Sabitlenmiş Tweet
Hi, I just published my first bug bounty write-up for a recent IDOR bug that I have found on BugCrowd's private program. #bugbounty #infosecwriteup #IDOR #bugbountytips
ja1sharma.medium.com/bugbounty-idor…
English
sudo jai
3.7K posts
sudo jai
@ja1sharma
Offensive Security | Always a Learner | Security Researcher | CVE-2020-29238, CVE-2020-12822 | Views are my own
127.1 Katılım Ekim 2010
581 Takip Edilen1.5K Takipçiler
A passenger's powerbank caught fire mid flight on #Indigo: 6E 1074, situation was controlled by the flight attendants.
But oh lord... crazy scenes, we all were scared as hell! Commendable job by Indigo team, we landed safe and sound.
I think powerbanks should be permanently banned from the flights!
English
sudo jai retweetledi
The winners of our @PentesterLab & @hackthebox_eu giveaway are in!
3 months Pentester Lab licenses:
@KavanSoni_0xd
@0xBinaryOrbit
@cyberx00t
@mld_77
@Romilpatel1988
1 Year VIP HackTheBox
@StellaObatoye
Congrats to the winners! Stay tuned for more epic giveaways! 🎁🎉
English
@orange_8361 never fails to amaze me!
TrendAI Zero Day Initiative@thezdi
Aaaand it's official! Orange Tsai (@orange_8361) of DEVCORE Research Team chained 3 bugs to achieve Remote Code Execution as SYSTEM on Microsoft Exchange, earning a whooping $200,000 and 20 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin
English
sudo jai retweetledi
Security researcher @BrunoModificato explores an often overlooked attack surface in Web3 applications by focusing on offchain vulnerabilities that can lead to significant bug bounty payouts.
youtu.be/aED_tYXCsOI
YouTube
English
sudo jai retweetledi
🚨 CFP Deadline EXTENDED! 🚨
Bug Bounty Village @DEFCON is still accepting CFPs — new deadline is May 31, 2026!
Got insights on hacking, vuln disclosure, or bug bounty life? We want to hear from you!
Apply now 👉 bugbountydefcon.com/call-for-papers
#BugBounty #DEFCON #BBV
English
sudo jai retweetledi
📢 FINAL CALL! Time is almost up to get involved in the biggest Bug Bounty Village yet!
Submit your CFP for @DEFCON 34 before it's too late!
🕒 Deadline: May 15.
bugbountydefcon.com/call-for-papers
#bugbounty #DEFCON34
English
sudo jai retweetledi
Security researcher @nytr0gen_ explores a lesser-known and often overlooked attack surface in modern web infrastructure by diving deep into Edge Side Includes and real-world exploitation techniques.
youtu.be/Df42-CfJF8k
YouTube
English
sudo jai retweetledi
Only 24 hours left to enter! Get re-tweeting and tagging your hacker pals!
Bug Bounty Village@BugBountyDEFCON
IT'S GIVEAWAY SEASON! We will pick 6 winners to win one of the following: 1x Annual VIP Hack The Box Licence 5x Pentesterlab 3 Month Licences To enter: 1️⃣ Follow us @BugBountyDefcon 2️⃣ Like this post ❤️ 3️⃣ Tag 3 hacker friends in the comments 4️⃣ Retweet this post 🔁 Giveaway open until Thursday May 14th! GOOD LUCK!
English
Call of Duty is dead.
Arc Raiders is dead.
Fortnite is dead.
Battlefield is dead.
GTA is still not out.
What is anyone even playing anymore these days?
English
It was fun using Anthropic - Claude Code but this is not a serious company, their users are beta testers for them.
Good luck Anthropic, thanks to your plan changes every week, your users cannot build a serious workflow relying on Claude.
Wes Winder@weswinder
anthropic just downgraded claude code subs programmatic usage previously used your full rate limits which was something like a 5-10X discount vs api costs now ALL programmatic usage is capped at $20/$100/$200 in api costs (a single opus session can easily burn $20) not good
English
sudo jai retweetledi
📢 Time is running out and submissions are filling up—this is your last call!
Submit your CFP for the Bug Bounty Village at @DEFCON 34 before it’s too late.
🕒 Deadline: May 15
bugbountydefcon.com/call-for-papers
#bugbounty #DEFCON34
English
Things have taken pace since AI happened.
News from Google@NewsFromGoogle
The Google Threat Intelligence Group has detected the first known instance of a threat actor using an AI-developed zero-day exploit in the wild. While the attackers planned a wide-scale strike, our proactive counter-discovery may have prevented that from happening. This finding is part of our new report on AI-powered threats.
English
sudo jai retweetledi
Tracing the evolution of vuln disclosure from pre-bounty days to modern large-scale programs, @scriptingxss highlights the growing complexity of managing submissions, scaling security operations & maintaining strong relationships with the researchers.
youtu.be/-FMwi_V6XeY
YouTube
English
sudo jai retweetledi
🚨 WARNING: The self-spreading “Mini Shai-Hulud” worm compromised npm & PyPI packages tied to TanStack, Mistral AI, Guardrails AI, OpenSearch & more.
The attack used GitHub OIDC token hijacking and cache poisoning to spread credential-stealing malware across 42 TanStack packages and 84 versions.
Check your dependencies immediately → thehackernews.com/2026/05/mini-s…
English
Maaaa, it's Shai-Hulud again
Socket@SocketSecurity
🚨 BREAKING: 84 TanStack npm packages were compromised in an ongoing Mini Shai-Hulud supply chain attack, adding suspected CI credential-stealing malware. Socket flagged every malicious version within six minutes of publication. This is a developing story.
Eesti
@ZackKorman The only and biggest problem every BAS tool has these days; proper SIEM & EDR log telemetry mapping with TTP executions. I would love to see that happening.
English
If AI were free and you had unlimited tokens, what detection problems do you think it still couldn’t solve?
English