🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

the research paper is out: Next.js and the corrupt middleware: the authorizing artifact result of a collaboration with inzo that led to CVE-2025-29927 (9.1-critical) zhero-web-sec.github.io/research-and-t… enjoy the read!

We (+sagitz Ronen Shustin Hillai Ben-Sasson) found a series of unauthenticated RCEs in core @KubernetesIO project "Ingress-NGINX". The impact? From zero permissions ➡️ to complete cluster takeover 🤯 This is the story of #IngressNightmare 🧵⬇️

Welp, I guess the rumors are true... With the new HackerOne "research" subscription you can buy yourself into prioritised triage and private programs 😡

Obviously an April fools joke, but the 79,99$ for unlocking private reports is crazy

Love it

MITRE’s CVE funding just dried up because the US can’t get its paperwork in order. Maybe global cybersecurity shouldn’t depend on one country’s clown show. Just a thought.

📷 Just released ProKZee v0.0.1! My new cross-platform tool for HTTP/HTTPS traffic interception features a modern UI and powerful analysis capabilities. Perfect for developers and security researchers. Check it out: github.com/al-sultani/pro… #infosec #bugbounty #bug_bounty

👀

I made a tool to help test archive (zip/tar) extraction bugs (synk working directory into archive, add path traversals, links, permissions, etc): github.com/avlidienbrunn/…

1/ In late 2023 a former Yuga Labs security researcher was stopped at the airport after law enforcement mistakenly linked them to a $1.1M phishing theft from a Bored Ape owner. Here’s an investigation into where the stolen funds went and who’s actually responsible.

Just waiting on the AI that cleans up AI-generated slop. Should be any day now. 🤌🏻

Things are happening soon… 👀 fromdayzerotozeroday.com

I am killing it lately with the bug bounty stuff

Lads, its on

Happy Pride Month! Celebrating all the courage it takes to live your truth and love openly. God is love, and whoever lives in love lives in God, and God in them.' - 1 John 4:16 ❣️

What does it take to hack a Sonos Era 300 for Pwn2Own? Take a look at our process of adapting existing research, establishing a foothold, and exploiting media parsers for unauthenticated RCE over the network🔥👇 blog.ret2.io/2025/06/11/pwn…

How do we turn bad SSRF (blind) into good SSRF (full response)? The Assetnote Security Research team at Searchlight Cyber used a novel technique involving HTTP redirect loops and incremental status codes that leaked the full HTTP resp. It may work elsewhere! slcyber.io/assetnote-secu…

We all know who the real #1 US Hacker on HackerOne is 👇

Honestly a bit surreal, but I’ll be joining Assetnote as a Security Researcher soon🦆. Excited to be part of such a brilliant team.