A 27B Uncensored model that built for specifically for offensive security tooling (need 12 GB)
- Fine-tuned on real bug bounty reports & CVEs
- Generates complete, ready-to-run Nuclei templates, Full CVE PoC script, Webshell upload bypass, and exploits, code reviews
- Zero refusals. Full artifacts every time.
trained with 2,541 of real bug bounty & offensive security reports.
Q6_K quant (21GB) for maximum quality on server-grade GPUs.
OSINT search engine for mapping real-world infrastructure from OpenStreetMap data.
- Telecommunications towers
- Power plants and substations
- Data centers
- Airports and helipads
- Ports and harbours
- Warehouses and industrial facilities
- Pipelines and refineries
- Military installations
- Hospitals, prisons, embassies
- Surveillance cameras and security infrastructure
- https://t.co/vTp5gMmblg
🛡️ MEDUSA Security Testing Tool With 74 Scanners and 180+ AI Agent Security Rules
Source: https://t.co/1vrCecMXqW
MEDUSA, an AI-first Static Application Security Testing (SAST) tool boasting 74 specialized scanners and over 180 AI agent security rules. This open-source CLI scanner targets modern development challenges like false positives and multi-language coverage.
MEDUSA consolidates security scanning across 42+ languages and file types, including Python, JavaScript, Go, Rust, Java, Dockerfiles, Terraform, and Kubernetes manifests. The tool includes 180+ rules tailored for agentic AI, covering OWASP LLM Top 10 2025 risks like prompt injection, tool poisoning, and RAG poisoning.
#cybersecurityNews
Leaking the phone number of any Google user ($5k bounty)
This vulnerability was submitted to Google's VRP program and awarded a $5,000 bounty. It has since been patched.
Writeup: https://t.co/zZtqbKoKzn
Feroxbuster. Is It The Fastest Content Discovery Tool?
Built in Rust with recursive discovery, smart filtering & auto subdirectory scanning.
https://t.co/7rlr9taBoA
@three_cube
🔐 ChatGPT for Cybersecurity Cookbook Condensed Description
Your AI-powered guide for modern security threat hunting and automated offensive/defensive workflows.
📄 Comment “PDF” if you want the full guide.
Hey everyone! I’ve been building rep+, a lightweight HTTP Repeater inside Chrome DevTools. No proxy setup or certificates. Just open DevTools and start poking requests. It also has built-in AI for explanations and attack ideas. I’ll share one rep+ feature every day.
Try it 👇
Parameter: &Path= ❎LFI ✅RCE
if you ever got a LFI vector parameter, then not just try LFI payloads.
Payload for RCE: "|id||"
Join my BugBounty telegram channel: https://t.co/J6uPf8H57o
Cloudflare WAF Bypass → XSS💡
The vulnerability occurred because the URL was being printed directly in JavaScript. Used this payload to achieve reflected XSS:
--'<00 foo="<a%20href="javascript:prompt(404)">XSS-Click</00>--%20//
#BugBounty#infosec#bugbountytips
We implemented an exploit for RediShell (CVE-2025-49844). While doing so, we discovered that the publicly available PoC incorrectly uses loadstring to trigger the Redis UAF.
Kudos to @wiz_io for the interesting findings!