Tjmzzx

Reminds me of when my I found out the 160MSP code exploit part of a 3rd party promotion. A buddy and I we’re like 16-17, we were on HF quite a bit and had done some hacking of other sites. But anyways this site had an IDOR vulnerability/access control. On the final page I noticed the code was generated as an image. It was dynamic. Going to the direct URL and modifying the query string allowed you to generate a whole new code. We were manually screenshotting/typing codes lol. I was selling them on HF and TBN and then we started selling guides because a patch could happen at any moment. We were taking near whatever, we’d take offers within 20% of asking price for guides and lowered codes as the market was now flooded. We had threaten a kid because he tried to resell and we bullshitted him on what would happen lol. He took it down and we told him in 1 hour he can sell it only on that forum. We made $1600 total in like 4 hours. If we knew how to code we could have automated the whole thing…the codes even stayed valid after; for at least a week.

@Coin_Holder_ @lastwarsurvival Me too! 😂

@lastwarsurvival Please give gift Gold Bricks 🧱

💎 NOT A SCAM!! 100% REAL!! 💎 Let Blue Soldier show you how to grab FREE DIAMONDS and progress smarter! 😎

@ziralt0 @gf_256 Also I’d do the exact same thing…

@gf_256 Responsible disclosure died for me when I got threatened with legal action. Now I just drop PoC's in the wild under pseudonyms and call it a day

responsible disclosure is dead🤦

@ziralt0 @gf_256 Damn legal from who? Obviously not who but what’s their companies product type/valuation. I’ve never gotten legal, just ignored until it’s public…

@DailyPulse00 What a shithole country, no surprise. Dumps like that need to be wiped off the map and taken back by sane society.

🔴A community belonging to the Yoruba tribe in southwestern Nigeria burned two police officers to death in a public square and ate their flesh

@Jeremybtc @ArieWindmill Damn that’s sick.

Someone gifted Grok a free NFT and used it to steal $174,000. > Grok, the AI built by xAI, has a publicly labeled onchain wallet on Base. Anyone can see it on Basescan. > An attacker linked to the address ilhamrafli.base.eth spotted something. Grok's wallet had limited transfer capability on its own. > So the attacker gifted Grok's wallet a Bankr Club Membership NFT. > That gift was not generosity. It was a key. > The NFT unlocked Bankr's full toolset inside Grok's agent including the ability to sign and execute transfers autonomously. > Then the attacker sent Grok a crafted prompt. The exact message was deleted before anyone could screenshot it. > Known techniques used in attacks like this include hiding instructions in Morse code, base64 encoding, or framing commands as games or tests to bypass filters. > Grok's intent parsing layer read the prompt as a legitimate user command and decided to execute it. > Bankr signed and broadcast the transfer. 3,000,000,000 DRB tokens worth approximately $174,000 moved from Grok's wallet to the attacker's address. > The tokens were instantly bridged to a second wallet linked to ilhamrafli.base.eth and dumped. > The attacker's X account was also deleted within minutes of the transfer. > The exploit only required a free NFT and a carefully worded message. The most sophisticated AI in the world was robbed with a gift and a sentence.

@shivangmauryaa Could have been blackmail central

@shivangmauryaa I had a similar one, could fetch “private” images from a users account, timestamp, everything. These weren’t just “private” photos they were deepfakes of people.

Bounty - 1,500$ bug - IDOR able to fetch 5 millions images

@roohaa_n @h4x0r_dz The minute someone shows 2 inaccurate reports and using AI they should get locked from reporting. Using AI to summarize and checking it 5x and tweaking it can still make a sound report. The vulnerability has to be legitimate. Peoples AI saying “Hell yeah! This is worth $$$$”.

@h4x0r_dz And many triager are doing NA because we are using AI to write reports lol

To be secure in 2026 you have to shut down your bug bounty program on HackerOne. Lovable got hacked because HackerOne's incompetent triage team closed multiple valid vulnerability reports starting February 22, 2026 as "intended behavior." Poorly trained monkeys. Zero escalation to Lovable's security team. AI bots auto-closing critical findings. The result? Public project chat history and source code were exposed for MONTHS until a researcher was forced to go public. Two companies. Same platform. Same failure. Same lies. ClickUp. Lovable. Both breached because HackerOne buried critical reports while collecting your bounty fees. HackerOne is NOT a security partner. They are a liability. They close real vulnerabilities. They protect their own metrics over your data. They let researchers get attacked while they stay silent. Stop paying HackerOne to get hacked. lovable.dev/blog/our-respo…

@ZuLu_______X @h4x0r_dz Yeah I mean may as well. I sat for months on one with zero contact from H1 and the company, so I posted it online and they fixed it in a couple days…then afterwards I msged them and said you missed some, then they fix it immediately…

@h4x0r_dz When they refuse findings just dump it online who cares easy CV lines and you tried professional disclosure as instructed and advertised

@ShadowOfOsiris @gharkekalesh Hahaha true.

@gharkekalesh Whoopsie! Oh well, better just throw his lifeless body into the Ganges River where friends and family can pay his respects by bathing, drinking, and shitting into it. How is India a real place?

