alex @insertScript
@[email protected] # https://t.co/liE6hop4OX Array(10).join('a'-1)+ Batman! #Cure53 Joined June 2012-
Tweets2K
-
Followers7K
-
Following217
-
Likes13K
Damn, what a read
StubZero: $148,337 RCE in Google Cloud Production brutecat.com/articles/googl…
@magicmac2000 I had to double check that this is actually a new post from you. Nice to see back giving browsers a hard time :-D
FFFF the axios thing is bad, almost all node.js project use it, we use it. didn't want to install some tool with a bunch of deps just to check if our gcloud/docker images are affected, trivy literally got supply chained two weeks ago lmao built me a small tool. stdlib only, just shells out to docker/gcloud cli. if those are compromised we're all cooked anyway. CHECK YOUR IMAGES. github.com/hacktronai/cull
@AmirMSafari Well I learned a lot trying to solve this challenge. But mainly I was reconfirmed that @kinugawamasato is basically living in browsers. Took him 1 hour 11minutes to solve it (assuming he read my message sharing this challenge frame perfect)
@shhnjk Hm does that work with img and alt text as well 🤔Would be funny especially when you have full control of the remote image
Again just a quick JS PoC (nothing new, just some PoC to try it): JS Array length of 4294967295, and push vs [][length]=value behavior. Push fails, assignment works but length value isn't increased anymore. Don't really see how this can be abused. insert-script.com/examples/javas…
Your chance to be part of a historic event for cryptography education in the Levant is still open! The CFP for Cedarcrypt, the most ambitious and exciting cryptography event in the Levant region in recent memory, has a deadline of April 10 and we still have room in the program. If you've been meaning to submit a talk, workshop, or research presentation, now's the time. We want hands-on workshops, lectures on both foundational and real-world topics, and research talks including work in progress. Topics range from post-quantum crypto and ZK proofs to secure implementation and protocol verification. We're also still actively seeking sponsors. Sponsorship funds student stipends directly — it's how we make the event accessible to grad students and early-career researchers worldwide. If your organization is in this space, let's talk. Accepted speakers get travel support, free registration, and accommodation help. July 13–16, Paphos, Cyprus. Join us in making a real difference in how real-world cryptography is taught in the Levant! Come meet and engage with excited new students! cedarcrypt.org
@rebane2001 The only solutions I can think of: Overwrite the prototypes - Number or Object use document.all as the one exception. Afaik no symbols are utilized sadly for this operator.
We take a closer look at the 2nd exploit, and sit down with @_manfp to learn about his research process. youtube.com/watch?v=NT1VCm…
@garethheyes Given how much you always implement in your lunch time - do you eat with one hand and program with the other? :-D
@zhero___ First AmirMSafari publishes an interesting parsing quirk of qs - you are going to (hopefully) publish a report about a new cross-site data exfiltration technique. I like the start of the year .-D
Thanks for participating in this challenge! I analyzed the qs parser source code and wrote about the inconsistency between the backend and frontend query parsers, along with two possible solutions. Hope you enjoy it! blog.voorivex.team/when-two-parse…
Can you spot the XSS vulnerability? 👀 Test it out live at: pwnbox.xyz
Chrome auto decodes all url-encoded, non-special characters in the URL for the user. This can be annoying when you're trying to sneak a payload in that looks a little weird. You can bypass this by adding %ff anywhere in the URL.
Come be part of Cedarcrypt, our historic new initiative to grow cryptography research, development and representation in the Levant region! For too long, the global cryptography community has concentrated its major events in a handful of locations, leaving entire regions underrepresented in the conversations that shape our digital future. Cedarcrypt is here to change that. This July 13-16, 2026, we're bringing together researchers, practitioners, and students at the American University of Beirut - Mediterraneo campus in Paphos, Cyprus, for four days of intensive learning, knowledge sharing, and community building. From secure messaging protocols to post-quantum cryptography, from zero-knowledge proofs to formal verification, Cedarcrypt aims to cover the full spectrum of applied cryptography. Cedarcrypt is about planting a flag and telling the world that real cryptography work can and does emerge from our region. Cedarcrypt aims to create a space where the next generation of cryptographers from the Levant and beyond can learn from established experts, present their own research, and forge connections that will shape their careers. We need you to make this happen. We're seeking workshop leaders to teach hands-on skills, lecturers to share foundational and cutting-edge knowledge, and researchers to present their latest work. Whether you're a seasoned professor or an early-career researcher with fresh ideas, there's a place for you at Cedarcrypt. This is the first edition of what we intend to become an annual tradition. Come be part of our history! Help us build something that will inspire and empower cryptographers for years to come. Our call for proposals is open: submit your workshop or talk, or simply learn more about Cedarcrypt at cedarcrypt.org!
