DC3 VDP @DC3VDP - Twitter Profile

8 days ago

APR 2026 Critical Server-Side Template Injection (SSTI) vulnerabilities have been observed within the DIB space. SSTI affects web applications that use template engines for dynamic content rendering. SSTI occurs when user input is embedded without proper sanitization.

DC3VDP's tweet photo. APR 2026 Critical Server-Side Template Injection (SSTI) vulnerabilities have been observed within the DIB space. SSTI affects web applications that use template engines for dynamic content rendering. SSTI occurs when user input is embedded without proper sanitization. https://t.co/t3MDm6RIHa

0

1

0

78

DC3 VDP @DC3VDP

8 days ago

APR 2026 @DeptofDefense Vulnerability Disclosure Program #VDP @Hacker0x01 #Hackers reported a critical severity vulnerability identifying a weakness in the sqlExpressions feature of select Grafana instances, CVE-2026-27876. Read all about it in the #Knowledgebyte.

DC3VDP's tweet photo. APR 2026 @DeptofDefense Vulnerability Disclosure Program #VDP @Hacker0x01 #Hackers reported a critical severity vulnerability identifying a weakness in the sqlExpressions feature of select Grafana instances, CVE-2026-27876. Read all about it in the #Knowledgebyte. https://t.co/IsDOQONM2Z

0

126

DC3 VDP @DC3VDP

8 days ago

Big thanks to @dmDUSTBIN for the excellent discovery of an Open Redirect via Encoded Path Injection.Findings like this highlight how small URL handling flaws can lead to serious security exposure/potential phishing risk. Security research like this helps strengthen the entire DIB

DC3VDP's tweet photo. Big thanks to @dmDUSTBIN for the excellent discovery of an Open Redirect via Encoded Path Injection.Findings like this highlight how small URL handling flaws can lead to serious security exposure/potential phishing risk. Security research like this helps strengthen the entire DIB https://t.co/ahBT0J7I1U

1

3

1

2

230

DC3 VDP @DC3VDP

8 days ago

Huge congratulations to @CISOluke for being named Researcher of the Month. @CISOluke is being recognized for discovering an unsecured API which allowed them to obtain username/password hash combinations, including users with administrative privileges. Well deserved #CyberSecurity

DC3VDP's tweet photo. Huge congratulations to @CISOluke for being named Researcher of the Month. @CISOluke is being recognized for discovering an unsecured API which allowed them to obtain username/password hash combinations, including users with administrative privileges. Well deserved #CyberSecurity https://t.co/MtXK1ijFqJ

0

6

1

0

144

Who to follow

Google VRP (Google Bug Hunters)

@GoogleVRP

We ❤️ 🐜🐞🦗🦟🦋. {echo,{{{Google,Chrome,Android,Abuse,Mobile,OSS,Cloud}Vulnerability,Patch}Reward,VulnerabilityResearchGrants}Program}

DoD Cyber Crime Center (DC3)

@DC3Forensics

Official X page of the DoD Cyber Crime Center. For informational purposes only. Report crime to appropriate law enforcement. Following/RT/links ≠ endorsement.

Youssef Sammouda (sam0)

@samm0uda

Security Researcher/Hacker 1st in Meta bug bounty program for 6 years Opinions are my own and not my employer's.

DC3 VDP @DC3VDP

about 2 months ago

MAR 2026-A critical vulnerability impacting Cisco Catalyst SD-WAN systems has been identified across the DIB. CVE-2026-20127 is an authentication bypass exploited by nation-state actors since 2023. Per CISA ED 26-03 & NSA advisory, patch & hunt now. #KnowledgeByte #DIB

DC3VDP's tweet photo. MAR 2026-A critical vulnerability impacting Cisco Catalyst SD-WAN systems has been identified across the DIB. CVE-2026-20127 is an authentication bypass exploited by nation-state actors since 2023. Per CISA ED 26-03 & NSA advisory, patch & hunt now. #KnowledgeByte #DIB https://t.co/1QB3ZvbtEr

0

405

DC3 VDP @DC3VDP

about 2 months ago

MAR 2026 @DeptofDefense Vulnerability Disclosure Program #VDP @Hacker0x01 #Hackers reported a critical severity access control vulnerability that led to the capture of authentications tokens within the Strapi CMS framework. Read all about it in the #Knowledgebyte

DC3VDP's tweet photo. MAR 2026 @DeptofDefense Vulnerability Disclosure Program #VDP @Hacker0x01 #Hackers reported a critical severity access control vulnerability that led to the capture of authentications tokens within the Strapi CMS framework. Read all about it in the #Knowledgebyte https://t.co/w9YZxkmn0Z

