Sameer Bhatt (Debugger)

Needle in the haystack: LLMs for vulnerability research I've distilled my experience of sending thousands and thousands of prompts for using LLMs to discover vulnerabilities into a single write-up. These are the conclusions I came to.. (link in comment)

@Arl_rose It was pleasure working with you, thank you so much for everything. ❤️

After almost seven years, my journey at HackerOne comes to an end today. This has been one of the most impactful experiences of my life, and I wanted to share a bit more about the ride. It all started in 2018. I had a dream of bringing a Live Hacking Event to Argentina after seeing the magic of the community in Las Vegas. I am forever grateful for the trust placed in me back then. Someone took a chance on a random guy from Argentina and made my hire happen, and I wouldn't be where I am today without that shot. In the years since, I have been lucky enough to build things from the ground up. I was tasked with building the pentest community from scratch when we launched the product, and seeing it grow into a home for hundreds of professional pentesters has been incredible. My biggest passion project was always focused on a worldwide hacking competition. My early pitches for a regional tournament eventually evolved into building a global network of hackers instead. We started that program with just seven people. Today, I leave a network of 90 ambassadors across 45 countries. That network finally allowed me to execute the Ambassador World Cup. Watching that tournament evolve into a global phenomenon that paid out 2.4 million dollars in its latest edition was a dream come true. From the finals in my hometown of Buenos Aires to the trophy presentation in Dubai, seeing hackers find their first bugs through this program has been the highlight of my career. After 20 Live Hacking Events as an employee, traveling the world and meeting the community in person kept my passion alive for years. None of this was a solo effort. I was only able to be creative because my team was the best in the business and I was given the room to run. Thank you to the global community of hackers and the rockstars on the community team for being such a massive part of my life. I am moving on to a new chapter to do some fun stuff. More to come on that soon. Thank you for everything and stay in touch!

@infinitelogins RESOURCES

I analyze thousands of bug bounty content items every month. Less than 5% makes it to the newsletter. I distilled those curated selections down to the top 25 resources for 2026 and put them in this PDF. It includes the top platforms, tools, and people that consistently deliver high signal content. Comment RESOURCES and I'll DM you the PDF for free. (Make sure your DMs are open) #BugBounty

👼GatewayToHeaven (CVE-2025-13292). I discovered a cross-tenant vulnerability in @GoogleCloud's #Apigee, allowing me to access other organizations' data (and sometimes even plaintext JWTs of end users). Below is the full breakdown of the exploit chain⛓️

Account Takeover in Facebook mobile app due to usage of cryptographically unsecure random number generator and XSS in Facebook JS SDK ($66,000) ysamm.com/uncategorized/…

We've published a new blog post by RyotaK @ryotkak He discovered 8 methods to bypass safety mechanisms in Claude Code, leading to arbitrary command execution. We recommend updating to v1.0.93 or later to fix this vulnerability (CVE-2025-66032). flatt.tech/research/posts…

Just published my first blog post "Cache Deception + CSPT: Turning Non Impactful Findings into Account Takeover" You can read the full write-up here: zere.es/posts/cache-de…

Ironically, there is nothing more expensive than being poor. You likely had an unhealthy lifestyle that you never noticed because everyone around you had the same. You were stuck in a job that didn't allow you to become who you wanted to be, but you had so many urgent fires to put out, you had no way out. You wasted so much time and energy commuting every day because living hours away from your workplace was all you could afford. Any signs of ambition got shot down by your fellow "crabs in the bucket" who projected their insecurities on you, and who didn't want you to leave them behind. You've been learning the price of so many things, but you now have to learn the value of the things that matter. You had to unlearn all the lies and wrong beliefs that you were fed in a society where average people (with a bit of money) are always confidently wrong. Especially, you once genuinely believed that the game was fair and that "hard work" alone would get you rewarded. You had to relearn how to not live in the constant fear of being taken advantage of, and how to play games that make you thrive as a person, and not just survive. Especially, you had to rebuild your self-esteem, and understand that you can achieve way more than you think, but only if you have the courage to follow an independent path. And finally, you had to cultivate the mental strength to accept the painful fact that you had a very late start, but it doesn't matter, because you can start climbing today, and you will look back in many years with true confidence and a bit of pride, to the sight of everything you had to overcome to build the life you wanted.

If you could go back to the very start of your security/hacking/bug bounty journey, what is 1 piece of advice you would share with yourself? #bugbounty #hacking #hacker #security

With only 48 hours remaining in a bug bounty event, I used @HacktronAI CLI to perform large-scale analysis of several JDBC drivers. Netting $85,000 in total rewards. This write-up shows how AI-assisted vulnerability research is speeding up the work of researchers and leading to high-impact findings. Read here - hacktron.ai/blog/jdbc-audi…

We let the Internet down today. Here’s our technical post mortem on what happened. On behalf of the entire @Cloudflare team, I’m sorry. blog.cloudflare.com/18-november-20…

I won the Most Valuable Hacker award at H1 3120! 5 months ago I was invited to my first LHE where I achieved a 2nd place. It was an amazing experience that made me want to work harder to compete against myself. And after spending 15h a day in front of my laptop here we are :) Big thangs to @Hacker0x01 and @salesforce for all the work during this event. Also to all the amazing hackers I’ve met during this days. Last but not least… 🧵

Amsterdam brought the 🔥! @salesforce + #H13120 = one incredible Live Hacking Event 🇳🇱 Security researchers tackled AI challenges head-on—finding vulnerabilities, sharing insights, and shaping the future of secure innovation. #HackForGood #AISecurity #TogetherWeHitHarder

H1-6102 | Sydney 🇦🇺 🥇 shubs 🥈 alexandrio 🥉ajxchapman H1-468 | Stockholm 🇸🇪 🥇rhynorater 🥈 blaklis & snorlhax 🥉 doomerhunter H1-65 | Singapore 🇸🇬 (TikTok) 🥇 m4ll0k 🥈 avishai 🥉mrhavit H1-65 | Singapore 🇸🇬 (OKX) 🥇 corraldev 🥈 hackerontwowheels 🥉 ledz1996 H1-515 | Des Moines 🇺🇸 🥇 none_of_the_above 🥈 ali 🥉 zlz, ziot, nahamsec

What. A. Day. ⚡ We kicked off #H13120 Community Day with @Salesforce—where security researchers shared insights on AI, protocol security, and social engineering, and wrapped up with a welcome reception to learn and connect. #HackForGood #TogetherWeHitHarder #AI 📸:

⚡️ @Salesforce, HackerOne, and the researcher community are back again. This time heading to Amsterdam for #H13120 to test AI security. #TogetherWeHitHarder #HackForGood

What a moment! #LVM3M5 lifts off with #CMS03, marking another milestone in India’s space journey. Relive the liftoff highlights

@Michael1026H1 @Hacker0x01

Finally hit $1m on @Hacker0x01

@jayesh25 @Hacker0x01 @EpicGames

Find the full article here ⤵️ yeswehack.com/learn-bug-boun…