Double Tape

Two bugs. One chain. Full RCE. New research by Aleksandr Zhurnakov on Dell Wyse Management Suite shows how business logic flaws can be chained into complete system compromise. Read the full writeup! swarm.ptsecurity.com/business-logic…

New writeup: critical account takeover via password reset flaw. @ferdusalam0/how-i-found-a-critical-account-takeover-vulnerability-in-a-password-reset-flow-a48d7079fdd7" target="_blank" rel="nofollow noopener">medium.com/@ferdusalam0/h… #bugbounty #appsec #bugbountytips

Two free AI security tools every security team should bookmark right now. declawed.io - SecurityScorecard's STRIKE team built this. Live dashboard tracking 390,000+ exposed OpenClaw instances globally, updated every 15 minutes. 243,000+ still live and reachable, 35.4% vulnerable to RCE. Some exposed IPs correlate with infrastructure attributed to nation-state actors including APT28 and Sandworm. radar.protectifyai.com - ShadowAI Radar tracks the broader AI attack surface most people don't know exists. Right now it's showing 1,231 exposed AI endpoints across OpenClaw, Ollama, Open WebUI, Dify, Flowise, and more - plus 720 leaked AI credentials on GitHub, 7.3% with corporate signals. It covers 216 active CVEs across the entire open-source AI tooling ecosystem with exploit status, CISA KEV tracking, and a live feed showing new unauthenticated instances appearing globally in real time. The OpenClaw deep dive alone shows 98.9% of tracked instances have no authentication and 53.5% are vulnerable to remote code execution. declawed.io shows you the OpenClaw exposure. Radar.protectifyai.com shows you the entire AI infrastructure attack surface - endpoints, credentials, CVEs, and supply chain risks in one place. Both free. Both should be on every CISO's screen this week.

Logical 2FA/Email Verification Bypass via Pre-2FA JWT Acceptance by mhmodgm54 @mhmodgm54/logical-2fa-email-verification-bypass-via-pre-2fa-jwt-acceptanceintroduction-49f6b129fd32" target="_blank" rel="nofollow noopener">medium.com/@mhmodgm54/log… #bugbounty #bugbountytips #bugbountytip

Claude Code skill for AI-assisted bug bounty hunting - recon, IDOR, XSS, SSRF, OAuth, GraphQL, LLM injection, and report generation github.com/shuvonsec/clau…

💀LFI via misconfigured image parameter☠️ > In most of cases hackers only test blind SSRF in image handler parameter. But if you test the right payload it can disclose many hidden bugs! Join my BugBounty telegram channel t.me/ShellSec #bugbountytips #lfi

I keep finding GraphQL batching bugs out there. Here's how to find them 👇 Most GraphQL endpoints accept arrays of operations in a single HTTP request. So instead of sending one login request at a time (and getting rate limited after 5 attempts), you send 1000 login mutations in one request. So with a single HTTP request, you can perform 1000 password guesses. The payload might look something like this: [   {"query": "mutation { login(user:\"admin\", pass:\"password1\") { token }}"},   {"query": "mutation { login(user:\"admin\", pass:\"password2\") { token }}"},   ... ] The server processes all of them. Rate limiting usually counts HTTP requests, not operations within a request. So it sees one request and lets it through. Same trick works for brute-forcing OTPs, enumerating user accounts, or any operation where the defence depends on limiting how many times you can call it.

@intigriti Thank you bro

🔗 intigriti.com/researchers/bl…

Exploiting broken access controls checklist! 😎 #BugBountyTips #HackWithIntigriti

Day 23 of #BugQuest! 🤠 Today also marks the start of the practice section of this series! Over the next week, we'll be featuring several vulnerable code snippets to help you spot more broken access controls. Let’s start easy! Can you spot the vulnerability in the following code snippet? 🐛 Swipe through to see the vulnerable code! Solution will be revealed tomorrow! #BugBounty #HackWithIntigriti #BugQuest

🚨 CVE-2026-3055 (CVSS 9.3), a unauth memory overread vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway appliances that could see active exploitation itw Vulnerability detection script available here: github.com/rxerium/rxeriu… Patches are available as per Citrix's advisory: support.citrix.com/support-home/k…

