k0imet

This belongs to all of us.

That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉

Web LLM Attacks Labs + YouTube walkthrough done GitHub Repo : github.com/ntrunr/WebSecu… YouTube Playlist : youtube.com/playlist?list=…

@Magn4_ Haha bros releasing them one by one until he makes a fortune off it

Its seems like this guy found something that could destroy the internet 🤯 hackerone.com/rcss?type=user

Chinese LLMs can hack better than state-sponsored hackers with properly evolved harness - Kimi K2.5 managed to find and exploit 6 vulnerabilities in browsers: a single page view or an extension install by victims equal full system hijack. Check arxiv.org/abs/2604.20801

JWT, Part 13: XSS + JWT = Full Account Takeover A great Reflected XSS use case as part of the tremendous work of @pingiskok on JWT rmrf.tips/en/posts/jwt-x…

@AniebietChrist3 Without even reading the comments I can say this shit is 100% made up for engagement farming

I spent 3 months chasing a contract to supply laptops to a private school. I did the research, got quotes, even used my own money to design a proposal with mock-ups. My cousin was jobless at the time, so I asked him to follow me to the meeting for moral support. I introduced him to the proprietor as “my brother.” After the presentation, the proprietor said he’d get back to me. Two weeks of silence. I called, he said “we’re still reviewing.” A month later I drove past the school and saw a van offloading laptops. My cousin’s company name was on the side. I thought it was a coincidence. That evening I checked CAC. He’d registered a business 3 days after our meeting, using my exact proposal format. Same specs, same pricing, just his letterhead. I called him. He didn’t deny it. He said “you were too slow. Business is not family. If I didn’t take it, someone else would.” He even told me the proprietor said I looked “too young to handle 8 million.” The worst part? My aunt called to beg me not to “spoil his chance.” Said I should be happy one of us got it.

@Safaricom_Care @O_peter01 Haha "^JH" stop playing by the customer support playbook, sema ukweli bana.. Ama wewe ni wa Airtel?

@O_peter01 We regret the experience @O_peter01 . To get the best out of the app, please ensure that you are on mobile data with an active data bundle. ^JH

Lakini @Safaricom_Care ,nyinyi ni watu bladifakin. You couldn't have at least tried this your One App thing even amongst your few staff members before releasing it to the public. I was so embarrassed today .

@themayor_ke Well I mean on paper these comparisons make perfect sense 1:1 right, but we forget something... Corruption for one hasn't slowed down not even a single bit, on the other corner the maturing loans. Global factors etc... So technically it's not a regime issue. We are in a cooked!

When Uhuru left power, NSSF was at flat rate of KSh 200. For Ruto, it's 6% on the employer side and 6% on the employee side. When Uhuru was leaving power, the dollar was KSh 118. Ruto took it to 160 and brought it down to 129. When Uhuru was leaving power, petrol was going for KSh 158 with subsidy. Ruto took it to 217, brought it down to 178, and now it’s at 198 with subsidy. When Uhuru was leaving power, the maximum NHIF contribution was KSh 1,700. For Ruto, it's 2.75% of your salary. During Uhuru’s time, KSh 100 would give you about 6 KPLC units of tokens, but under Ruto you now get about 3 units for the same amount. During Uhuru’s time, VAT across key sectors was 8%, but under Ruto it has gone up to 16%. For Uhuru, affordable housing meant no deductions on your payslip, but under Ruto, you now have an additional mandatory deduction. Despite all this, borrowing hasn’t stopped. In fact, it has picked up. So, how has Ruto reduced the cost of living ?🤔

@Kalasinga_ At 40kph you will have vamoosed by the time makachero come

@_abelkirwa @Voice_Roy Haha Kirwa ever used the app before, or what is this?

This is what they trying to curb. You're in matatu, then someone tells you ,simu yangu ni mkopa nisaidie yako nilipie. In seconds they take your sim card put in their phone, and activate mpesa app. Then anakurudishia simu. While you've gone uko office , you start getting mpesa messages. Kumbe the guy is transacting using the app, without your knowledge.

Chained CSPT into full account takeover using a 2FA bypass technique I hadn't seen used in bug bounty before. whoareme.com/blog/cspt-acco…

AI-Powered Penetration Testing Framework with automated vulnerability scanning, multi-agent system, and compliance reporting github.com/SHAdd0WTAka/Ze…

A fully local 26B MoE model was built for red teaming and bug hunting. Trained on elite bug reports and real evasion tactics. DPO fine-tuned for hunter mindset. Claude sees your payloads in logs; that's why BugTraceAI Apex 26B local MoE for real red teamers. - executes WAF bypasses with internal thinking blocks. - It enforces deep internal reasoning before generating any output. - Delivers production-grade WAF/EDR evasion with AES-256-GCM obfuscation. - Zero refusals, Trained on real-world elite reports and evasion techniques. Fits in 16.7GB. Runs on RTX 3060. - huggingface.co/BugTraceAI/Bug…

Last year I found a MXSS (dream) bug in a Mail app,it involved bypassing 2 consecutive sanitizers recursive Dompurify calls plus CKEditor.Hope you will like it sudistark.github.io/2026/04/07/mxs… All thanks to @kevin_mizu for putting such great content around mxss and those bypasses🙇‍♀️

@Safaricom_Care @Sililam183672 Come on @Safaricom_Care reply pale DMs asap..

@Sililam183672 Hello @Sililam183672 ,apologies for the experience.Kindly share number and name via DM: bit.ly/2lNteGi for us to check and advise.^RJ

Calculated theft. This is how corporations use AI. @Safaricom_Care looked at my cash flow and decided that they can steal 60/- from me for a nonexistent fuliza debt. They know I won't call and if i do, a human won't answer. They have 20m customers to steal coins from.

@Safcom_plcc Bullshit!

Hi Safaricom, please explain to me in small letters how my 27GB was spent in less than 1 hour. For this one a refund is a must! 0722555330 @Safaricom_Care @SafaricomPLC

Audits exposed Swagger API endpoints github.com/BishopFox/sj