The Hacking APIs Conference is back for 2026! HAC NYC returns May 14th. CFP is open. Got a live API hack? A breach case study? Research that made a security team sweat? Submit it. Vulnerabilities that shipped. Exploits that worked. Defenses that held.

big thanks to everyone who hung out with us for @_ContinuumCon_ today see you tomorrow for more fun ✌️

If you signed up for a career in cybersecurity you signed up for a career of continuous learning. Learning in this field doesn’t end with a cert, a degree, or a job offer, it never ends.

Woo, I can confirm "Can AI Do Novel Security Research? Meet the HTTP Terminator" is coming to @defcon! This research was a huge gamble and the result was glorious, can't wait to share!

I am planning my fall speaking schedule. What are some good conferences to submit CFPs to?

What conferences/events/meet ups do you want to see me at this year? Whats the best local conference near you that I should throw a cfp into????

🚨 Workshop Spotlight # 5👉 "Instant API Hacker" by Corey J. Ball (@hAPI_hacker), author of "Hacking APIs" and founder of APIsec University (@apisecu) & hAPI Labs 📝 Description "Instant API Hacker" demonstrates how quickly someone can learn to identify and exploit API vulnerabilities. You'll witness the exploitation of critical vulnerabilities from the OWASP API Security Top 10, including broken authentication, authorization flaws (BOLA), and excessive data exposure. Through live demos using the "One Request to Rule Them All," you'll see firsthand how APIs can be compromised, and gain actionable insights you can apply immediately. The session walks through finding APIs, analyzing endpoints in Postman, going deep with Burp Suite, and exploiting the most common vulnerabilities. You leave with free resources for continued learning, including vulnerable labs and APIsec University courses. Beginner-friendly. By the end, you're an API hacker. 🎟️ Only at ContinuumCon 2026 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com/ Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas, and @Level_Effect!

😎

John Hammond invites you to ContinuumCon, the virtual con that never ends and EVERY talk is a hands-on workshop! continuumcon.com/Join us June 12-14! "The team and I have put together a banger of an online event at an affordable price that includes online training. We hope to see you in June!" CC 2026 is a virtual cybersecurity conference hosted by John, Co-Founder of Just Hacking Training, and Anthony Bendas of Level Effect. It’s built around practical workshops covering AI/ML, DFIR, Detection Engineering, Reverse Engineering, Threat Hunting, Malware Analysis, CTI, SecOps, and Tactical GRC. And, of course, we’ll be hanging out on Discord where the real party happens. 😜 Why Attend? - All 3 days of ContinuumCon broadcast FREE online. No Travel! No Cost! - One Single Track! Allows you to attend all talks. - EVERY talk is a hands-on workshop with cloud-based labs hosted on JHT. - Affordable tickets (just $79 & $159) grant access to ALL labs during AND after the event. - Free CTF! 'nuff said Top experts you WANT to see: 💫 Corey Ball 💫 Andrew Bellini 💫 Eva Benn 💫 Bryson Bort 💫 Jun34u 💫 rekdt 💫 solst/ICE 💫 John Strand 💫 Rachel Tobac 💫 Jamie Williams 💫 Many more! #explore #cybersecurity #ethicalhacking #training #conference

I put a prompt injection into my LinkedIn bio and recruiters are messaging me in Old English and calling me Lord.

RT @rana__khalil: I’m so excited to announce that I’ve joined the @PortSwigger Burp Suite Ambassador Program! I started using Burp over a…

Thank you to everyone who came to my shrek-themed hacking alongside AI talk today at Hacking APIs Con @hAPI_hacker

If you want to know how I, AI skeptic really changed my mind on hacking with AI I’ll be at HackingAPIsCon/apidays New York next week to talk about how I worked WITH an agent rather than fight against it and Ill share some of my AI hacking methodology

