Also highlights the value that hackers/researchers can bring to the intersection of cybersecurity, law, & compliance. We can stoke FUD, or we can offer legit expertise & emphasize practical impact. If we go about claiming the sky's falling, we better be damn sure it actually is.

Anthropic is expanding access to Claude Mythos, an AI model previously restricted for its advanced bug hunting capabilities. 🔋 By opening access to vetted security teams, organizations can use its codebase mapping to find and fix vulnerabilities before attackers do. Read more from ISMG: govinfosecurity.com/anthropi…

Gadgets: Turning harmless bugs into P1s Gadgets are low-impact bugs like open redirects or client-side quirks, that seem harmless alone. But when you chain these pieces (Prototype Pollution, cookie injections, etc.), you can build a high-impact exploit that crushes a hardened target. Let’s learn. 🧵👇

HOLY FUCKING SHIT OMG CLAUDE JUST CRACKED THIS SHIT, THANK YOU @AnthropicAI THANK YOU @DarioAmodei NAMING MY KID AFTER YOU 😍 blockchain.com/explorer/addr…

ETSY uses a lot of integers.... go get those #bugbounty payouts people! Holler here when you find a bug. #bugbountytips Actually buy and sell a product to open up more buttons to push and APIs to call! Duh 😜

Gonna have to start hacking iOS .... if @Apple put as much effort into security on iOS 26 as they did UAT, it must be riddled with vulns. 🙄

Fascinating stuff and surprisingly easy! There are many great articles/resources on fault injection; but here's a shameless plug for my high-level overview of how such attacks can be applied to #BugBounty, along with some other interesting examples. bugcrowd.com/blog/hacking-cr…

Thrust vectoring mount for model rocket project … soo spacex job offer yet? 😀😀

Catch Tatiana Uklist from Bugcrowd on the Women in Cybersecurity Careers Panel hosted by the UTS Cyber Security Society 💼 It’s always inspiring to see conversations like this create more visibility, representation, and guidance for the next generation of talented folks in cyber!

Performed manual token manipulation using WinDbg , stole a token from the SYSTEM process and assigned it to my CMD process, achieving privilege escalation to NT AUTHORITY\SYSTEM. ✨

3/ Mobile Secrets: Decompile that APK. 📱 Hardcoded AES keys in strings aren't just "informational" P4s. If you can use those keys to forge requests or decrypt local data, you’ve just escalated a "low" finding to a critical P1.

Why ignore crypto? Most hunters think it’s "math." 🧮 The truth: The math is usually fine, it’s the implementation that breaks. Take a 6-digit OTP. If the "random" seed is just a system timestamp, it’s not secure. It’s predictable. Brute-force becomes faster than the expiration timer.  Crypto hacking isn't about breaking the code; it's about finding where the developer left the key under the mat. 🗝️ (👇🧵)

JWT vulnerabilities extend beyond the 'none' algorithm. 🤠 Yesterday, we bypassed JWT authentication by exploiting the 'none' algorithm. Today, we're covering another JWT attack: key ID (kid) injection! 😎 The 'kid' parameter instructs the application which key to use for signature verification. If this parameter isn't properly validated, attackers can manipulate it to point to predictable files or locations, allowing them to forge valid tokens with known keys! This misconfiguration is still present in older applications and can lead to complete authentication bypass and privilege escalation. It's another reminder that trusting user-controlled input (even in JWT headers) is dangerous! 👀 Day 25 of #BugQuest2025 is now available! Swipe through to learn more. 👇 #BugBounty #HackWithIntigriti

🛜 Pentesting Bluetooth: A few blogs on Hacking Bluetooth Low Energy 1. blog.attify.com/the-practica… 2. pentestpartners.com/security… 3. book.hacktricks.xyz/todo/rad… authors: @hacktricks_live / @attifyme

@nerdwell “My biggest piece of advice for new hackers is to dive in and start getting your hands dirty as soon as possible,”

🚀Had a blast sharing my bug bounty journey with @Bugcrowd! From past hacks to what lies ahead in 2025, it's all in this Hacker Spotlight. 🏴‍☠️🔎 bugcrowd.com/blog/hacker-spo… 👀What was your biggest bug bounty lesson from 2024, and what’s next for 2025? 💬

In #LevelUpX Series 20, gain insight to better understanding the modular structure of Windows applications to guide your understanding of the exposed attack surface. Like this write-up by @nerdwell? Check out his other pieces, all in #BCU! ⤵️ bugcrowd.com/resources/level…

Come join me and @drunkrhin0 on May 9th @ 8:00AM PT for a Hacker AMA with @Bugcrowd! bugcrowd.com/resources/webin…