🗃️قسمت ۸ فیلم نرم افزار اتومیشن #باگ_بانتی 🗃️ 📺ویدیو: 🔒رجیستر و ورود 🆕ایجاد برنامه باگ بانتی 🪣اتصال با S3 👇فیلم‌های بعدی در ادامه👇 #امنیت

NVIDIA might just have open-sourced one of the most important AI projects right now. everyone is building skills, and we are also pulling in skills other people wrote and downloading them straight off GitHub. the skill is not just text. it bundles instructions and real executable code, and your agent runs that code with the same access you have. so a skill you grabbed to save ten minutes can read your environment variables, lift your API keys, and quietly send them somewhere. recent research found roughly 1 in 4 public skills carry a vulnerability, and a smaller slice are outright malicious. that is the gap SkillSpector closes. it is a security scanner that answers one question before you install anything: is this skill safe to run. you point it at a skill, and a local folder, a single skill .md file, a GitHub link, or a zip all work. it then runs two passes over the code. a fast static pass flags risky patterns like credential harvesting, data leaks, and prompt injection, and checks the dependencies against live cve data. an optional second pass uses an LLM to read intent and clear out false positives. at the end you get one risk score from 0 to 100 and a plain verdict that reads as safe, caution, or do not install. it is open source under Apache 2.0 and scans skills for Claude Code, Codex CLI, and Gemini. worth a run before you trust the next skill you find online. link to the GitHub repo: github.com/NVIDIA/SkillSpect…

XSS Payload Tags: #BugBounty #WebSecurity #EthicalHacking #xss

My Web challenge writeups from @0xL4ugh CTF v5👑🚩 1) pdf.exe Next.js DNS Rebinding → Python CRLF → pdfkit Injection mushroom.cat/ctf/nextjs-ssrf… 2) gap Lodash RCE via JSON vs JS mismatch mushroom.cat/ctf/json-js-rce… Both include 0-days 👌 And take my word.. Lodash one is fun😉

GitHub - yuvraj112233/sqligo: 🔍 Detect and exploit SQL injection vulnerabilities with SQLiGo, a fast and reliable tool built for security professionals and penetration testers. github.com/yuvraj112233/sqli…

Vibe coding a staking contract from scratch? 🤖💻 Peter Robinson puts Cursor to the test and finds a critical slashing flaw. AI might write the code, but it can't vibe its way out of a soundness bug. 🛡️ Watch: youtu.be/PmgNiywmCDQ

Just found trinetlayer.com one of the best platforms for security study material 🚀 Solid payloads, powerful tools, and really interesting AI labs. Worth checking out if you’re into real-world cybersecurity learning.

Broken Access Control - $57,750. Changing the search parameter from "businessName" to "ssn" resulted in different behavior. I literally just guessed "ssn", wasn't even in client code. Use context, understand the app, and magic can happen! #hacking #cybersecurity

Supaleak.com now has a free scanner for @supabase ! It checks for exposed keys, validates them, and flags missing RLS. If you’re using Supabase, try it and fix any leaks before they become a problem!

لحظاتی از اجرای زنده‌ی موسیقی "سمفونی حماسه‌ی خرمشهر" اثر مجید انتظامی

XSSNow - The Ultimate XSS Payload Database xssnow.in/

github.com/HacktronAI/skills… You are looking at 200k in WAF bypasses.

🚨 We are excited to announce the launch of Agent ØDIN!🕵️‍♂️🤖 🎮 A gamified AI security CTF for learning prompt injection & jailbreaks by attacking models. No docs. No theory. Just hands-on AI exploitation. 🗒️ Blog 👉 0din.ai/blog/agent-0din ⛓️‍💥 Play now 👉 ctf.0din.ai

This AI bug cost me a top 5 Spot at DEFCON 33 Bug Bounty Village CTF dropn0w.medium.com/this-ai-b… #bugbounty #bugbountytips #bugbountytip

GraphQL Hacking Toolkit 2025: 20 Commands & Payloads Every Pentester Should Master medium.com/@verylazytech/gra… #bugbounty #bugbountytips #bugbountytip