Happy to publish our first research of the year on the SvelteKit framework, downloaded over 800,000 times per week, which led to CVE-2025-67647 (w/@inzo____): Avoiding the paradox: A native full-read SSRF and one‑shot DoS in SvelteKit zhero-web-sec.github.io/research-and-t… Enjoy the read
Leaking FXAuth Token leading to account takeover ($65,000) ysamm.com/uncategorized/… Instagram account takeover via Facebook Pixel script abuse ($32,500) ysamm.com/uncategorized/… Multiple XS-leaks disclosing Facebook users in third-party websites ($8,400) ysamm.com/uncategorized/…
Quick browser documentation PoCs (nothing new, just some PoCs to try it): Postmessage with null origin and null source- insert-script.com/examples/ifram… Authorization header and redirects - relevant for client side path traversal insert-script.com/examples/redir…
New research just dropped on the Critical Research Lab! Big thanks to @0xn3va, come read it at: lab.ctbb.show/research/langs…
Gareth Heyes \u2028 @garethheyes
38K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
Ben Sadeghipour @NahamSec
247K Followers 1K Following Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
LiveOverflow 🔴 @LiveOverflow
160K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
shubs @infosec_au
58K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
@[email protected]... @SecurityMB
11K Followers 284 Following Improving the world’s security at Google. Opinions are mine.
James Kettle @albinowax
83K Followers 102 Following Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
Suraj @PwnFunction
42K Followers 810 Following
STÖK ✌️ @stokfredrik
138K Followers 1K Following Hi.. im that hacker / creative that your friends told you about.,
Youssef Sammouda (sam... @samm0uda
41K Followers 590 Following Security Researcher/Hacker 1st in Meta bug bounty program for 6 years Opinions are my own and not my employer's.
Tuan Anh Nguyen⚡️... @haxor31337
16K Followers 2K Following 29 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @Bugcrowd
Harsh Jaiswal @rootxharsh
22K Followers 1K Following Building @hacktronai | researching at @httpvoid0x2f | auditing at @cure53berlin | prev @zomato @vimeo @pdiscoveryio
Frans Rosén @fransrosen
43K Followers 907 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
Nicolas Grégoire @Agarri_FR
28K Followers 628 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricks
Justin Gardner @Rhynorater
37K Followers 2K Following Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 4x LHE MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️
Soroush Dalili @irsdl
20K Followers 941 Following Hacker (ethical), web appsec specialist, trainer, tools builder & apps breaker 🕸️https://t.co/YipuTcYnWc🥷 🍏A dad-joke maker🍐
ϻг_ϻε @steventseeley
23K Followers 557 Following Artist disguised as a logician. Pwn2Own Winner. Spiritual Alchemy. An adept in the making.
InfoSec Community @InfoSecComm
55K Followers 635 Following Largest InfoSec publication with 80,000+ followers and 3M+ monthly views.
spaceraccoon | Eugene... @spaceraccoonsec
26K Followers 314 Following Author of "From Day Zero to Zero Day" - No Starch Press. Every day is 0day! Personal profile - all opinions expressed are my own.
