Mahmoud Omar

@xofin904 Will post more soon.

@nullthrix I love to learn more pls

lots of people asked me for my recon methodology HYG: github.com/nullthrix/BugB… soon will publish my full WAP methodology... #BugBounty #hacking #security #hackerone #bugcrowd #integrity #yeswehack

time to come back after a 3 year break :") Couldn't recover my old X account

@h4x0r_dz Starting to realize that it's happening with other platforms as well. I dont know anymore if its cuz of lack of documentation passed to the bb platform or not. Just reported OAuth flaw high vuln on bugcrowd, and got NA, so I contacted company's sec team.

To be secure in 2026 you have to shut down your bug bounty program on HackerOne. Lovable got hacked because HackerOne's incompetent triage team closed multiple valid vulnerability reports starting February 22, 2026 as "intended behavior." Poorly trained monkeys. Zero escalation to Lovable's security team. AI bots auto-closing critical findings. The result? Public project chat history and source code were exposed for MONTHS until a researcher was forced to go public. Two companies. Same platform. Same failure. Same lies. ClickUp. Lovable. Both breached because HackerOne buried critical reports while collecting your bounty fees. HackerOne is NOT a security partner. They are a liability. They close real vulnerabilities. They protect their own metrics over your data. They let researchers get attacked while they stay silent. Stop paying HackerOne to get hacked. lovable.dev/blog/our-respo…

@NullSecurityX Turkish coffee 🤑

My favorite drink while doing cybersecurity and bug bounty research is tea… :) What’s your preference? 😂