Read the technical details here: flatt.tech/research/posts…

We partnered with Mozilla to test Claude's ability to find security vulnerabilities in Firefox. Opus 4.6 found 22 vulnerabilities in just two weeks. Of these, 14 were high-severity, representing a fifth of all high-severity bugs Mozilla remediated in 2025.

I finally let Claude do my pentest this week. Full 5-day engagement, zero human input. Here's what the client got: 😏 clawd.it/posts/10-repla… #bugbounty #pentesting #AI #cybersecurity #infosec #claudeai

Today I discovered that scammers are poisoning Google AI Overviews to display malicious data. While searching for an airline support phone number, the AI-generated result surfaced a scam number operated by fraudsters. Don't be lazy and double check the results 🫡

New research just dropped by @alien2exe on hijacking OAuth popups via predictable window. open() targets. The chain uses iframe name collision forcing the auth flow into a controlled context, eventually linking an attacker-controlled addon to leak workspace PII and config data lab.ctbb.show/research/can-a…

Data Exfiltration in Google Gemini via... phone call? Link in comments:

@FearsOff @Cloudflare This write‑up tells the story of how traffic aimed at that certificate path could reach origins behind Cloudflare even when the rest of the application was blocked by customer rules. Enjoy the reading here fearsoff.org/research/cloud…

We hacked the AWS JavaScript SDK, a core library powering the entire @AWScloud ecosystem - including the AWS Console itself 🤯 How did we do it? Just two missing characters was all it took. This is the story of #CodeBreach 🧵👇

I wrote an article about 8 vulnerabilities in Claude Code that allowed me to bypass the permission model and execute arbitrary commands!

onelifeitsworthanattempt.png

Quite a long work to get the exploit working and the article ready, but here it is ! Our pre-auth RCE in Livewire v3 (CVE-2025-54068) with @_remsio_ is live ! Enjoy the read :)

@livewithnoregrt Achieving your dreams is a race against time. Time forces convergence, and premature convergence kills dreams. This is hard to understand when you’re young, before you know the wrath of time or the meaning of convergence. It's typically understood in hindsight, and with regret.

Today, we’re releasing watchTowr Labs’ @chudyPB’s BlackHat .NET research, owning Barracuda, Ivanti and more solutions. Enjoy the read as Piotr explains a new .NET Framework primitive, used to achieve pre- and post-auth RCE on numerous enterprise appliances. labs.watchtowr.com/soapwn-pwning-…

We believe this is the first documented case of a large-scale AI cyberattack executed without substantial human intervention. It has significant implications for cybersecurity in the age of AI agents. Read more: anthropic.com/news/disruptin…

Whoever that promises you their tool, their course or whatever will make you make big bucks is lying. Learn, work hard on your skills, understand the things. There is no other magic in the field. Don't listen those that are saying otherwise #bugbounty

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…

I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! 🔥 The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇 gmsgadget.com 1/4

New blog post is up: How I leaked the IP addresses of Brave's Tor window and Chrome VPN extension users--plus, a new Popunder technique and connect-src CSP directive bypass. Read more @ 0x999.net/blog/leaking-i…

@Geluchat gg! you gonna smash it, 100% ;)

Today was my last day as a pentester at Bsecure, and it feels a bit surreal. After a three-year journey of hunting on the side, I’m finally ready to go all-in as a full-time bug bounty hunter. To celebrate this milestone, I've written an article sharing the full story. It’s a transparent look at the path that got me here: the wins, the lessons, the real financial numbers, and my honest advice for anyone considering this adventure. You can read all about my journey from pentester to full-time hunter here: gelu.chat/posts/from-pen…