DiMaX

@Kle0z Congratulations, how many awards were given for this?

Finally confirmed!

@Shabosec @sachin_pandey98 @lostsec_ Congratulations, can you share what self-hosted bbp is?

@Shabosec @lostsec_ Congratulations, can you share what self-hosted bbp is?

@Shabosec @sachin_pandey98 Congratulations, can you share what self-hosted bbp is?

@Shabosec @yamarajislitaf @Olamdeen @4osp3l Congratulations, which Yandex dork did you use to find this leak?

@sysdig Hello, Do you have a Bug Bounty program? If so, could you please share the details on how to report findings?

Are security teams hitting the limits of what humans alone can handle in the cloud? The data points to yes. Read the report to see what’s changing and what it means for how you defend the cloud: okt.to/ZyD2sf

@Mar0_0uane You can try reporting it, maybe they will accept it.

Does anyone know if this domain is in scope for Anthropic’s private program on HackerOne? (I’m not a participant.)

@ma1fan This happened to me too, at a major Chinese crypto exchange. I had a leak of AWS keys, which can be used to change the code of any JavaScript file the exchange has. They rewarded me with $800 for it. 🤦‍♂️

I reported a critical vulnerability to a top-tier crypto exchange—an exploit that could allow an attacker to crack and steal wallet private keys within minutes. By all industry standards, this was a severe, high-impact bug. Yet, they initially offered me a measly $4,000 bounty. I refused to accept it and pushed back hard. After a prolonged back-and-forth, they spent ages escalating it to their leadership. Following endless rounds of "approvals," they finally added a whopping $1,000 to the offer, bringing the grand total to $5,000. I am honestly "moved to tears" by their generosity, considering an exploit of this magnitude is easily worth at least $50,000. Seriously, my advice is to avoid participating in Bug Bounty programs run by certain Chinese teams. It seems they would much rather risk getting drained for tens or hundreds of millions of dollars by actual hackers than pay a white hat a single extra cent for protecting them.

@sysdig Hello, Do you have a Bug Bounty program? If so, could you please share the details on how to report findings?

The good news? ✨ Security teams can see more risk than ever. The bad news? ⛔ Risk doesn’t go away until something gets fixed. Start delivering security outcomes today: okt.to/CrzHEy

@immunefi I hit a whitehat level gate, I found a high vulnerability, how can I report it? @immunefi @AlchemixFi

Alchemix bug bounty has relaunched on @immunefi with their new v3 contracts. Up to $300K in rewards. Now's the time to look at that code. immunefi.com/bug-bounty/alc…

@itsabinashb @hakiraio @HackenProof Congratulations, did you get a bounty for that?

Yesterday I tried @hakiraio 's AI agent on a bounty in @HackenProof platform. It handed me a critical & a low severity bug. Best thing is I cross tested the same with opus 4.6 and it also verified it. Outstanding work by @hakiraio team.

@Ehsan1579 Congratulations! Can you honestly tell us if you use any kind of AI or if you find vulnerabilities completely manually?

@BugBunny_ai Hello, can you check your DM?

it's raining, bunny loves a CVE rain CVE-2026-34158 CVE-2026-34167 CVE-2026-34170 CVE-2026-34171 CVE-2026-34198

@7urb01 Can you share which prompt we should use to get the best result from claude code?

🙈

@rez0__ @ZackKorman Does NVIDIA have a private BBP? What platform is it on?

@ZackKorman you should submit to their vdp and then get invites to their private programs so you can make some cash off your efforts

NVIDIA Nemoclaw's security is worse than I expected. The AI can modify its own config to bypass security controls. I asked it to accept websocket connections from any origin and change its token to something trivial (123). Now any site I visit can give instructions to my bot.

@rez0__ You always say that, but tell us what prompt should we use so that Claude Code actually finds at least some bug in the source code or do you use your reports from Hackerone as skills for Claude Code?

claude code is all you need

@oxxxssh @GaliLokesh3 I wrote to you in DM

@dmxjon @GaliLokesh3 I cant you disabled dms

First 4 digits payout on @intigriti

@oxxxssh @GaliLokesh3 Can you dm me? I have blind ssrf.

@GaliLokesh3 send dm

@archethect @pashov @0xiehnnkta Are these vulnerabilities actually exploitable?

@pashov @0xiehnnkta To give some insights

Devil's Advocate protocol on sc-auditor V2 is working so well 🔥 Reached an impressive 90% True Positive rate on a benchmarked contest by @pashov and @0xiehnnkta with 16 true positives on 18 total finds. Full numbers, comparison and release of sc-auditor V2 tomorrow 🕵️

@ARAGUI99 @AMD @intigriti Congrats! Was it a hardware bug?

Proud of my achievement with @AMD ! Thanks to @Intigriti for such a fair environment; I never feel the need for mediation because their integrity is truly top-tier. This recognition is the result of truly hard work and continuous dedication. #BugBounty #Intigriti #InfoSec