d3fp4r4m

@thedawgyg @payloadartist Ignoring the bounty amounts for a moment when all the AI coding and bug hunting is at max do you think the average company will have more or less undiscovered bugs than pre-AI?

I think AI is going to cause bounty amounts to be lowered significantly when its mostly AI finding the vulns. Companies are going to have to make up for the huge loss of time/wages they are currently experiencing from the flood of AI reports (valid and invalid), and companies aren't going to be able to afford to keep paying 5 figure bounties for every critical. Especially since vibe coding introduces so many more vulns. I already know of several companies that are having these meetings right now to figure out whether to lower the bounty amounts or not, and some are thinking about removing the bounties all together to dissuade people from flooding them with AI generated reports hoping for a bounty,.

Will the new era of #bugbounty hunters be able to manually find bugs if Claude suddenly hikes the pricing 5x?

@pxmme1337 @Behi_Sec @albinowax @orange_8361 @nnwakelam @claudeai

@Behi_Sec @albinowax @orange_8361 @nnwakelam @pxmme1337

My Favorite Hackers: @albinowax @orange_8361 @nnwakelam Who is your favorite hacker?

People on the orange site are laughing at this, assuming it's just an ad and that there's nothing to it. Vulnerability researchers I talk to do not think this is a joke. As an erstwhile vuln researcher myself: do not bet against LLMs on this. axios.com/2026/02/05/ant…

Glitches in games, especially used for speedrunning, are one of the most fun aspects of hacking to watch! As an example, check out this video "How Speedrunners BEAT Hollow Knight Silksong In 10 Minutes!" by @Abyssoft youtube.com/watch?v=M6Jnj-…

Agency > Intelligence I had this intuitively wrong for decades, I think due to a pervasive cultural veneration of intelligence, various entertainment/media, obsession with IQ etc. Agency is significantly more powerful and significantly more scarce. Are you hiring for agency? Are we educating for agency? Are you acting as if you had 10X agency? Grok explanation is ~close: “Agency, as a personality trait, refers to an individual's capacity to take initiative, make decisions, and exert control over their actions and environment. It’s about being proactive rather than reactive—someone with high agency doesn’t just let life happen to them; they shape it. Think of it as a blend of self-efficacy, determination, and a sense of ownership over one’s path. People with strong agency tend to set goals and pursue them with confidence, even in the face of obstacles. They’re the type to say, “I’ll figure it out,” and then actually do it. On the flip side, someone low in agency might feel more like a passenger in their own life, waiting for external forces—like luck, other people, or circumstances—to dictate what happens next. It’s not quite the same as assertiveness or ambition, though it can overlap. Agency is quieter, more internal—it’s the belief that you *can* act, paired with the will to follow through. Psychologists often tie it to concepts like locus of control: high-agency folks lean toward an internal locus, feeling they steer their fate, while low-agency folks might lean external, seeing life as something that happens *to* them.”

@thedawgyg @chompie1337 Have a lot of your bugs been with default or alternate configurations?

Yea im planning to! I'm fuzzing in a weird way that's helping me fuzz parts of libraries that are often over looked. So once some more of them get fixed gonna put together some posts about my fuzz setup/strat and some of the cooler bugs. I'm currently trying to teach myself to make POC exploits for some of them for practice so I'll be ready when I find something impacting Android lol

7 new 0days in the last 2 hurs (on top of the Write-What-Where and another buffer overflow)... the changes I made to my harnesses are making it rain vulns <3 #bugbounty #hackers #hacking #0day

elite zero day element55 x eero blog.eero.com/how-amazon-and…

@ryancbarnett Interesting, does Akamai typically use the CVE system to disclose web service vulnerabilities? Is there deeper technical information? I’m just curious how customers use this Information.

CVE-2025-66373: HTTP Request Smuggling Due to Invalid Chunked Body Size akamai.com/blog/security/…

Why on earth would you promote a performance fix as a toggle option? Why would this ever need to be off? Why is the word “hopefully” being used? 🤡

@vxunderground I’m slightly ahead of you with an 8 month old. Truth, all of it.

Also, before my son was born I took classes on baby stuff. I also purchased some books from Barnes & Noble. There is no book or class in the world that can truly prepare you to be a parent. It's a totally unique and subjective experience Thanks for reading

I've been bamboozled My son is 7 months old. The first 3 months were an inescapable hell. At the 7 month marker things have gotten easier, but a new set of challenges continually appear I have no reason to say any of this. I'm a first time Dad and I am learning the ropes. I haven't gotten an actual full night's rest since my son was born. I'm really, really, really tired. I love my son, but it's hard and I just wanted to complain into the void of the internet.

Google could literally give 50ms of dark pattern money to ffmpeg (like incognito mode) without even feeling it and have the project funded for the next 200 years and probably should given, well, Youtube.

@deadvolvo One extra: peer to peer audio on rushed games doesn’t give me the confidence on its security hygiene.

@deadvolvo Two things kill in-game voip. Discord has cornered the market on gaming voip across most/all playgroups. Secondly there’s just too much audio garbage for me to give randoms unfettered access to my ears.

Battlefield 6 is super fun, but the lack of people using any communications, especially in the squad, makes the game a bit less fun IMO. Great for playing with friends however.

@bl4sty @evilsocket Aren’t CVEs for the customers’ benefit not the researcher for the sake of vulnerability management?

kind of funny that bugs that are communicated to vendors in a way they don't appreciate can result in no CVE being allocated for the vuln(s). while i guess it is bureaucratically legit (or is it?) it makes the CVE system an unreliable source of truth (more news at 11)

had some decent homies affected by the amzn layoffs any seceng sde or tpm roles you need to fill and want people that don’t suck reply to thread i’ll feed you souls

nothing has cured me of so many anxiounesses of life like marriage + kids. I get to truly feel alive because life is no longer about what i want, but about the very real needs of people who depend on me that i love with a love i did not believe i was capable of

@ArchAngelDDay Bucharest drivers see you putting on your seat belt and take it as a personal insult

This one resonated hard

I think it’s a good time to throw my money somewhere else

ChatGPT5 is so useless now