Kudos to @sameer_bhatt5 for finding a bug in Mailpoet and helping us in getting it addressed.

🚨 Brutal showing: security researcher Orange Tsai just made $375,000 in 24 hours at Pwn2Own Berlin 2026. He landed both Microsoft Edge AND Microsoft Exchange in back-to-back demos. - Day 1: Chained 4 logic bugs to escape the Microsoft Edge sandbox. Payout: $175,000 - Day 2: Took down Microsoft Exchange in the Server category. Payout: $200,000 Congrats 🥂

Aaaand it's official! Orange Tsai (@orange_8361) of DEVCORE Research Team chained 3 bugs to achieve Remote Code Execution as SYSTEM on Microsoft Exchange, earning a whooping $200,000 and 20 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin

Needle in the haystack: LLMs for vulnerability research I've distilled my experience of sending thousands and thousands of prompts for using LLMs to discover vulnerabilities into a single write-up. These are the conclusions I came to.. (link in comment)

👼GatewayToHeaven (CVE-2025-13292). I discovered a cross-tenant vulnerability in @GoogleCloud's #Apigee, allowing me to access other organizations' data (and sometimes even plaintext JWTs of end users). Below is the full breakdown of the exploit chain⛓️

Account Takeover in Facebook mobile app due to usage of cryptographically unsecure random number generator and XSS in Facebook JS SDK ($66,000) ysamm.com/uncategorized/2026…

We've published a new blog post by RyotaK @ryotkak He discovered 8 methods to bypass safety mechanisms in Claude Code, leading to arbitrary command execution. We recommend updating to v1.0.93 or later to fix this vulnerability (CVE-2025-66032). flatt.tech/research/posts/pw…

Just published my first blog post "Cache Deception CSPT: Turning Non Impactful Findings into Account Takeover" You can read the full write-up here: zere.es/posts/cache-deceptio…

Ironically, there is nothing more expensive than being poor. You likely had an unhealthy lifestyle that you never noticed because everyone around you had the same. You were stuck in a job that didn't allow you to become who you wanted to be, but you had so many urgent fires to put out, you had no way out. You wasted so much time and energy commuting every day because living hours away from your workplace was all you could afford. Any signs of ambition got shot down by your fellow "crabs in the bucket" who projected their insecurities on you, and who didn't want you to leave them behind. You've been learning the price of so many things, but you now have to learn the value of the things that matter. You had to unlearn all the lies and wrong beliefs that you were fed in a society where average people (with a bit of money) are always confidently wrong. Especially, you once genuinely believed that the game was fair and that "hard work" alone would get you rewarded. You had to relearn how to not live in the constant fear of being taken advantage of, and how to play games that make you thrive as a person, and not just survive. Especially, you had to rebuild your self-esteem, and understand that you can achieve way more than you think, but only if you have the courage to follow an independent path. And finally, you had to cultivate the mental strength to accept the painful fact that you had a very late start, but it doesn't matter, because you can start climbing today, and you will look back in many years with true confidence and a bit of pride, to the sight of everything you had to overcome to build the life you wanted.

If you could go back to the very start of your security/hacking/bug bounty journey, what is 1 piece of advice you would share with yourself? #bugbounty #hacking #hacker #security

With only 48 hours remaining in a bug bounty event, I used @HacktronAI CLI to perform large-scale analysis of several JDBC drivers. Netting $85,000 in total rewards. This write-up shows how AI-assisted vulnerability research is speeding up the work of researchers and leading to high-impact findings. Read here - hacktron.ai/blog/jdbc-audit-…

We let the Internet down today. Here’s our technical post mortem on what happened. On behalf of the entire @Cloudflare team, I’m sorry. blog.cloudflare.com/18-novem…

Amsterdam brought the 🔥! @salesforce #H13120 = one incredible Live Hacking Event 🇳🇱 Security researchers tackled AI challenges head-on—finding vulnerabilities, sharing insights, and shaping the future of secure innovation. #HackForGood #AISecurity #TogetherWeHitHarder

H1-6102 | Sydney 🇦🇺 🥇 shubs 🥈 alexandrio 🥉ajxchapman H1-468 | Stockholm 🇸🇪 🥇rhynorater 🥈 blaklis & snorlhax 🥉 doomerhunter H1-65 | Singapore 🇸🇬 (TikTok) 🥇 m4ll0k 🥈 avishai 🥉mrhavit H1-65 | Singapore 🇸🇬 (OKX) 🥇 corraldev 🥈 hackerontwowheels 🥉 ledz1996 H1-515 | Des Moines 🇺🇸 🥇 none_of_the_above 🥈 ali 🥉 zlz, ziot, nahamsec

What. A. Day. ⚡ We kicked off #H13120 Community Day with @Salesforce—where security researchers shared insights on AI, protocol security, and social engineering, and wrapped up with a welcome reception to learn and connect. #HackForGood #TogetherWeHitHarder #AI 📸:

⚡️ @Salesforce, HackerOne, and the researcher community are back again. This time heading to Amsterdam for #H13120 to test AI security. #TogetherWeHitHarder #HackForGood

What a moment! #LVM3M5 lifts off with #CMS03, marking another milestone in India’s space journey. Relive the liftoff highlights

Find the full article here ⤵️ yeswehack.com/learn-bug-boun…

You found a bug. You wrote the PoC. You hit Submit. …but what happens next? 👀 Join Sameer @sameer_bhatt5 , Senior Triager @HackerOne, as he breaks down what really goes on behind triage, reports, reviews, rejections & rewards! 🎯 Pure triager insights 🎁 PentesterLab giveaways 🔗 Event link - h1.community/events/details/… #BugBounty #bugbountytips

And we're live! #H1468 hacking day has officially begun in Stockholm. Researchers are focused, keyboards are clicking. Let the collaboration begin! 💻🔍