Hacktron is the first company to be backed by Project Europe, and we're incredibly excited to be part of the it's cohort. From the day we met the Project Europe and 20VC Fund team, we knew that they were the kind of people we wanted on our side. We had an oversubscribed

Last year I found a XSS bug in Google IDX here's a detail writeup about it. Hope you will enjoy it's kinda lengthy :p Shoutouts to Matan Berson for finding the original bug in Gitlab and Sreeram KL Sivanesh Ashok for the required chains to complete the exploit. sudistark.github.io/2025/07/02/idx…

Lord Siraj 🙇‍♂️🙇‍♂️

My guilty pleasure? Extremist LW/RW hot takes.

Using an LLM as your *only* social life advisor? you’re just building an echo chamber with a better vocabulary than you.

How do devs use postman or like for testing/qa? Burp go brr brr.

Whilst most companies launch with buzzwords. Hacktron AI launches with bugs. Co-founders Zayne, Mohan and Harsh present Hacktron: their first AI-powered pentest. Hacktron’s tagline is PoC || GTFO, anything else would be noise. Full intro and pentest report in link below.

Securing Gumroad with Hacktron AI Three months ago, Hacktron was still early. Hacktron AI and Harsh Jaiswal were finding 0-days targeting specific vulnerabilities on OSS software. Then we ran a full pentest-style scan on a big open-source project. The results were insane. 🧵

s1r1us Gumroad Hacktron AI Harsh Jaiswal Interesting stuff! Love the way your team is building in public and sharing more than just marketing.

I feel sad for gpt 5. A for efforts.

The opinion is inherently flawed. CTFs are great to develop problem solving, grinding, finding niche solutions of a particular problem. Which btw is one of the skill a good employer would look out for. Personally, Im from bug bounty background but anyone saying CTFs are time

what are we flexing the new logo or the bounty?

Hacktron co-founder Zayne posted on socials a few weeks ago go that their automated offensive security company needed a modern logo. We did our thing 🗣️

Found an RCE in Google Web Designer :) Very similar to the CSS Injection to RCE found by Bálint Magyar. sudistark.github.io/2025/09/23/RCE…

The watchTowr Labs team is back, providing our full analysis of the Oracle E-Business Suite Pre-Auth RCE exploit chain (CVE-2025-61882). Enjoy with us (or cry, your choice..) labs.watchtowr.com/well-well-well…

you can just do things

Hack so big that even Hacktron AI is affected. We use a service that use the affected backend.

A few months ago, Harsh Jaiswal and I gave a talk, sharing the slides here in case they’re helpful to anyone.

With the speed s1r1us is pwning these new browers, I do not think there should be any new browser coming from orgs who do not have heavily invested in browser development. I know this are just chromium forks. But people should be very careful using those for day to day

Always been fan of learning things on-demand. In context of security there’s so many concepts I didn’t know until I had to workaround/hack those.