I've been doing bug bounty for years. I just published a long piece on what it actually feels like in 2026, and why something fundamental has shifted. aituglo.com/state-of-bug-bou… Would love to get your feedback on it here on X or directly on the blog

🚨 Sam Altman literally gave a 43-minute masterclass on turning ideas into billion-dollar companies. Most people will never watch it. And instead of hype, he broke down what actually makes startups work. No fluff. Just reality. He explained that ideas don’t matter nearly as much as execution. The difference between something small and something massive isn’t the idea it’s how relentlessly it’s built and improved over time. He also emphasized that the best founders don’t chase everything. They focus on one thing that truly matters and push it forward with extreme clarity. Distraction kills more startups than competition ever will. And then there’s scale. Truly big companies aren’t built for a niche they solve problems that millions of people care about. If the market isn’t large enough, the outcome won’t be either. His biggest insight? Startups don’t win because they’re smarter they win because they stay in the game longer and iterate faster. That’s why this masterclass stands out. Because while most people are waiting for the perfect idea… The best ones are already building.

Needle in the haystack: LLMs for vulnerability research I've distilled my experience of sending thousands and thousands of prompts for using LLMs to discover vulnerabilities into a single write-up. These are the conclusions I came to.. (link in comment)

🚀 Looking for a Backend Developer (Paid Internship) Tech - Nodejs MongoDB 🎓 2nd/3rd year college students preferred 👉 Drop your best project link email in the replies. I’ll reach out if it looks relevant! #Internship #NodeJS #MongoDB #Backend

REGEXSS: How .* Turned Into over $6k in Bounties Overly-greedy regex replacements can break HTML sanitisation & lead to XSS. Includes a live demo you can try exploiting it yourself! sec.stealthcopter.com/regexs… #BugBounty #BugBountyTips #XSS #AppSec

2 AM in a Tokyo hotel room: @assetnote x Depi find a Dependency Confusion vuln that lands RCE on Netflix ! 🚀 Shout-out to @infosec_au for the "keep digging" spark & Netflix security for stellar triage. Full write-up in thread 🧵

Things are happening soon… 👀 fromdayzerotozeroday.com/

Excited to share How to find IDORs like a pro writeup based on 5 real world findings🔥. Here's the link: medium.com/@bxrowski0x/how-t… #BugBounty #bugbountytips #infosec

Ok, so @slonser_, some of the folks in the CTBB discord, and I (@rhynorater) did a bit of follow-up on this and found a couple more useful primitives:

Today I used a technique that’s probably not widely known in the community. In what cases could code like this lead to a vulnerability? ->

just wrote a blog post based on this technique and described the methodology to take advantage of it, the post also includes an easy-to-set-up testbed to practice with, hope you find it useful blog.voorivex.team/leaking-o…

it can also be used to leak the full URL of the parent by injecting it into the srcdoc of a sandboxed iframe

We’ve created a lab to demonstrate how an OAuth token can be leaked using a referrer policy override. Check out the article and try the lab here github.com/VoorivexTeam/whit…

This is an oldie but a goldie.  If you want to learn more about SSRF, watch this @owasp talk by @NahamSec and @daeken!  This is a goldmine of SSRF nuggets including: 🪲 SSRF via URI Schemes 🐞 SSRF via Javascript (XSS) 🐛 SSRF via Styling 🐜 SSRF using (PDF Gen ‘0day’) 🪳 SSRF via DNS Rebinding 🦟 SSRF to XXE And more! Watch now 👇 youtube.com/watch?v=6EyhhmIx…

Exciting News: My Second Write-Up is Now Available! medium.com/@HX007/a-journey-… Dive into the details of the bounty that ranks as the 3rd highest I’ve received on @Bugcrowd "A Journey of Limited Path Traversal To RCE With $40,000 Bounty!" Collaborated with @GodfatherOrwa , This Write-Up is not just informative but also a fun read. Enjoy reading and happy hunting! #BugBounty #BugBountyTip #BugBountyTips #Bugcrowd #HackerOne #SOC #CyberSecurity #infosec

I interviewed 57 security leaders to answer one question: What sucks in security right now? The answers were fascinating, frustrating, and occasionally funny 🧵

Cyber Security Interview Questions for Freshers crsinfosolutions.com/cyber-s…

Application Security Interview Preparation questions. Credit - Internet github.com/tadwhitaker/Secur… gist.github.com/boodera/f216… github.com/justinltodd/secur… github.com/jigerjain/Intervi… github.com/pbnj/infosec-inte… github.com/pbnj/infosec-inte… github.com/paulveillard/cybe…

Securing recon is easy with Tailscale! 🪲 Build secure, zero-config networks. 🐛 Route traffic via exit nodes. 🐞 Share files seamlessly. 🪳 SSH without keys. Learn how @drunkrhin0 uses Tailscale to secure his bug bounty workflow!👇 loom.ly/t8Eombs

I just published From Demo to Live: Zero-Click Account Takeover via the Same Encryption Algorithm link.medium.com/fPyrpZ06JQb