0

341

DC3 VDP @DC3VDP

2 months ago

Big thanks to @mdjab3r for identifying a missing DMARC record. Without DMARC, domains are far more vulnerable to email spoofing, phishing, and brand impersonation—putting users and organizations at serious risk. #DIBVDP #CyberSecurity #InfoSec #WebSecurity #EthicalHacking

1

0

1

288

DC3 VDP @DC3VDP

2 months ago

Huge congratulations 2 @Daniel_Farinax 4 being named Researcher of the Month. They are being recognized 4 finding a way 2 obtain unauthenticated CRUD access 2 DoD training articles. This vulnerability was made possible through use of an open user registration API. Well deserved!

DC3VDP's tweet photo. Huge congratulations 2 @Daniel_Farinax 4 being named Researcher of the Month. They are being recognized 4 finding a way 2 obtain unauthenticated CRUD access 2 DoD training articles. This vulnerability was made possible through use of an open user registration API. Well deserved! https://t.co/iF8v2K2rBX

1

3

0

1

550

DC3 VDP @DC3VDP

2 months ago

Congrats to @kaenne__ on winning Researcher of the Year! 🏆 His Authentication Bypass via Response Manipulation showed how altering a server's 200 OK response could grant unauthorized admin panel access, a critical flaw that can lead to full system compromise. #DIBVDP #Infosec

DC3VDP's tweet photo. Congrats to @kaenne__ on winning Researcher of the Year! 🏆 His Authentication Bypass via Response Manipulation showed how altering a server's 200 OK response could grant unauthorized admin panel access, a critical flaw that can lead to full system compromise. #DIBVDP #Infosec https://t.co/sfTTa4qad6

0

5

1

0

423

DC3 VDP @DC3VDP

2 months ago

DC3 VDP is happy 2 award Researcher of the Year to Jared Hrabak (H1 user Badlifeguard). Jared discovered a GraphQL vulnerability which would've allowed an actor 2 harvest VAST amounts of highly sensitive PII associated w/military personnel across multiple branches. Amazing work!

DC3VDP's tweet photo. DC3 VDP is happy 2 award Researcher of the Year to Jared Hrabak (H1 user Badlifeguard). Jared discovered a GraphQL vulnerability which would've allowed an actor 2 harvest VAST amounts of highly sensitive PII associated w/military personnel across multiple branches. Amazing work! https://t.co/5CBOUNRWVc

0

5

1

0

360

DC3 VDP @DC3VDP

3 months ago

Feb 2026: @DeptofDefense #DIBVDP identified a critical vuln affecting web apps using template engines. Improper input sanitization in server-side templates can allow arbitrary command execution. Learn more in the #Knowledgebyte

DC3VDP's tweet photo. Feb 2026: @DeptofDefense #DIBVDP identified a critical vuln affecting web apps using template engines. Improper input sanitization in server-side templates can allow arbitrary command execution. Learn more in the #Knowledgebyte https://t.co/HbyCGzYJRS

0

1

317

DC3 VDP @DC3VDP

3 months ago

FEB 2026 @DeptofDefense Vulnerability Disclosure Program #VDP @Hacker0x01 #Hackers reported a critical vulnerability identifying remnant database files that could be used to reconstruct sensitive data. Read all about it in the #Knowledgebyte

DC3VDP's tweet photo. FEB 2026 @DeptofDefense Vulnerability Disclosure Program #VDP @Hacker0x01 #Hackers reported a critical vulnerability identifying remnant database files that could be used to reconstruct sensitive data. Read all about it in the #Knowledgebyte https://t.co/ecv0Y4SOTN

0

1

0

248

DC3 VDP @DC3VDP

3 months ago

Huge congratulations to https://t.co/bXPlyQQqOb for being named Researcher of the Month. Jansson is being recognized for finding a way to achieve privilege escalation on the target website via use of an exposed email verification token. 🔥📷 Well deserved! #CyberSecurity #VDP

DC3VDP's tweet photo. Huge congratulations to https://t.co/bXPlyQQqOb
for being named Researcher of the Month. Jansson
is being recognized for finding a way to achieve privilege escalation on the target website via use of an exposed email verification token. 🔥📷 Well deserved! #CyberSecurity #VDP https://t.co/TFekHhJPJF

0

356

DC3 VDP @DC3VDP

3 months ago

Shoutout 2 @kaanmert9 4 uncovering an SSTI vulnerability on /contact-us/ where user input could trigger arbitrary code execution. Exploits like this can lead 2 server takeover, data theft/lateral movement. Great catch protecting the ecosystem! #DIBVDP #CyberSecurity #InfoSec