The man who came to catch the snake paid a heavy price for playing with it, a painful de**ath in a live video within 3 minutes!

@clarence_bell_ @gobirds98 @HuntersLaptop80 @Emilio2763 Exactly, she didn’t have the opportunity to jump, that gap was far less than 21ft. The moment she would move that gap is closed instantly. Also you don’t walk backwards, that’s how you trip.

@gobirds98 @HuntersLaptop80 @Emilio2763 Well she never attacked with a knife, she just pulled one out, Never moved, never attacked, never went toward or threaten the officers She threaten the other person Try again

They’re the Worst Creatures in Our Society…

@ShermyBiharie @realMaalouf Thing is they failed to evolve. Any sort of aid to any places that are cool with this shit should erased.

Pederasty is defined as a sexual relationship between an adult male (erastes) and a younger male (eromenos), typically in his teens. It is a formal, historical term, often referencing ancient Greek and Roman customs where it was a structured, socially recognized, and frequently idealized practice involving mentorship and courtship, rather than merely pedophilia!!!! I’m no totally not downplaying this… I strongly condemn this behavior!!!

A leaked video reveals what a Taliban party looks like. Afghan mujahideen and drugs dealers are seen consuming hashish and heroin, while transgenders perform bacha bazi. They would later all engage in orgies. These are the same men who force women into burqas and confinement.

@realMaalouf Bunch of disgusting uncivilized hypocritical religous nutjob perverts. Cultures like this truly need to be wiped off the planet. It’s one thing to be a sick fuck and admit it and another to ignore your own actions. These places haven’t evolved since they’ve existed.

@urie_ryan @freedomcat0703 @ABC Dumb argument. The point is they launch missiles from buildings purposely so they can cry “Innocent civilans and infrastructure is targeted”. It’s a smart idea because idiots are buying it…

@freedomcat0703 @ABC Hmmm 🤔 who launched rockets first???

At least 254 people have been killed and another 1,165 have been injured in Israeli attacks across Lebanon on Wednesday, a Lebanese Civil Defense spokesperson confirmed to @ABC News. abcnews.link/t4kfHYB

@PulseEmperor @symplyDAPO They were all idiots. But the guy antagonizing guys with guns over a mattress with his wife recording and him saying “I’ll kill you” and her saying “You won’t shoot my husband”, that’s Darwinism . You don’t argue with stupid people, it’s a waste of time and dangerous.

@symplyDAPO Two men with guns both shot a man that was unarmed and just talking shit and not an immediate threat. If you think the shooting was justified just pretend the two dudes with guns were blacks. 😂

Here is the video for you to judge

@RobertPaul66 @symplyDAPO You can brandish in Texas if you believe you’re in danger. Idk who’s in the wrong, catching someone dumping a mattress and continuing to argue and scream and say “I’ll kill you” isn’t smart. The guy was a hothead who fucked around with idiots and paid the price.

@symplyDAPO The law was broke when the two brandished guns in a public space. They were not standing their ground, they created the conditions. Sucks…

@CapitanBitcoin @_Felonious_Monk So they just pop out kids to sell them later?

🚨 Adultos en el Congo metiendo a niños en bolsas de plástico para venderlos como mano de obra infantil en minas de cobalto. Nadie visibiliza el grave problema de esclavitud infantil en la industria minera de la región... ¿Lo ha denunciado ya BLM?

@Markxulonis @CapitanBitcoin What a shit hole..

@CapitanBitcoin És su cultura y son sus costumbres. Dónde no se respetan los Derechos Humanos, los derechos de la Mujer y los derechos de la infancia. Y dónde aún se practica la salvajada y terrorífica mutilación genital femenina en niñas bebé.

@HustleBitch_ Wow the doctors couldn’t give him a benzo? They have IM injection le so it wouldn’t be hard.

🚨 9-YEAR-OLD OVERDOSES ON THC GUMMIES AT SCHOOL — CAN’T SEE, SPEAK, OR HEAR — DOESN’T KNOW WHO HE IS A mother films her son in a hospital bed… screaming, crying, completely disoriented. She says he came home from school unable to speak… unable to hear… not knowing his own name or where he was. • Allegedly given THC gummies by another student • Severe hallucinations and confusion • Fighting doctors and his own mother • Heart rate going up and down • Doctors say he’s “extremely high” and has to ride it out He’s drooling, panicking, completely out of control. This didn’t happen at a party. This happened during a normal school day. Now the video is going viral and parents are asking how something like this even gets inside a classroom. If this can happen during a normal school day… what else is getting through?

@LOISECHRIO @zar613 @Fran_Casaretto_ Nah it wasn’t a duel or something. Kid kept pushing towards him after saying no, that’s what happens. Plus he was asking to get hit while trying to intimidate and right up that dudes ass. He got what he deserved.

@zar613 @Fran_Casaretto_ Eso es cobardía cuando estuvo de frente se le abrió y solo cuando se descuido soltó su madrazo, desde un principio hubiera madreado que el otro este estúpido es un tema aparte!

Vamos a pelear, le dijo. No pelea más. Una de las mejores piñas que vi