A.Elyas (2buggy)

@smartnakamoura No account identifier in the payload so how did the ‘backend’ know which account to credit when it received this JSON? 🤔

A Nigerian fintech just lost ₦20 million to a fake webhook. Attacker didn’t hack anything. They just POSTed this to the endpoint: { "event": "transfer.success", "amount": 500000, "status": "success" } Backend credited the user. Zero money moved. This is happening more in crypto payments too. What every backend dev must do in 2026: 1. Verify webhook signature + IP + timestamp (not just event name). 2. Never credit on webhook alone always confirm on-chain + NIBSS. 3. Add rate limiting and replay attack protection. 4. Reconcile every stablecoin inflow against blockchain truth. Crypto rails move fast. One lazy endpoint and you’re done. Save this like your production depends on it. Drop your worst webhook horror story 👇

@ryancarson @literallyhimmmm Loool excellent security advice here

@literallyhimmmm Just point your agent at the post

If you’re on Vercel - action this immediately

@monkehack It’s great. I put on smart downloads and in the background it downloads videos depending on content I’ve watched - watch out though it’ll fill up your memory 🤣

YouTube Premium is a game-changer for flights. I don't know why I didn't try downloading videos before but it's by far the most productive use of my time on a flight where WiFi is patchy if it exists at all, and reading long articles for too long makes me sleepy.

@monkehack @StarstrikeAI Legends. Smashed it 🎉🎉!

We took home 2nd Place and I got Most Novel Prompt Injection as well. Another award for team @StarstrikeAI 💪

The first of our research articles is now up. Enjoy! We’ll be posting new research weekly for the next few weeks.

Excited to launch this with @busf4ctor. We'll be posting some of our research over the next few weeks 😁 so make sure to follow. Really looking forward to seeing where this goes!

@monkehack @busf4ctor 👀 exciting stuff

@mischavdburg @openclaw Defang that g 🐍

SECURITY WARNING: Someone built a website called openclawd.ai to mimic @openclaw . THIS IS NOT OPENCLAW The installation instructions tell you to curl a bash script from their openclawd URL. It currently returns a webpage but that won't stay for long. This script will hack you.

@localghost Giving it it’s own accounts so clever not going lie 🤝

Got a mac mini for clawdbot. Had a lot of fun setting this up today. Instead of access to my accounts, I gave it: ✅ its own apple account for messages ✅ its own gmail to sign up for stuff ✅ its own github to push code

@MuhammedAlkesht @Bugcrowd مبروووك 🤝

(إِنَّ اللَّهَ لَذُو فَضْلٍ عَلَى النَّاسِ وَلَكِنَّ أَكْثَرَ النَّاسِ لَا يَشْكُرُونَ.) Alhamdullilah I earned $$$ for my submission on #BugBounty #bugbountytips @bugcrowd #ItTakesACrowd

Gems 💎

My daily read: getdisclosed.com By @infinitelogins

@keysmashbandit “Yeah, yeah I’ll Claude you later”

I'll have my Claude contact your Claude

@pwnedl0l Not a bad shout 🤣🤝

@get_root1 Next step: Portuguese residency card for security researchers? 😂✈️💼

New law in Portugal means security researchers can poke around in peace 😅🤝( with the right intentions ofcourse). Time to switch to Portuguese VPN severs ? 😂🫵

@zack0x01 Rest. Otherwise you will get sick and then you will be forced to stop for a period and therefore you'll lose more time. Take it easy🤝

@KhanHuz44486924 We have similar timelines in terms of learning etc. Let's do it 🤝

Hey #BugBounty hunters! I've been grinding on public programs for 9 months, hunting bugs solo—now looking for collab partners to team up. Anyone can join, let's smash some vulns together! DM me if interested. #Hacking #CyberSecurity #BugBountyTips

@the_IDORminator @arcanuminfosec 🥳🥳

@OreoB1scuit You done sudo reboot

I recently tried magnesium glycinate and zinc, and bro… I slept for 8 hours but woke up feeling like I’d been on sleeping for 8 days. I even remembered my dreams in 4K for the first time ever. What is this magnesium some kind of premium sleep subscription?

@SirBagoza I was just thinking when’s the don gonna drop another vid! I welcome it 🤝

هلا