DC3VDP's tweet photo. Shoutout 2 @kaanmert9 4 uncovering an SSTI vulnerability on /contact-us/ where user input could trigger arbitrary code execution. Exploits like this can lead 2 server takeover, data theft/lateral movement. Great catch protecting the ecosystem! #DIBVDP #CyberSecurity #InfoSec https://t.co/DQjHDPoUMp

0

1

0

404

DC3 VDP @DC3VDP

4 months ago

JAN 2026, @DeptofDefense #DIBVDP – uncovered an authentication bypass vulnerability that could let attackers gain unauthorized access and escalate privileges. Critical reminder of the importance of robust access controls. Read all about it in the #Knowledgebyte

DC3VDP's tweet photo. JAN 2026, @DeptofDefense #DIBVDP – uncovered an authentication bypass vulnerability that could let attackers gain unauthorized access and escalate privileges. Critical reminder of the importance of robust access controls. Read all about it in the #Knowledgebyte https://t.co/76sN2KSBwG

0

376

DC3 VDP @DC3VDP

4 months ago

JAN 2026 @DeptofDefense Vulnerability Disclosure Program #VDP @Hacker0x01 #Hackers reported a critical severity submission for a permission issue that would allow for the retrieval of unauthorized files with a known file identifier. Read all about it in the #Knowledgebyte

DC3VDP's tweet photo. JAN 2026 @DeptofDefense Vulnerability Disclosure Program #VDP @Hacker0x01 #Hackers reported a critical severity submission for a permission issue that would allow for the retrieval of unauthorized files with a known file identifier. Read all about it in the #Knowledgebyte https://t.co/qrzpWNVUHn

0

1

0

1

416

DC3 VDP @DC3VDP

4 months ago

Milestone unlocked! The DIB Vulnerability Disclosure Program has surpassed 1,000 valid vulnerability submissions; huge win 4 crowdsourced cybersecurity/a major step in protecting our national security infrastructure. Massive thanx 2 the talented researchers who made it possible!

DC3VDP's tweet photo. Milestone unlocked! The DIB Vulnerability Disclosure Program has surpassed 1,000 valid vulnerability submissions; huge win 4 crowdsourced cybersecurity/a major step in protecting our national security infrastructure. Massive thanx 2 the talented researchers who made it possible! https://t.co/II7locgAD5

1

2

0

1

284

DC3 VDP @DC3VDP

4 months ago

Shoutout to @kaenne__ for identifying a dangerous auth bypass vector. Real world impact here is massive — from compromised user sessions to full application abuse if left unpatched. Research like this keeps the ecosystem resilient. #DIBVDP #CyberSecurity #Infosec #WebSecurity

DC3VDP's tweet photo. Shoutout to @kaenne__ for identifying a dangerous auth bypass vector. Real world impact here is massive — from compromised user sessions to full application abuse if left unpatched. Research like this keeps the ecosystem resilient. #DIBVDP #CyberSecurity #Infosec #WebSecurity https://t.co/gpGPWW7CFW

1

10

0

1

740

DC3 VDP @DC3VDP

4 months ago

Big shoutout 2 @ItsKenshin04 4 snagging Researcher of the Month with the DoD Vulnerability Disclosure Program! @ItsKenshin04 found an IDOR vulnerability allowing them 2 view/download vast quantities of sensitive PII, i.e. finance related details in connection 2 military personnel

DC3VDP's tweet photo. Big shoutout 2 @ItsKenshin04 4 snagging Researcher of the Month with the DoD Vulnerability Disclosure Program! @ItsKenshin04 found an IDOR vulnerability allowing them 2 view/download vast quantities of sensitive PII, i.e. finance related details in connection 2 military personnel https://t.co/rTFx56QjQA

1

5

2

0

2K

DC3 VDP @DC3VDP

4 months ago

DEC 2025 @DeptofDefense #DIBVDP observed industry reporting on React2Shell-critical remote code execution vulnerability impacting applications using React Server Components. The vulnerability stems from improper validation/handling of server-side component requests.#Knowledgebyte

DC3VDP's tweet photo. DEC 2025 @DeptofDefense #DIBVDP observed industry reporting on React2Shell-critical remote code execution vulnerability impacting applications using React Server Components. The vulnerability stems from improper validation/handling of server-side component requests.#Knowledgebyte https://t.co/nHnpxWD5Og

1

0

536

DC3 VDP

@DC3VDP

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users