I got 3 CVEs:
CVE-2026-27593:
Patched before, but still exploitable. Achieved Admin Account Takeover.
CVE-2026-4420:
Stored XSS → chained → 1-click Account Takeover
CVE-2026-33177:
Broken Access Control via alternative controller bypass.
Full writeups in comments.
هو ازاي الصين بتبيع Tokens بسعر ارخص من الشركه نفسها
مع انه نفس ال Model يمكن ارخص بي 50% كمان
قعدت اقراء شويه لقيت Transfer Stations الي هو بيفك الحظر عن الصين ف ازاي ممكن يخلي سعر ال Tokens ارخص
ولا اساسا الناس دي بتنصب بتشغلهم Sonnet من تحت لتحت على اساس انه Opus
@m19o__
ليه ممكن اشترك في كورس بفلوس يقولي ازاي اكتب Prompt للAI و يعرفني مميزات chatGPT
تعالى بقا اديك كورس و شهاده تحطها ف النيش جمب الاطباق الصيني و هعلمك ازاي ممكن تخلي كلود يتربط ب Google Calendar و يقولك مواعيدك
During my security research, I discovered a method to bypass the Flutter safe_device package, which receives approximately 30,000 downloads every week.
The package is commonly used to detect:
- Jailbroken iOS devices
- Rooted Android devices
- Emulators
https://t.co/pK7MPBFx0q
عامتا فيديو جامد فشخ @BashmohandesM
كنت فاكر ان Fugu هيبقا زي الـ model الصيني ف السعر
ومستني model ابن حلال صيني يلحق يسرق اي حاجه من Fugu و يبيع الكيلو ب عشره
لسه ناشر مقال عن ليه الـ Flutter Apps منقدرش ان احنا نلقط منها الـ Traffic على Burp Suite و احنا بنعمل Pentest على Mobile App عالطول زي كوتلن و جافا مثلا و الشله دي
https://t.co/hF9fOOwOKY
The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees.
The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance.
Access to all other Claude models is not affected.
We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible.
Read our full statement: https://t.co/bwn0sximKZ
New research disclosed
فريق Dexpose و Darkatlas
قدرنا نعمل identity reveal ل Quellostanco
عضو في Int3x
اللي كان بيتارجت الجامعات والحكومات المصرية
We successfully conducted a full identity reveal on Quellostanco, an active member of the Int3x group, who was systematically targeting Egyptian universities and government entities.
https://t.co/FR45Q1jIOC
Bug bounty is not only about finding one good bug. It is about learning, staying consistent, and thinking outside the box. Even duplicate reports teach you something new and help you improve for the next finding. Keep learning, keep testing, and never stop trying.
Many people only see the final result in bug bounty hunting, but not many talk about the real side of it. In almost one month, I submitted around: 20 reports
- 2 was Accepted
- 15 were Duplicate
- 3 were Informative
This is the real side of the journey.