Tuan Dinh Van 🇻🇳

Security researcher ily2 has just earned a staggering $3,000,000 from submitting a critical smart contract bug via Immunefi. That's the largest single payout in web3 security in recent memory. In total, he's submitted 3 reports. All 3 were paid. 100% accuracy. His leaderboard update is coming soon, but you can pledge IMU to him now and earn when he finds the next one: immunefi.com/pledge/ily2

$312,500 worth of stored/reflected XSS vulnerabilities in Meta’s Conversions API Gateway allowed Javascript code to run on any Facebook domain and millions of third-party websites. The flaw enabled zero-click Facebook account takeover and more: ysamm.com/uncategorized/…

@LTiDiii Đỉnh quá a ơi. Chúc mừng a nhé🔥🔥🔥

BB 2025 Recap - Top 14 H1 Crit Rep, Top 16 H1 Highest Rep, Top 2 H1 🇻🇳(Cheers Top 1 @thaivd98), Top 2 GG🇻🇳 - Stop at Elite 8 H1 AWC vs talented🇪🇸 - 1st GG LHE, 1st H1 LHE, Flysec 1st Hack Trip - Amazing memories in 🇻🇳 w 🇪🇸 friends - More Flysec's mems joined fly w hacking dreams!

@janlele91 Chắc chắn là 🔥🔥🔥 hơn rồi ông à 🤣

@tunadv Sao cháy bằng tuandv đc b ơi haha

$6000 bounty for a juicy SSRF that exposed internal files, K8s access tokens & Lambda runtime API 😎 Massive props to @saur1n — killer teamwork on this one! Customer paid directly, no Bugcrowd triage needed. #Bugcrowd #SSRF

Congratulations to all the researchers recognized in this quarter’s MSRC 2025 Q3 Security Researcher Leaderboard! Thanks to all the researchers who partnered with us for your hard work and continued dedication to securing our customers. Learn more in our blog post: msft.it/6016sfncp We also want to recognize the top 10 researchers in the leaderboard: 🥇Brad Schlintz (@nmdhkr) 🥈 Yuval Avrahami 🥉 b2ahex 4. Jianyang song 5. Felix B. 6. Haifei Li @HaifeiLi 6. tuandv of Viettel Cyber Security 8. P1hcn 9. 0x140ce @0x140ce 10. Matthew Jensen

We triggered WhatsApp 0-click on iOS/macOS/iPadOS. CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300. Analysis of Samsung CVE-2025-21043 is also ongoing.

90% of my Twitter DMs are asking me about how to start getting into Malware development. Well, I love answering them but it's easier to write a small thread about it so here we go. 1/12

@HaifeiLi @msftsecresponse Oh I’m curious. Because it seems like my gift from MSRC hasnt arrived yet

Look what I just received. Thank you @msftsecresponse for delivering the MVR 2025 swag box to me. 😊

🚨 We identified a ViewState deserialization attack affecting Sitecore deployments. The attacker leveraged an exposed ASP[.]NET machine key to perform remote code execution. Get the full details, indicators of compromise, and defensive recommendations: goo.gle/47oNWll

My first year at MSRC and being in the top 100 MVR is something I am very proud of😊. Thank you @msftsecresponse for your enthusiastic support🫡. Congratulations to all the researchers on the leaderboard 🎉

While waiting for the Pwn2Own chain, you might want to read this. Disclaimer: This is a bug I discovered by accident, and already been resolved. I’m not sure which CVE or patch this maps to. If you know any information, please feel free to leave a comment blog.viettelcybersecurity.com/sharepoint_pro…

@thaivd98 Đỉnh quá anh ơi

Q2 was a blast for me! Somehow reached Top 5 in @Hacker0x01 Leaderboard 🤪 Reached Top 5 in Highest Critical Reputation 🪲 Reached Top 3 in Web Application Asset Types 😁 Worked & played hard with my teammate @flysec_corp ❤️‍🔥 Let's see how it goes in Q3! 🤓 #TogetherWeHitHarder

Zero-Day used by Stealth Falcon APT group in a spear-phishing campaign: 💥 .URL file exploitation (assigned CVE-2025-33053) 🧰 Custom Mythic implants, LOLBins, and custom payloads 🌍 High-profile targets across the Middle East and Africa research.checkpoint.com/2025/stealth-f…

@janlele91 @Bugcrowd Ss ong ơi

@tunadv @Bugcrowd hên thui bro ơi, ae mình collab cái nhĩ

Epic win in the bug bounty game @Bugcrowd ! Scored $X,XXX for a high-severity finding, then leveled up with an extra $X,XXX bonus after showing the real critical impact. Big thanks to the customer for the props - feeling relentless! 🥳 #BugBounty #bugbountytips #bugcrowd

@thaivd98 Troll à a =))

Yay, I was awarded a $0 bounty on @Hacker0x01! #TogetherWeHitHarder 😂😅🥹😭

@janlele91 Congrats bro 🔥

Happy to announce that I successfully passed OSCP+ on my very first try 🤩 credentials.offsec.com/55b06693-6a42-… #OSCP #BugBounty #learning #Pentesting

@ElonMuskAOC 2(1+2)=6 => 6:6=1 Result: 1

What is the answer?

@AnupamAS01 Congrats bro. Nice catch!🔥

Got 15k bounty in Microsoft zero-day quest thanks to @msftsecresponse for organizing zero-day quest, and a special thanks to @JonathanDutson and @lynnfosec for the fast review and payout. #Microsoft #zerodayquest