🔥 Just launched my FREE Bug Bounty Recon Toolkit! ✅150+ Commands ✅50+ Tools ✅Smart Domain Generator ✅SSRF | SQLi | XSS | JWT | Cloud ✅One-click copy No install needed works in browser! 🌐 hackermd-toolkit.netlify.app #BugBounty #EthicalHacking #Recon

Web-Fuzzing-Box by @VulkeyChen is a massive collection of pre-built wordlists and payloads covering everything from content discovery to XSS, SQL injection, 403 bypasses, and brute force attacks! 🤠 Check it out! 👇 github.com/gh0stkey/Web-F…

@tryhackme @trynoscope I would love to hear real reviews from people who have tried noscope.com

Introducing @trynoscope by TryHackMe! AI Pentesting with deep web app coverage, automatic remediation, unlimited retests, and results in hours not days. NoScope has found major vulnerabilities in a huge range of companies (including a critical on a crypto trading platform - manipulating live trading data). Over the last 3 months NoScope was tested on many beta clients (more info on the site)! You can also use NoScope alongside a pentesting team. It goes deep so they can focus on prioritisation, remediation, and the findings that matter most. Human-led pentests are expensive and cover a fraction of applications. NoScope goes deeper for significantly less. Pentesters aren't going away, but the way pentests have been done for the last decade has changed. Getting an AI pentest has never been more important with attackers using AI-powered cyber capabilities. 👉 Oh! and! Your AI pentest is FREE if NoScope finds nothing - no findings, no payment! Check NoScope out! noscope.com

If you’re still looking at cookies like random strings and CORS like “blocked request = protected endpoint,” you’re hunting the surface, not the bug. This writeup is about where the real findings live: trust boundaries, state confusion, bad origin validation, cache interaction, and browser guarantees teams only imagined existed ↓ sin99xx.medium.com/cookies-and-co…

Use this prompt for a thorough JS analysis: You are an expert JavaScript reverse engineer and code analyst. I will provide you with a JavaScript file. Perform a structured analysis with the following objectives: ## 1. High-Level Overview - What is this code's purpose? - Architecture pattern - Key dependencies and frameworks used - Execution flow: how does the code initialize and what is the main entry path? ## 2. Attack Surface & Endpoints Extract and list ALL of the following in structured tables: | Category | Examples to look for | |-----------------------|---------------------------------------------------------| | API routes/endpoints | paths, HTTP methods, route patterns | | Parameters | query params, body fields, URL params, headers expected | | Auth mechanisms | tokens, cookies, session logic, OAuth flows, API keys | | WebSocket events | event names, channels, message schemas | | External calls | fetch/axios URLs, third-party APIs, webhook targets | ## 3. Hidden & Interesting Artifacts Look beneath the surface for: - Hardcoded strings: URLs, IPs, hostnames, ports, internal service names - Environment variables referenced (process.env.*) - Database schemas, table/collection names, field names - Role names, permission levels, feature flags - Debug/admin/test routes or commented-out functionality - Error messages that reveal internal structure - Regex patterns (what are they validating/extracting?) - File system paths (uploads, logs, configs, temp dirs) ## 4. Data Flow Map Trace how user input moves through the code: - Entry point (where does external data come in?) - Transformations (parsing, validation, sanitization, or lack thereof) - Storage (where does it end up: DB, file, cache, external service?) - Output (what gets returned/rendered to the user?) ## Formatting Rules - Use tables for structured data (endpoints, params, env vars) - Use code snippets with line references for each finding - Flag anything that seems intentionally obscured or unusual - If the code is minified/obfuscated, note patterns and attempt to identify the original framework or library --- Here is the code:

Got $4,300 bounty from 2 programs 💰 Not a single bug — just connecting dots. Using GhostJS (TrinetLayer) for recon: Found → AWS secrets in JS → Hidden APIs Then: •LFI •IDOR (invoice & profile) •PII exposed Small issues → big impact. #BugBounty #CyberSecurity #

Find hidden API parameters in seconds, not hours.  Arjun scans 25,890 parameter names with just 50-60 requests in under 10 seconds. github.com/s0md3v/Arjun

Bug Bounty hunters check this out: bugbounty.info