🐛 Seguimos desvelando el cartel del #BugSummit y este nombre nos hace especial ilusión.
El próximo 20 de junio sube al escenario de La Nave @Eriik451 , parte del equipo que ganó el Hack Royale. Un crack que sabe de lo que habla.
En su ponencia "GET /paid: bugs fuera del manual" nos va a enseñar casos reales de explotación web: bypasses, cadenas poco evidentes y hallazgos que sobre el papel parecen menores… pero que acaban teniendo impacto real.
Nada de teoría de manual. Pura práctica de quien ha estado ahí encontrando (y escalando) lo que otros pasan por alto.
Será una de las charlas que no te puedes perder durante la jornada.
🎟️ Consigue tu entrada aquí 👉https://t.co/1D6Do8wFoi
¿Cuál ha sido el bug "fuera del manual" que más os ha sorprendido encontrar?
#BugBounty #Ciberseguridad #EthicalHacking
new discovery: cache poisoning on next.js - CVE-2025-49826
indefinite caching of a 204 response, rendering the affected pages inaccessible
affected versions: >15.0.4 and <15.2.0
there will be no research paper for this one
Confirmed! Former Master of Pwn winner Manfred Paul used an integer overflow to exploit #Mozilla Firefox (renderer only). His excellent work earns him $50,000 and 5 Master of Pwn points. #Pwn2Own#P2OBerlin
Are you a Burp Repeater power user? The latest release introduces a new feature called 'Custom actions'. With these you can quickly build your own repeater features. Here's a few samples I made for you:
First it was BleSpammer. Now it's VSC Enumerator. The @Tarlogic Innovation team has just released a new PoC that allows to discover hidden commands in Bluetooth adapters.
In this GitHub link you have all the info 👇
https://t.co/gFZ6S3TtBM
the research paper is out:
Next.js and the corrupt middleware: the authorizing artifact
result of a collaboration with @inzo____ that led to CVE-2025-29927 (9.1-critical)
https://t.co/GZkbnr6o9H
enjoy the read!
Good news! I've uploaded a new post about the most complex and beautiful vulnerability I've ever found, involving patching and uploading deprecated .jar libraries to get RCE on a big target. It's a very technical post, but I hope you like it ! :)
https://t.co/IzHI0tNVIv
Despite being central to their security, many orgs struggle to securely implement #OAuth. Our new post walks through common issues & how to prevent them, along with a useful checklist! Read it today & ensure your org is secure: https://t.co/UHLlE9vlQB
#doyensec#security#appsec
very pleased to announce the release of my new article based on my research that led to CVE-2024-46982 titled:
Next.js, cache, and chains: the stale elixir
https://t.co/UFndJxNYLI
note: does not cover the latest findings shared in my recent posts
enjoy reading;
After weeks of work, @therealdreg and I have finished FTDIBRICK. This project leverages the clock integration of some FTDI chips to brick them, even with non-administrator users. Thanks to @FTDIChip for making this possible. Check it out!
https://t.co/9E5wBhQ6HQ