Six months ago we discovered an Authentication Bypass Vulnerabiity in the @auth0 platform. After working with them, today, we can disclose the full details. Read our blog post here: medium.com/@cintainfinita/kn…

Bug Bounty Village @ @ekoparty 2026 is now looking for sponsors! With the support of our sponsors, we're able to keep growing the Village year after year, bringing talks, challenges, networking opportunities, swag, prizes, and unforgettable experiences to the bug bounty community. If your company wants to connect with hundreds of security researchers, bug bounty hunters, and offensive security professionals from across LATAM and beyond, we'd love to talk. 📩 bugbountyvillage@ekoparty.org #BugBounty #CyberSecurity #InfoSec #Ekoparty #BugBountyVillage #HackerCommunity

Come on! We need to unlock the transparent case!!!! Go go go !!!! Show your love to @herrmann1001 and team!

Nos fuimos unos días a vivir la primer edición de @ekoparty Miami junto a @BugBountyArg y documenté todo en un VLOG. Espero que les guste :) youtu.be/ZRFrmwk_0MU

Just successfully exploited my first web race condition using the techniques described by @albino_wax in Smashing the State Machine. With a bit of AI, I identified a race in an authorization check where shared state between concurrent requests could be overwritten by a higher-privileged user. By triggering the race condition during authorization validation, I was able to bypass access controls and retrieve data belonging to users from other organizations. A great reminder that sometimes the bug isn't in the authorization logic itself, but in when that logic executes. Thanks @albinowax for the excellent research and methodology.

I know it is really hard to understand how much better and improved the proxmark3 has become over the years. Here is a graphic list of the following card technologies that is currently supported in #proxmark.

Meet the Burp Ambassadors: @soyelmago 🇦🇷 Alan Levy is a Buenos Aires-based security consultant, content creator, and founder of @BugBountyArg. He’s also behind LATAM’s first online bug bounty conference: BountyMagicCon. #BurpAmbassador #BurpSuite

Everything in the Proxmark3 Iceman firmware. Every iCLASS, SEOS, Mifare, UL-AES, FeliCa update. Every late night debugging session. None of it is sponsored. All of it is open source. If it has saved you time or taught you something, consider buying me a coffee. Patreon this week: promo code 82409 for a discount. patreon.com/iceman1001 #Proxmark3 #RFID #OpenSource #InfoSec

Hacker

When I started seriously getting into RFID security, the information landscape was a mess. Forum threads from 2009 with broken links. Research papers behind paywalls. Knowledge sitting in private Slack channels and IRC rooms that you needed to already know someone to access. The people who knew things weren't being gatekeepers intentionally, the tooling just hadn't created a natural gathering point yet. Then there was the Proxmark forum, the center of it all for a decade. Not https, and overrun with spam. Haters flooded it with spam. That's part of why the Discord server exists. It's now the largest RFID hacking community online with members from 40 countries, spanning everyone from published researchers presenting at DEF CON and Black Hat to people who received their first Proxmark3 last week and aren't sure which end to point at the card. The mix is deliberate. Beginners ask the questions that experts stopped asking years ago. Those questions are often the most interesting ones. "Why does this card respond to `lf search` but not `hf search`?" leads to a surprisingly fun conversation about frequency, modulation, and why the protocol landscape is the way it is. If you're into RFID, NFC, access control security, or hardware hacking in general, the door is open. discord.gg/iceman #RFID #NFC #CyberSecurity #InfoSec #HardwareSecurity #Community #Proxmark3 youtube.com/@iceman1001 github.com/RfidResearchGroup…

"iClass is secure" Sure. Until the firmware was extracted and master keys leaked. Then: "use iClass SE" Until the crypto was reversed, tear-off attacks published, and SAM support. Then: "use SEOS" Until the SAM got hacked and SAM support landed in Flipper Every proprietary RFID system follows the same arc. Obscurity. Breach. Patch. Repeat. Open standards with real crypto exist. Nobody wants to replace the hardware. #iClass #HID #SEOS #RFID #Proxmark3 #PhysicalSecurity github.com/RfidResearchGroup… x.com/herrmann1001

Hacking del bueno

Está mal que conozca todos esos pececitos? Gracias Win98 por todo lo brindado.

Emily Noble Notation of Harmonic Scale to No.8 Cello G, 1908

👾🥰❤️👾

Graphic designers back in day were incredible. Can you name all four games?

Merry Christmas! 🎄✨ All music at lukhash.bandcamp.com is now FREE to download 🎁 It’s also DMCA-safe if you want to use it on your Twitch streams 👾🎶 Hope you have a great time! 🎄❤️

You can now play Grand Theft Auto: Vice City right in your browser! Try it here: dos.zone/grand-theft-auto-vi…

IMPECABLE.

Mi sitio de cabecera