lcamtuf @lcamtuf
40K Followers 499 Following Substack: https://t.co/yFvmNisGW3 Homepage: https://t.co/iFAXZxCO5H
Bornunique911 @bornunique911
589 Followers 4K Following Self-taught Cybersecurity enthusiast | 500+ rooms on TryHackMe & HTB | 100+ CTF's via https://t.co/I0tVpqLFOP | CompTIA Sec+ Certified | Always learning & growing
oxqat3any @HZayeid
19 Followers 504 Following
Rebane @rebane2001
15K Followers 2K Following 🇪🇪🏳️⚧️ | Archivist | 12 CVEs in Chrome | CSS sophomore | MapartCraft | Puppy | Horse | rebane2001#3716 | Lyra (she/her) 🦊 @[email protected]
zerobatman @zerob4tman
1 Followers 66 Following
Houssam Miliani @N0rmalizer_
38 Followers 618 Following
vk0vac @VladKovac
11 Followers 164 Following
bugsploiterr @systempwn3d
19 Followers 2K Following
Satar @satar_nz
589 Followers 7K Following
Mahesh Garud @0xmaheshh
1 Followers 120 Following Pentester | • Web • Mobile • API • AI Security | Product Security
EMiR @EMiR__01
39 Followers 2K Following
Peterson Benjamin @PetersonBe15354
0 Followers 97 Following
He4am @he444am
2 Followers 357 Following
DuxSec @DuxSec
0 Followers 23 Following
Qanon @qanonfree
0 Followers 5K Following
Mavo 🇺🇦 @mavo123456
26 Followers 61 Following Open Source Optimization Framework Developer Get full length posts at https://t.co/bP44s96IgA
عُمَرْ - 0mer @0mer_Xoshnaw
43 Followers 699 Following
Antoine @Lite4447
1 Followers 108 Following
Rohit Agarwal @r0hit0303
17 Followers 113 Following Full-time dad x2 | Privacy engineer @ Brave | Ex-TL @ Chrome Incognito | https://t.co/LI4QbpHDhT | Opinions my own.
Amr Elsadek @AmrElsadek2004
5 Followers 181 Following
whxbi | وكسبي @my0dy
59 Followers 612 Following وَإِنّي لَغَفّارٌ لِمَن تابَ وَآمَنَ وَعَمِلَ صالِحًا ثُمَّ اهتَدى
Radiant Melody @Radiant_Melody
1 Followers 60 Following
snillxsec @snillxsec
21 Followers 64 Following
Raju Repalle @RajuRepalle18
88 Followers 446 Following YouTube Creator | Love to talk with people about - Hacking | Web3 | IoT
Prasad @Prasad36314186
23 Followers 96 Following Affiliate marketer Entrepreneur I want to help some people to earn
AmirMohammad Safari @AmirMSafari
8K Followers 409 Following Part-time bug hunter, full-time thinker of thoughts nobody asked for
3NTIT_Y @entit_yy
61 Followers 544 Following I'm building a knowledge management system for ethical hackers
PoiuLkjh @PoiuLkj97148459
32 Followers 3K Following
art of fugue @bachchain
167 Followers 2K Following
Huy Nguyen @HuyNguy03889789
9 Followers 827 Following my account somehow got hacked and spammed. Too lazy to clean it up, so just ignore the posts
Aituglo - Cassim @aituglo
2K Followers 393 Following Full time Bug Bounty Hunter | 2x MVH YesWeHack LHE | @CaidoIO ambassador | Weekly newsletter at https://t.co/25ZYGAYiQc
Nemuel Wainaina @n3mu3lw
61 Followers 813 Following
Sheldon @ArtimusLeton
8K Followers 7K Following Technologist, humanist, thinker, traveler 🤓🦀 ex Fortune 10 IT security + BTC || supporting @OmnityNetwork, @ChessOnChain, developers and advisory clients
Mian @MianHIZB
19 Followers 291 Following BUg Hunter__ {{7*7}} OR -`confirm()`- Discord : mian_.0 Let me know if there is something to talk about.
