Jaydev Ahire
252 posts
Jaydev Ahire
@cybor_j
Application Security | CVE-2025-31192, 30466, 43228, 43356 | eWPT | CEH | GOOGLE HOF | APPLE (x6) | ASUS HOF | P1 Warrior L1 | views are my own!
Katılım Aralık 2019
164 Takip Edilen671 Takipçiler
Excited 🎉 to share that I have been credited with my 4th CVE from Apple:
CVE-2025-43356.
This issue was addressed in Apple’s new security releases of iOS 26, iPadOS 26, and Safari 26.
#Apple #CVE #BugBounty #iOS #ApplicationSecurity #iOS26
English
I finally sat down and drafted a detailed blog on my first CVE (2025-31192), including an in-depth explanation of the exploit script.
While reviewing it, I spotted something in the script and ended up finding a bypass of the fix 😅. Guess that blog will stay in drafts for now.
English
@ThisIsDK999 @amasad Why not Bugcrowd?
Oh I see they don’t reward points and ranking for VDPs 👀
English
@amasad Sir, with due respect, the top hackers DON'T hack on VDPs + they are individuals, not entities.
We expect better from the leaders of tech community like yourself
English
The number one hacker in the world is now an AI agent.
XBOW@Xbow
XBOW is now the #1 hacker on HackerOne, globally. For the first time, our autonomous AI pentester tops the worldwide leaderboard. Next week at #BlackHat, we’re taking it live: We’ll run real-time on HackerOne programs—come see XBOW find vulnerabilities. 📍 Booth 3257
English
@ThisIsDK999 I guess I will launch an Ebook on this, so I can read 2 pages every night 😮💨
English
I’m excited to announce that I've been credited with my third CVE from @Apple
CVE-2025-43228
Funny thing is, I reported this vulnerability back in August 2024
It has been addressed in the new iOS 18.6 and Safari 18.6 security update
support.apple.com/en-us/124147
#CVE #BugBounty
English
@MrTuxracer @Hacker0x01 @Bugcrowd At least they are replying to your reports, my reports went cold after passing “the preliminary analyst review” 🎃
English
WTF:
@Hacker0x01: Reported a "High" on Jun 19th, triage on Jul 28th: cannot reproduce
@Bugcrowd: Reported a "P2" on Jul 1st, also triage on Jul 28th: cannot reproduce
Is AI 💩 finally overwhelming platform triage, or what's the reason for ~a month of triage time?
#BugBounty
English
Hi!
We did a thing where we tried to give away a free VPN for a month, everyone wanted to double it and give it to the next person, so now we have a free lifetime VPN to give away to one person.
If you’re interested in getting a free lifetime VPN through us comment here.
We will select a random comment in 72 hours to win.
English
i found a way to transform my token into a admin token, but i don't know where the hell to use that token. That's frustrating #bugbounty
English
@medusa_0xf @hetmehtaa Depends! If you target big orgs then yes otherwise open semgrep add any software/plugin code from github then done 😂
English
A recent CVE (CVE-2025-45080) claims a vulnerability in the YONO SBI app because its 2021 version (v1.23.36) had android:usesCleartextTraffic="true".
The problem? This was found via basic static analysis on a four-year-old APK, not the current app. No MITM exploits, no traffic captures, no dynamic testing, just a scan of an outdated file.
This isn’t research.
Sure, cleartext traffic in a banking app is bad. But:
1. The app version is 4 years old
2. The setting may have been patched in newer builds (which aren’t being tested)
3. The CVE exaggerates risks to millions using the current app.
Crediting this as a major find is misleading.
Cybersecurity demands current, contextual analysis, not chasing legacy flaws.
Stop hyping noise over substance.
#Cybersecurity #AppSecurity #YONOSBI
English
Yay, I was awarded a $ bounty on @Hacker0x01! hackerone.com/jaydev2708 #TogetherWeHitHarder
This is my first highest bounty on @Hacker0x01
#bugbounty
English