Splint3r7

Bug Bounty | Internal SSRF | $2,000 Found an Internal SSRF vulnerability The ticketing integration feature (Jira, Zendesk, ServiceNow) accepted a user-supplied URL and passed it directly into a server-side request with zero validation. By replacing the URL with http://127.0.0.1:[PORT], I was able to enumerate internal hosts and ports unreachable from the public internet, one of which exposed a sensitive internal service (https://t.co/OEizQVPbxL) Lesson learned: always test third-party integration fields. They are often overlooked but can make direct backend calls, making them a prime target for server side vulnerabilities. #bugbounty #bugbountytips #ssrf

‼️ HackerOne disclosed it was training its AI with "12+ years of real-world vulnerability data," and now is in damage control after backlash over how it marketed its new AI product. That line set researchers off. Bug bounty hunters accused HackerOne of using researchers' reports and prior bounty findings to train its Hai agentic AI system, framing it as theft. HackerOne answered the next day. It admitted the messaging "created confusion" and stated that researcher submissions are not used to train, fine-tune, or improve generative AI models. The company said this applies across H1 Continuous Testing, H1 Agentic PTaaS, and Hai, and that third-party model providers are barred from retaining or using researcher data for their own training. It said it updated its website language. This week the platform launched H1 Continuous Testing, pitched as "continuous assurance built for how attacks actually work." Its own page says the product uses specialized AI agents to find, validate, and prove exploitable risk across applications. The gap that remains: the marketing still credits "12+ years of real-world vulnerability data," while the denial is scoped tightly to training generative models. HackerOne has not said what that data set actually is, or how it differs from the submissions hunters spent more than a decade filing.

Lovely! I have also exploited such vulnerabilities in wild in the past. I’m more into integrations testing and finding bugs like SSRF’s there. Although the current one is not really classy but clearly shows that critical bugs exists in integrations. Would definitely share a write-up!

Goodbye Claude Code subscription fees. Someone just built a proxy that runs Claude Code completely free... and it's wild. You literally plug in a free NVIDIA API key and point Claude Code at localhost. That's it. It handles everything: - Converts Anthropic API calls to NVIDIA NIM format - Unlocks 40 requests/min for free - Supports Kimi K2, GLM 4.7, MiniMax M2, Devstral and more - Streams thinking tokens and tool calls live - Even includes a Telegram bot so you can run Claude Code from your phone No API bill. No rate limit panic. No vendor lock-in. Honestly, this goes beyond router tools like OpenRouter. It doesn't just swap the model... it turns Claude Code into a free agent you can control remotely. The project is open-source on GitHub. It's called free-claude-code.

🧨 刚发现一个 Claude Code 新玩具—— 只需一行命令，就能把任意 Android APK 扒得底裤都不剩： /decompile app.apk 它能做什么？ → 反编译 APK / XAPK / JAR / AAR → 自动提取所有 Retrofit 接口、OkHttp 调用、隐藏 URL → 追踪 Activity → ViewModel → Repository → HTTP 的完整调用链 → 一键分析 Manifest、架构模式 → 甚至能处理 ProGuard/R8 混淆过的代码 说白了：任何 App 的 API 文档，AI 帮你 5 分钟写完。 安全研究 / 竞品分析 / 学习逆向，这个工具直接起飞 🚀 👇

They spent $20k finding their bugs, while I spend less than $1000 on my fuzzing setup and found alot of the same bugs (several in their announcements i found and have in my 'to report' docs since they werent exploitable beyond DoS). i havent found 'thousands' but i have found nearly 1000 since December. And the VAST majority that have been found with AI and fuzzing are Null Ptr Derefs. and as mentioned, they are almost never exploitable on modern systems since memory at 0x0000000 cant be mapped to anything anymore. (it cant with like +8/16/32/64 offsets either, i forget what the first usable spot is but its not anywhere near a null ptr deref location). Mythos might be good at finding bugs, but it is not finding things that would set the internet on fire in most instances. im sure they found some nice bugs in their thousands, but most of them would be DoS impact at absolute most.

Open-source cross-modal and multimodal prompt injection test suite. 38,000+ attack payloads across text, image, document, and audio modalities. Research-backed by OWASP LLM Top 10, CrossInject (ACM MM 2025), FigStep (AAAI 2025), DolphinAttack, and CSA 2026. https://t.co/fPNsIDg46K