Aels @AelsMartin
76 Followers 586 Following That USA Secret Service's Most Wanted guy. The FBI still owes me 10m$. Truth, Love, JavaScript.
four0four @f0ur0four
121 Followers 974 Following Student | Security Researcher | CTFs with @ARESxCTF, @malta_ctf
dddd @Xp87167344
1 Followers 391 Following
Azrieeeeel_ @Moch_Azril14
21 Followers 445 Following
Intigriti @intigriti
209K Followers 666 Following Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
Gareth Heyes \u2028 @garethheyes
38K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
Ben Sadeghipour @NahamSec
247K Followers 1K Following Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
LiveOverflow 🔴 @LiveOverflow
160K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
PentesterLab @PentesterLab
204K Followers 0 Following We make learning web hacking and security easier. Online systems, code review, videos & courses that can be used to understand, test and exploit bugs!
@[email protected]... @SecurityMB
11K Followers 284 Following Improving the world’s security at Google. Opinions are mine.
Nicolas Krassas @Dinosn
157K Followers 763 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKZLB Posting content that I find interesting.
PortSwigger Research @PortSwiggerRes
120K Followers 7 Following Web security research from the team at @PortSwigger
chompie @chompie1337
88K Followers 1K Following hacker, exploit developer/weird machine mechanic head of X-Force Offensive Research (XOR) @IBM
James Kettle @albinowax
83K Followers 102 Following Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
Suraj @PwnFunction
42K Followers 810 Following
STÖK ✌️ @stokfredrik
138K Followers 1K Following Hi.. im that hacker / creative that your friends told you about.,
Binni Shah @binitamshah
141K Followers 165 Following Linux Evangelist, Malwares, Security enthusiast ,Investor,World Economy, Finance,Contrarian , Philanthropist , Reformist , Sigma female [email protected]
Frans Rosén @fransrosen
43K Followers 907 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
Nicolas Grégoire @Agarri_FR
28K Followers 628 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricks
Justin Gardner @Rhynorater
37K Followers 2K Following Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 4x LHE MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️
Soroush Dalili @irsdl
20K Followers 941 Following Hacker (ethical), web appsec specialist, trainer, tools builder & apps breaker 🕸️https://t.co/YipuTcYnWc🥷 🍏A dad-joke maker🍐
ϻг_ϻε @steventseeley
23K Followers 557 Following Artist disguised as a logician. Pwn2Own Winner. Spiritual Alchemy. An adept in the making.
ippsec @ippsec
123K Followers 365 Following
lcamtuf @lcamtuf
40K Followers 499 Following Substack: https://t.co/yFvmNisGW3 Homepage: https://t.co/iFAXZxCO5H
skull @brutecat
7K Followers 371 Following hacker, security researcher. 21. i run a blog @ https://t.co/cBW6gzTpV2
AmirMohammad Safari @AmirMSafari
8K Followers 409 Following Part-time bug hunter, full-time thinker of thoughts nobody asked for
Nowasky @nowaskyjr
2K Followers 100 Following Ademar Nowasky Junior | Sponsor my research: https://t.co/USVXKJdest
Sonar Research @Sonar_Research
11K Followers 6 Following Cutting-edge security research by @SonarSource to educate the world about code security across all software. We're also at @[email protected] 🦣
Rebane @rebane2001
15K Followers 2K Following 🇪🇪🏳️⚧️ | Archivist | 12 CVEs in Chrome | CSS sophomore | MapartCraft | Puppy | Horse | rebane2001#3716 | Lyra (she/her) 🦊 @[email protected]
Martin Doyhenard @tincho_508
3K Followers 224 Following Security Researcher at PortSwigger. Speaker at BlackHat, DEF CON, RSA, Hack In The Box, Troopers, EkoParty
Jorian @J0R1AN
2K Followers 416 Following Normalize being weird. (also here: https://t.co/cr9Y0kDEBi)
Hacktron AI @HacktronAI
4K Followers 10 Following Hacktron is an autonomous vulnerability hunter for ambitious engineering teams. Built by world-class security researchers. Powered by one principle: PoC || GTFO
slonser @slonser_
5K Followers 206 Following Co-Founder @neploxaudit. CTF team @C4TBuTS4D Security Researcher.
