🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Hey! Just wanted to take the time to congratulate Team Spain for winning the HackerOne World Cup this year. You guys are beasts 🇪🇸🥳

What an awesome event ! It was amazing to work with Justin Gardner Joseph Thacker and Ciarán Cotter !!! 🔥

I’m always happy to sponsor conferences ! The Sthack event is one of my favorite 🤟

I'm starting to get some pingbacks from a User-Agent like: npm/9.2.0 node/v18.19.0 linux x64 workspaces/false Google Geminibot Coming from a Google IP and at this point I don't know what is this and where does it come from. Afaik Gemini doesn't have Code Execution outside

We are in 2025 and there is still no API to know who has Write rights on a Github Repository ?

Ok this is getting more and more creepy. After someone impersonating me on Instagram, someone is impersonating me on Facebook ... Just FYI: I only have Linkedin and Twitter, any other accounts are not me so please be careful

I'm currently reading so much research by Nicholas Carlini on A.I Security. Been a fan of the research on "Scalable Extraction of Training Data from (Production) Language Models" and now discovering some new stuff" 🤯 nicholas.carlini.com

IP whitelisting is fundamentally broken. At Assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: github.com/assetnote/newt…

I won the Most Valuable Hacker award for the Salesforce H1-6102 live hacking event in Sydney (my hometown)! I enjoyed working with some very talented hackers, including RyotaK, Geluchat, and Kévin GERVOT (Mizu). This is my third MVH award, and I'm grateful to be able to compete.

Ran Depi against a fresh target this week: two critical Software Supply Chain bugs found and auto-exploited end to end. My only input was hitting "confirm." Payout: $29,500 😁

They have been deleted 🥳

A new article is coming soon. A new Software Supply Chain discovery with shubs. Stay tuned 😁

Posted this a while back but didn’t tweet it: adnanthekhan.com/posts/dependab… A new-ish variation of Actions TOCTOU for a High submission to GitHub Security #BugBounty

Congrats to these award winners for their innovation, collaboration, and relentless pursuit of impact. 🔥 Most Valuable Hacker | Top Criticality, Community, & Consistency of the event >>WINNER: shubs 🕷️ Exterminator | Best/most Impactful bug of the event >>WINNERS:

Who thought about creating dynamic manifest file definition for dependencies, where it bases the dependency name on the env variables or the version of your programming language ??? Funny way to get Dependency Confusion in the morning haha

With Adnan Khan we ended up finding the vulnerability we brainstormed together. Identified it on OpenSea and they awarded a $10,000 bounty ! 🔥 Hopefully we can disclose this report 😁

The day Justin Gardner burned slonser awesome exploit hahaha ! Huge kudos to slonser again for this awesome finding ;D

This is why I love the gaming community 😁