🔥 ContinuumCon 2026 June 12-14 Workshops Announced! Stacked with content, plus a special event: This year we'll have a Live AMA with @brysonbort and @strandjs - Q&A, commentary, and the top-tier banter. Workshops 👇 # Roll Your Own Analyst by Rain Jordan Build your own local AI threat intel pipeline with Python & Ollama # Killing Active Directory Attack Paths Once and For All by @techspence Hands-on destruction of major AD attack paths with hardening to mitigate # Hacking Over & Under The Wire by @klrgrz Beginner-friendly SSH & PowerShell using OverTheWire wargames and trying back to tradecraft # Practical Security Engineering by @IceSolst Stand up SAST, DAST, SCA, and secrets scanning for free using GitHub Actions # Prompt Injection Fundamentals & Hack-Along by Eva Benn and @Andrew Bellini Practical, beginner-friendly walkthrough of prompt injection fundamentals. It's a solid on-ramp if you want to get into AI pentesting! # Escaping Sandboxes with AI by @ZackKorman Hands-on techniques for finding and executing AI sandbox escapes # Instant API Hacker by @hAPI_hacker Fast-paced exploitation of the OWASP API Top 10 with the author of Hacking APIs # Smarter AWS WAF: Reduce Noise, Detect Threats & Automate Response by Ihor S. Production-ready AWS WAF with custom monitoring, Slack alerts & automated threat response! # Tactical GRC - Turning Governance Into a Force Multiplier for Security Teams by @fletusposton Build lightweight, engineering-aligned GRC that actually accelerates security work! # How to Analyze Malware by Matthew N. Safe, practical malware analysis workflow for beginners – static, dynamic & real sample walkthrough! # Analyzing WannaCry: A Forensic Method for Recovering Ransomware Data with Open-Source Software by Smit Nayak Deep forensic recovery of WannaCry artifacts using open-source tools – DFIR gold! # StegoDefender: Hunting Malware Hidden in Plain Sight - Advanced Steganography Detection & Payload Extraction by Christopher Dio C. Detect & extract hidden malware from images & files with next-level steganography tools! And we'll be hosting content again this year through the great @getCourseStack platform! Big thank you to all putting the work and time in in to bring this con to everyone! 🙏 @_JohnHammond @JustHackingHQ @AnthonyBendas @Level_Effect Got your ticket yet? 🎟️ Head over to: continuumcon.com/

I became good friends with Dan shortly after I passed the ASCP, while I was still at MTN Nigeria. A few days into that friendship, he sent me a message asking for permission to share my name with the then MTN’s Group Chief Information Security Officer, a South African guy. He told me, “Al-Amir, I informed Justin that one of his security engineers at MTN Nigeria cracked our most difficult exam, making him one of the very few to pass it.” I remember reading that and calling my guy Rojo, we both just laughed out of pure joy. I told him to go ahead, you never know the opportunity that’ll come out of it. A few years later, Dan recommended me to the team at APISec Inc. That’s where I met some incredible engineers, Jesse, Jose, Raj, extremely cracked guys. I joined as a Security Engineer, working on research, manually validating test cases/exploits, and then writing code to help the APISec scanning engine automate those checks. It was easily one of the most challenging roles I’ve taken on in my entire life. Eventually, I had to step away for new opportunities, and partly to take care of myself. When I told Dan I was leaving, he did everything he could to convince me to stay. He even tried to create other paths so we could keep working together. It meant a lot. APISec & APISec Uni will definitely feel his absence. He is a legend!

New issue of our newsletter; Executive Offense! The New Perimeter - Supply Chains and AI Environments executiveoffense.beehiiv.com… Subscribe 🫶

Day 30/#30daysofApisecU Covered OWASP API Top 10, API pentesting, and security fundamentals hands on. Worked through crAPI, DVAPI, and realworld API finding flaws, breaking auth, and understanding what defenders miss. Will continue my journey with GraphQL. @ce3nerd @hAPI_hacker

Day 28&29/#30DaysofApisecU I tested my brother's RestAPI and reported to him what I found. I practiced all I learnt from @hAPI_hacker course on APIsecU and book. looking forward to testing more real life API @akintunero @commando_skiipz @ce3nerd @KoredeSec

I just did an interview with @SecWeekly, with teasers for my upcoming #BHUSA presentation "Can AI Do Novel Vulnerability Research: Meet the HTTP Terminator", plus reflections on the Top Ten Web Hacking Techniques of 2025 & 2026. Watch it here: youtube.com/watch?v=fOWhhTrG…

Meet the Burp Ambassadors: @rana__khalil 🌍 Rana Khalil is a security educator and founder of Rana Khalil’s Academy. Her mission: make web app testing accessible to more people. #BurpAmbassador #BurpSuite