003random

The $15,000 secret of viewing posts from private Instagram accounts. 003random.com/posts/meta-bou… #bugbounty #bugbountytips #writeup

@spaceraccoon ~ Written by someone who had a Mr Robot profile picture for the last decade 😂. Great show. It for sure had an influence on me.

@spaceraccoon It influenced people?

Idk about yall but I feel like Mr Robot still doesn’t get talked about enough? It seems to have greatly influenced a narrow cohort of hackers but doesn’t have much cultural mindshare today

Exposing Instagram posts from private users. A writeup by @rub003  003random.com/posts/meta-bou…

@foilmanhacks @mqst_ @OSINTindustries @lol_archiver @epieos I'm an *ethical* hacker 😉. Nonetheless, this bug was found during an event.

@mqst_ @rub003 >Get's epic vuln >Blows it. Why do people keep blowing OSINT modules when they can submit it to companies like @OSINTindustries, @lol_archiver and @epieos

📸 How I Exposed Instagram's Private Posts by Blocking Users Blog: 003random.com/posts/meta-bou… Author: @rub003 #infosec

@mersa_v6 @Uber Congratulations! For what it's worth, the scope metric is practically always 'changed' for XSS, because you are impacting the browser as subsequent system. Unfortunately it stays within the medium severity. From a 5.4 to 6.1.

After 23 Idor and BAC vulnerabilities on @Uber , I got a First Stored XSS . Even if the input in front of you does not appear to be vulnerable to XSS , with going deeper , you will find a neglected place where this input is rendered without sanitization. #BugBounty #CyberSecurity #InfoSec #TogetherWeHitHarder #hackerone

This bug was buried so deep. You had to use a mobile user agent to reach the code path. Then block the victim account. And then request one of their posts via the oEmbed endpoint. This would trigger a try catch condition where super user privileges were used to fetch the post.

@AmitaiCo Oh interesting! What do you mean with 'overall score'?

@rub003 x.com/i/status/20090…

🤡 CVE-2026-21877 - 10.0 CVSS for AUTHENTICATED Remote code execution in @n8n_io, what a joke.... This is the reason there are so many real risks to be found because of stupid scoring frameworks and compliance requirements

@FFmpeg @MITREcorp @MITREattack @VolerionSec's algorithm looks better, 0.6 impact seems more correct. #overview" target="_blank" rel="nofollow noopener">volerion.com/vulnerabilitie…

@FFmpeg @__noided @MITREcorp @MITREattack @VolerionSec We try to capture a more appropriate severity via our (@VolerionSec) risk scoring algorithm. We would love to have your input on what you think matters when it comes to vulnerability severity, so that we can give this CVE a more appropriate score than CVSS does.

@FFmpeg @__noided @MITREcorp @MITREattack @VolerionSec Completely agree. 6.9 (in CVSSv4) is way too high for this vulnerability. But the score is correct according to the CVSS specification. And thats what @VolerionSec is doing. Provide an auditable and reliable solution to CVE enrichment so every record gets timely & accurate data.

This "vulnerability" in FFmpeg demonstrates clearly the alarmist nature of @MITREcorp @MITREattack A pixel could theoretically be the wrong colour because of an integer overflow. As this is theoretically possible over a network, it's "High Severity" ubuntu.com/security/CVE-2…

@FFmpeg @grok wrong pixel no bad but CVSS say medium bad

@zoomeye_team The vendor (Grafana) signals CVSS 10.0, however, my CVSS conclusion landed at a 6.5 (v3.1) / 8.5 (v4.0): graph.volerion.com/view?ID=CVE-20…. with PR:H, S:U (SCIM token needed, impact stays in Grafana). Curious to hear your opinion on their CVSS 10.0!

🚨🚨CVE-2025-41115 (CVSS 10) – Grafana Privilege Escalation Grafana 12.x with SCIM enabled is vulnerable: a malicious SCIM client can create users with numeric externalIds, risking ID override and full privilege escalation. Search by vul.cve Filter👉vul.cve="CVE-2025-41115" ZoomEye Dork👉app="Grafana" 601k+ exposed instances. ZoomEye Link: zoomeye.ai/searchResult?q… Refer: 1. grafana.com/blog/2025/11/1… 2. hub.zoomeye.ai/detail/6920394… #ZoomEye #cybersecurity #infosec #OSINT

@hakluke @hacker_content @Hacker0x01 Bonk, you are doing great work!

I am so proud to announce that my company @hacker_content helped produce the 9th Annual Hacker-Powered Security Report from @Hacker0x01. It's been an 8-month long journey - lots of interviews, surveys and data analysis. I might be biased, but I think this is the best HPSR that has ever been released. It covers, in very real terms, the impact that AI is having on bug bounties and cybersecurity in general - and It's not what you'd expect. I don't want to claim too much credit because this would not have been possible without a huge effort from the Hackerone team, along with the hackers and CISOs that gave their time to fill out surveys and be interviewed. Super special shout out to Naz Bozdemir and Jess Williams who were absolutely integral to the whole project. Read it here 👇 hackerone.com/report/hacker-…

😭

🦾💼 #DEFCON33 may feel like a “hacker holiday,” but the CVE conveyor belt never stops. Out of the 249 newly published CVEs, the highest EPSS in the set is 0.09475 — CVE-2025-47188 — with a CRITICAL CVSS score. Volerion gives it a contextual risk score of 3.6/10, factoring in real-world usage and internet exposure of the affected products. The ecosystem doesn’t take time off — and neither does Volerion’s AI-driven analysis, turning raw CVEs into actionable, prioritized risk. #DEFCON #CVE

CVE-2025-54576 is quite cool. It's so easy to make your web app vulnerable to this. You would expect `skip_auth_routes` to match routes only, but meanwhile it was comparing against `GetRequestURI`. Fixed in v7.11.0 by comparing against `GetRequestPath`. 👉blog.volerion.com/posts/CVE-2025…

@RepoFlex Someone decided that it's best to just squeeze everything into the description 😮‍💨.

@rub003 literally larger than the bible

😂The award for best NVD CVE description goes to...

.@VolerionSec writes consistent length summaries. For example, the one from above: volerion.com/vulnerabilitie… "in various models" is so much better than listing all 50 vulnerable versions in the description. We have a products tab for the actual affected products and versions.

The largest description award goes to nvd.nist.gov/vuln/detail/CV…, but nvd.nist.gov/vuln/detail/CV… is quite funny too. Who actually reads these?