Valentino Massaro @valent1nee
1K Followers 177 Following
PraSec @PraSec_conf
126 Followers 0 Following PraSec (Prague Security) is an IT security (hacking if you prefer) event which brings together similarly minded people from our beloved industry.
splitline 👁️🐈... @_splitline_
2K Followers 605 Following 友民党 / CTF with ${cYsTiCk} / @D3VC0R3 / Tâi-gí, zh-TW, en-US, es-PY / 🐈⬛
Chris Evans @scarybeasts
25K Followers 201 Following CISO and Chief Hacking Officer at HackerOne. Past: Founded {vsftpd, Chrome security, Google Project Zero}; Tesla; Dropbox. Hacker / Researcher. beebjit.
GMO Flatt Security In... @flatt_sec_en
909 Followers 1 Following Building AI that finds & fixes web security bugs — autonomously. SOTA in white-box bug hunting. Try Takumi: https://t.co/zruO7dgEcc
RyotaK @ryotkak
11K Followers 660 Following Security researcher? | Icon: @MelvilleTw | Private: @RyotaK_Private | Misskey: https://t.co/63E5Rpv2pk | Blog: https://t.co/c7NFQXhV90
Simone Margaritelli @evilsocket
48K Followers 2K Following Music, cybersecurity, open source and AI • Author of bettercap, pwnagotchi, opensnitch, bleah, legba and a few other things. Chief Architect @ 🥷
Erik Donker @kire_devs_hacks
634 Followers 472 Following I develop stuff and I hack things. #6 Microsoft MSRC 2024 Most Valuable Researcher. Two times consecutive #1 Dynamics 365/Power Platform security researcher.
Gal Weizman @WeizmanGal
2K Followers 557 Following Security Researcher of Browsers, JavaScript and Web • Created SnowJS (acquired by @metamask’s LavaMoat) • Now @paloaltontwks
Kévin GERVOT (Mizu) @kevin_mizu
7K Followers 779 Following Vulnerabilty researcher at @assetnote 🐛 | DOMLogger++ developer 👨🏻💻 | CTF with @FlatNetworkOrg, @rhackgondins 🦦 | @ECSC_TeamFrance 2023 🇫🇷
David Buchanan does n... @David3141593
17K Followers 754 Following add my blog to your RSS reader or something. also @[email protected], at://retr0.id
h43z @h43z
5K Followers 397 Following Interested in the unexpected - js, web, security, linux, mind, religion, drugs, history, psychology, culture, freedom and trailrunning
Chromium Disclosed Se... @BugsChromium
8K Followers 0 Following Tweets publicly disclosed bugs in Chromium. Not an official Google product. Run by @SecurityMB. Mastodon: @[email protected]
C:\hristian Mehlmauer @firefart
3K Followers 3K Following I hacked the planet - opinions are my own - Mastodon: https://t.co/FTAelGh7DO
BrunoZero @BrunoModificato
2K Followers 432 Following CTFer for: @Water_Paddler / Security auditor @osec_io my writeups: https://t.co/XurIhbWdj7 24y
Arseniy Sharoglazov @_mohemiv
4K Followers 253 Following Penetration Tester at Positive Technologies, likes to share what I learn with others | @ptswarm
Jakob Inf @JakobInf
7 Followers 8 Following
Renwa @RenwaX23
9K Followers 61 Following
SentinelOne @SentinelOne
58K Followers 1K Following ONE autonomous platform to prevent, detect, respond, and hunt. Do more, save time, secure your enterprise: https://t.co/N75g1HAnCs 🐱💻
ΡΛSCΛLSΞC @PascalSec
4K Followers 498 Following 👨💻 Team Lead Sol. Engineering @Intigriti 📺 Hacking Content Creator at @Hacksplained (paused) Views are my own and don't reflect the views of my employer.
Reconless @0xReconless
6K Followers 3 Following Security research, blogs, and videos by @filedescriptor, @ngalongc & @EdOverflow YouTube: https://t.co/IGj1aW40ro
SecuriTEA & Crumpets @SecuriTnC
194 Followers 60 Following Talking all things security with professionals, hosted by @LewisArdern Upcoming Guest: Gareth Heyes - PortSwigger Join the community! https://t.co/6m1KmgQENr
maia @joaovitormaiaa
204 Followers 884 FollowingTrends for United States
You might like
