The $15,000 secret of viewing posts from private Instagram accounts. 003random.com/posts/meta-bou… #bugbounty #bugbountytips #writeup

Exposing Instagram posts from private users. A writeup by @rub003  003random.com/posts/meta-bou…

This bug was buried so deep. You had to use a mobile user agent to reach the code path. Then block the victim account. And then request one of their posts via the oEmbed endpoint. This would trigger a try catch condition where super user privileges were used to fetch the post.

@VolerionSec's algorithm looks better, 0.6 impact seems more correct. volerion.com/vulnerabilities…

wrong pixel no bad but CVSS say medium bad

😭

🦾💼 #DEFCON33 may feel like a “hacker holiday,” but the CVE conveyor belt never stops. Out of the 249 newly published CVEs, the highest EPSS in the set is 0.09475 — CVE-2025-47188 — with a CRITICAL CVSS score. Volerion gives it a contextual risk score of 3.6/10, factoring in real-world usage and internet exposure of the affected products. The ecosystem doesn’t take time off — and neither does Volerion’s AI-driven analysis, turning raw CVEs into actionable, prioritized risk. #DEFCON #CVE

CVE-2025-54576 is quite cool. It's so easy to make your web app vulnerable to this. You would expect `skip_auth_routes` to match routes only, but meanwhile it was comparing against `GetRequestURI`. Fixed in v7.11.0 by comparing against `GetRequestPath`. 👉blog.volerion.com/posts/CVE-…

Personal opinion. However, at @volerionsec we're thinking the exact same 🤡. Most CVE submissions are just spam nowadays. Made possible by a couple specific CNAs.

getJS will now ignore certificate errors, so that your bug bounty automation will less likely error on the hosts that are the most interesting (e.g. self-signed certificates). github.com/003random/getJS/

Our models identified the correct product (CPE), versions (semver) and gathered remediation options. This data is available through our API within minutes after a CVE is published.

Pre-orders have started shipping and getting to readers around the world! Whether you’re new to vulnerability research or sharpening an existing skill set, this book will show you how to think (and work) like a bug hunter. This book will teach you how to: ✅ Identify promising targets across codebases, protocols, and file formats.    ✅ Trace code paths with taint analysis and map attack surfaces with precision. ✅ Reverse engineer binaries using Ghidra, Frida, and angr. ✅ Apply coverage-guided fuzzing, symbolic execution, and variant analysis. ✅ Build and validate proof-of-concept exploits to demonstrate real-world impact. More than a toolkit, this is a window into how top vulnerability researchers approach the work. You’ll gain not just techniques but also the mindset to go deeper, ask better questions, and find what others miss. Use promo code ZERODAYDEAL at checkout to get 30% off! Buy now: 📘 No Starch: nostarch.com/zero-day 📘 Amazon: amazon.com/Day-Zero/dp/17185… #FromTheDayZeroToZeroDay #Cybersecurity #BugBounty #Hacking #VulnerabilityResearch #InfoSec #BookLaunch

We just launched our blog! blog.volerion.com/

Launching today! Volerion transforms raw CVEs into structured and instant insights #CVE #CyberSecurity #infosec