🚀 SploitScan now supports imports from top vulnerability scanners like Tenable Nessus, Rapid7 Nexpose, and OpenVAS. You can now easily bring in your scans and check for any exploits out there targeting your systems. 🔗github.com/xaitax/SploitS… (for complete changelog)

A cool invisible prompt injection bug in Hackerone's AI report assistant tool "Hai", found by Hazem and Joseph Thacker Bounty: $2500 hackerone.com/reports/2372363 #bugbountytips #cybersecurity #LLM #AI

Introducing the SolidityScan VS Code Plugin – level up your coding experience! Your one-stop shop for secure, optimized coding! Seamlessly integrate into your VS Code for enhanced security, efficiency, and gas optimizations. Integrate Now! marketplace.visualstudio.com/items?itemName… For more

Spot the contract that's a gas-saver! Join the #FindTheBug challenge and show off your smart contract expertise! #BugHunt #SmartContract #CyberSecurity

Bob developed a gas-efficient method for checking address(0). Can you guess the bug? Dive into our #FindTheBug challenge and see if you can find it! #BugHunt #SmartContracts #Web3

Ever had to escalate an XSS and scan your target at scale for CORS Misconfigurations?🧐 Checkout Corsy! A lightweight Python tool by Somdev Sangwan that performs checks for over 10+ different CORS misconfiguration bypasses! 🤑 Corsy is available on Github!👇 buff.ly/2L8MBUz

Bambda Burp Suite script searches through Burp history for JavaScript files, extracts hidden endpoints, and outputs the discovered endpoints to a text file. The script supports three different regex modes for discovery: High, Deep, and Custom, allowing you to add your own

Great research from scryh! I was keeping it for a CTF challenge, but it's probably too late now :p This trick is so powerful that it can be used to bypass most (if not all) server-side HTML sanitizers in the absence of a charset within the Content-Type response header 🤯

I hacked the SAP AI platform by changing my UID to 1337. …Yeah, really. This led to admin permissions on several SAP systems, but also access to customers’ secrets and private AI files 👀 This is the story of #SAPwned 🧵⬇️

Spot the bug and hack the contract! Dive into our #FindTheBug challenge and put your skills to the test. #BugHunt #SmartContracts #Web3

Bob built a contract that utilizes Chainlink to fetch the USDC price, intending to deploy it on multichain. Can you identify the business logic bug? Dive into our #FindTheBug challenge and showcase your debugging skills! #BugHunt #SmartContracts #Web3

Today, my PC was nearly compromised. With just one click, I installed a malicious Visual Studio Code extension. Luckily, I was saved as my PC doesn't run on Windows. Hackers are getting smarter and aren't just targeting beginners. Here's how they do it and how you can protect your coins!

Alice created a contract to allow users to claim USDT tokens. Can you spot the bug? Take on the #FindTheBug challenge and showcase your debugging expertise! #BugHunt #SmartContracts #Web3

SSH Pentest - Cheat sheet

HackerOne India South Club is hosting a bug bounty meetup this Saturday, 26th April, in Bangalore—courtesy of @akshanshjaiswl. Join us for talks on: - HTML Sanitizer Bypass – by Alfin Joseph - Supply Chain Hacking – by Rohit Kumar - Web3 Security Panel – featuring

We had an amazing time at the HackerOne Bangalore Bug Bounty Talks 🎯 Thanks to Alfin, Rohit Kumar Shashank | CredShields, and Aditya Dixit for the incredible sessions on HTML Sanitizer Bypasses, Supply Chain Attacks, and Web3 Security. 🛡️ Grateful to everyone who joined — see you at

H1 2025: More than $2.5B Lost! From Bybit’s $1.45B breach to Sui’s largest DeFi exploit, our latest State of Web3 Security Report breaks down the top hacks and root causes, impact across chains and vectors, and how to stay secure. Download the full report to get the findings.

Want to quickly scan code bases for security vulnerabilities? This AI-backed tool helps you scan for vulnerabilities using Claude AI Agents to scan your entire project for all vulnerability types with support for multiple programming languages! 🤠 Check it out!

Flowsint A modern platform for visual, flexible, and extensible graph-based investigations. For cybersecurity analysts and investigators github.com/reconurge/flow…

any text can be malware delivery if you just believe.