Nightmare Eclipse is back on GitHub under a new alias and has released a new Windows Defender vulnerability zero-day called RoguePlanet. POC: github.com/MSNightmare/Rogue…

Open Redirect /redirect?url=https://target[.]com/home → /redirect?url=https://evil[.]com Now use it for phishing with a trusted domain in the link. #bugbountytips #ethicalhacking

Recon Trick: This is old but gold: Look for publicly exposed docs on Google services. Example dorks: site:docs.google.com intext:target site:drive.google.com intext:target

Path traversal in file download: /download?file=report.pdf → /download?file=../../../etc/passwd #bugbountytips #ethicalhacking #webapplicationtesting

ASN lookup on the main domain → CIDR ranges → masscan the whole org. Scope says "*.target.com" but the IP belongs to them too. #bugbountytips #penetrationtesting

SSTI quick check: {{7*7}}, ${7*7}, <%= 7*7 %> drop all three in every input field. One will hit on a misconfigured template engine. #bugbountytips #cybersecurity

Forgot password valid email → intercept the reset link → change the Host header to your server → password reset poisoning. #bugbountytips #cybersecurity

ATLAS - A self-hosted, localhost CTI workbench that ingests raw threat data, enriches it via live API calls across six sources, and correlates everything See more on github: github.com/1024Cyber/ATLAS-F…

Host Header Poisoning (Password Reset): Change the Host header to yourserver.com during a reset request. If the email link is built using that header, the user clicks the link and sends their reset token to you. #bugbountytips

When a single ID fails, a pair might pass. IDOR bypasses can be that simple 🔥 - Victim's ID: 5200 - Attacker's ID: 5233 GET /api/users/5200/info → Access Denied ❌ GET /api/users/5200,5233/info → Bypassed ✅ #bugbountytips #PenetrationTesting

UPDATE: 19 MILLION exposed NGINX instances hit by the 18-year-old NGINX RCE found by AI. A bug from 2008 just got a working exploit. CVE-2026-42945 (CVSS 9.2) No login. No access. Just one HTTP request. POC:github.com/DepthFirstDisclos…

UPDATE: 19 MILLION exposed NGINX instances hit by the 18-year-old NGINX RCE found by AI. A bug from 2008 just got a working exploit. CVE-2026-42945 (CVSS 9.2) No login. No access. Just one HTTP request. POC: github.com/DepthFirstDisclos…

Manually sifting through Burp requests in history for possible vulnerabilities you might have missed can be a tedious process... 😓 Burp AI Agent by @six2dez1 brings AI-powered passive and active scanning to Burp Suite, covering 62 vulnerability classes with 10 backend options, including fully local models via Ollama! 🤠 Check it out! 👇 github.com/six2dez/burp-ai-a…

⚠️⚠️ CVE-2026-45185 (CVSS 9.8): Critical Exim mail-server vulnerability — patch or upgrade immediately. 🔗FOFA Link: en.fofa.info/result?qbase64=… 🎯6.0M Results are found on en.fofa.info in the past year. FOFA Query: app="Exim-Mail-Server" 🔖Refer: exim.org/static/doc/security… thehackernews.com/2026/05/ne… #OSINT #FOFA #CyberSecurity #Vulnerability

IDOR hunters: don't just swap IDs — swap types. /invoice/123 → /invoice/user_123 hits different object resolvers #bugbountytips #ethicalhacking

testing for race condition #bugbountytips

Rate-limit bypass with string terminators: POST /api/myprofile POST /api/myprofile POST /api/myprofile Backend normalizes → /api/myprofile ✅ Rate limiter treats each as unique 🔁 Useful for bypassing weak path-based brute-force protections. #BugBounty #Pentest

Next.js v16.2.4 Security PoC Collection github.com/dwisiswant0/next-…

claude-osint is a paired set of skills for the Claude skills system. Each skill is a structured SKILL.md file that primes Claude with expert-level methodology for one half of the offensive recon problem github.com/elementalsouls/Cl…

WireTapper is a wireless OSINT tool designed to discover, map, and analyze radio-based devices using passive signal intelligence github.com/h9zdev/WireTapper