Introducing my Bug Bounty Masterclass. 100% free.
I've made $2,000,000+ finding security bugs. I spent the last year turning my methodology into a complete blueprint.
4 hours of video - foundations, reconnaissance, web proxies, hands-on challenges, and certification.
Finish it in a weekend and start hacking real-world applications 🐞
Happy to publish our first research of the year on the SvelteKit framework, downloaded over 800,000 times per week, which led to CVE-2025-67647 (w/@inzo____):
Avoiding the paradox: A native full-read SSRF and one‑shot DoS in SvelteKit
https://t.co/ZhWSK6Ugp3
Enjoy the read
New episode is out! - https://t.co/Q8BcSrKLFe
In this episode, @Rhynorater is joined by @hyprdude to talk about hacking Mediatek and his experiences with HackerOne and Pwn2Own Ecosystems.
We’re releasing TranslateGemma, a new family of open translation models with support for 55 languages. 🌐
Available in 4B, 12B, and 27B parameter sizes – they’re designed for efficiency without sacrificing quality.
We hacked the AWS JavaScript SDK, a core library powering the entire @AWScloud ecosystem - including the AWS Console itself 🤯
How did we do it? Just two missing characters was all it took.
This is the story of #CodeBreach 🧵👇
To help celebrate @arcanuminfosec Information Security's two-year anniversary, @Jhaddix gave me 5 codes good for any Arcanum course to give away!
Winners will be announced on 1/22.
👍 1 Like = 1 Entry!
♻️ 1 Share = 2 Entries!
I benchmarked multiple AI models such as DeepSeek, Claude, and GPT-4o to scan JavaScript for secrets at scale. I successfully checked 4,700 subdomains for just $25 and found valid vulnerabilities: https://t.co/fIYPpsk2by
I benchmarked multiple AI models such as DeepSeek, Claude, and GPT-4o to scan JavaScript for secrets at scale. I successfully checked 4,700 subdomains for just $25 and found valid vulnerabilities: https://t.co/fIYPpsk2by
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: https://t.co/jD6EaGtsn3
Giveaway brought to you by @hackinghub_io:
5x Blind XSS vouchers
5x Web Exploitation vouchers
How to enter:
1⃣ Follow @BugBountyDEFCON + subscribe to our YouTube channel
2⃣Follow @hackinghub_io
3⃣ ❤️+🔃 this post
4⃣Comment this post
Winners will be picked on Friday 8/29
Youtube channel: https://t.co/CfyOWE3BpJ
And if you made it this far, you might as well join our other social media channels and subscribe to our mailing list!
it only takes a minute, and It helps us a lot, and makes possible to bring these giveaways to you.
Mailing list: https://t.co/Dmwjua3n6l
TikTok: https://t.co/Xh0bs7yEmG
LinkedIn: https://t.co/ccY4YxKYwE
Instagram: https://t.co/IFIbSOOW9U