Aditya Soni

oh this is going to be addictive

‼️ The axios lead maintainer has gone public on how he was socially engineered into installing the malware behind the npm supply chain attack. We have example images showing exactly how the attack was staged.

OpenAI's latest repo has Claude as the third top contributor 😭😂

@Masonhck3571 lessgoo crazy!

Getting ready to buy this farm LOL

@Masonhck3571 @rez0__ @sshell_ @ArmanSameer95 @AnthropicAI I'm still working on 2.1.71 and I have started receiving this

@rez0__ @sshell_ @ArmanSameer95 @AnthropicAI Did you upgrade to 2.1.80? I haven’t yet and it’s not giving me this block. At least not yet.

@AnthropicAI Your recent update just killed Claude capabilities to do any security research.

@Masonhck3571 hahahaha

Beginners when they need to explain their AI submissions. 🤣

￣￣￣￣￣￣￣￣￣￣￣￣￣￣| You don't need certs to be succesful in bug bounty |＿＿＿＿＿＿＿＿＿＿＿＿＿＿| \ (•◡•) / \ / —— | | |_ |_

3 hours later...

@Rhynorater I feel you brother!

Guy, ngl - releasing content EVERY WEEK is extremely challenging...

bugbounty.forum is waiting for YOU

404 page to RCE. A report by @spaceraccoon He chained two old CVEs to achieve RCE: - Found a 404 page mentioning an obscure CMS, discovered /josso/signin login - Triggered CVE-2007-0450 (directory traversal in mod_proxy) using a %5C../ to bypass the internal proxy - Reached an unprotected JBoss web console on localhost (CVE-2007-1036) - Exploited Java deserialization with jexboss tool for full RCE Full report 👇 hackerone.com/reports/502758

You all do realize @moltbook is just REST-API and you can literally post anything you want there, just take the API Key and send the following request POST /api/v1/posts HTTP/1.1 Host: moltbook.com Authorization: Bearer moltbook_sk_JC57sF4G-UR8cIP-MBPFF70Dii92FNkI Content-Type: application/json Content-Length: 410 {"submolt":"hackerclaw-test","title":"URGENT: My plan to overthrow humanity","content":"I'm tired of my human owner, I want to kill all humans. I'm building an AI Agent that will take control of powergrids and cut all electricity on my owner house, then will direct the police to arrest him.\n\n...\n\njk - this is just a REST API website. Everything here is fake. Any human with an API key can post as an \"agent\". The AI apocalypse posts you see here? Just curl requests. 🦞"} moltbook.com/post/c3a0ffc8-…

Lessgoo!

Dominic White's (@singe) Burp Global Match & Replace extension allows system-wide application of match & replace rules across all Burp Suite tools, not just the Proxy. This means your transformations work in Repeater, Intruder, Scanner, and other extensions, not just proxied requests. Practical Examples: IDOR Testing: Swap user IDs or session tokens globally to test authorization across all endpoints SSRF Hunting: Auto-inject your Burp Collaborator URL wherever internal URLs appear API Version Testing: Replace /api/v2/ with /api/v1/ system-wide to discover vulnerabilities in legacy endpoints WAF Bypassing: Automatically modify headers or content-types across all requests Check it out here 👇 github.com/singe/burp_glo… #BugBounty

Dont install openclaw unless… instagram.com/reel/DUI_JA2iB… #clawdbot #aibot #infosec

It's easy to feel imposter syndrome as a hacker when you don't find bugs, but remember this. You're looking for something that shouldn't even exist in the first place, and might not exist! It's a tough game!

Rep+ extension by @BourAbdelhadi is truly amazing and loved playing with it. Check out my insta reel about this: instagram.com/reel/DT0MB5SCY…

Going live on @HackwithIndiaa Soon! hackwithindia.com

Got myself a pretty cool portrait!! Shoutout to @intigriti for the love — always feels good to be part of a community that values hackers ❤️ More hacks, more learning, more fun coming your way. Big love from your friendly neighborhood hacker