Mohammad Kaif

Yay! I was rewarded $15,000 bounty from Apple. Account takeover via App Store 👀 #bugbounty #cybersecurity #pentesting

"Bounty awards are determined and paid based on what is demonstrated in the report, not on claims made in the report but not proven with evidence or proof of concept." - Apple Security Team The POC:

@one33se7en @Hacker0x01 Congrats!!

>use a security tool in CI get pwnd >update your dependencies get pwnd >do nothing, ignore security win

Reverse engineering Apple’s silent security fixes, by @blacktop__ We grabbed the latest iOS update, and diffed it with ipsw. The diff reveals at least two security-relevant changes that were shipped quietly. open.substack.com/pub/calif/p/re…

@speedyfriend433 Congrats!

👀

Woke up to getting acknowledged by Apple! Apple just pushed an update to fix a vulnerability I reported on Music app. support.apple.com/en-in/126792 #bugbounty #CyberSecurity #appsec

If you missed the talk at @1ns0mn1h4ck , our latest blog post is now available for you to explore. In this post, researchers @Hacker_Chai and @SachaKozma detail their journey to a 1-click RCE exploit on the Samsung S25 phone. Check it out here: bugscale.ch/blog/shoot-for…

Google Threat Intelligence Group has identified DarkSword, a new iOS exploit chain leveraging six zero-day vulnerabilities. Multiple threat actors are actively using it to deploy malware payloads. Update your devices or enable Lockdown Mode. 👉 bit.ly/4bRveEz

@0xLupin Congrats!!

WE DID IT ! WE RAISED $5.9M PRE-SEED 🥳🎉🎉

@RuDrAkShacker Thanks, Yash!

@_mkahmad Let's go 🙌😎 crazy stuff @_mkahmad

Yay! I was rewarded $15,000 bounty from Apple. Account takeover via App Store 👀 #bugbounty #cybersecurity #pentesting

@xpl0itmE 1 click access to App Store Session Cookies

@_mkahmad accounts takeover via app store ? can you explain more ?

@L3onid1s Thanks!!

@_mkahmad Congratulations man… Hitting hard as always 💪🏻🔥

@speedyfriend433 Thanks!!

@_mkahmad Congrats!!!

Looking for xss or open redirect on *[.]apple|icloud[.]com

📢 Interested in AI and agent security at Google🛡️? This post looks at how we mitigated the risk of URL-based data exfiltration through provenance checks and sanitization – effectively blocking a prompt injection-based exploitation vector. bughunters.google.com/blog/mitigatin…

@ITSecurityguard Sure! I will try and let you know! Btw I have to pull reports from OPPO and Tecno SRC , I have worked on them for several years, haha!

@_mkahmad Give it a try! Would love to hear if it helps you finding more bugs

New series on using Claude for bug bounty 👀. sync your hackerone reports, cross-referencing past findings against new targets etc. The actual workflow, not the LinkedIn fantasy. Feedback from AI-maxers always welcome ❤️ clawd.it/posts/11-teach…

I finally let Claude do my pentest this week. Full 5-day engagement, zero human input. Here's what the client got: 😏 clawd.it/posts/10-repla… #bugbounty #pentesting #AI #cybersecurity #infosec #claudeai

@sudhanshur705 @antigravity Awesome research as always!

Part 4 of our Hacking AI Apps series. This time we hacked Google's @antigravity A vuln that let us write files to arbitrary location on the victim's system, leading to RCE just by visiting an attacker controlled website. Hope you guys will like the blog 🙇‍♂️