-
Tweets51
-
Followers4K
-
Following73
-
Likes36
🚨 CVE-2026-1731 🚨 Our team discovered a critical pre-auth RCE affecting BeyondTrust Remote Support & Privileged Remote Access. SaaS/Cloud instances have been patched. If you're running self-hosted deployments, apply the patches immediately. More info in the comments.
My research on CVE-2025-49113 is out. fearsoff.org/research/round…. Happy reading! #CVE #roundcube #poc @FearsOff
CVE-2025-49113 is a fascinating PHP Object injection in Roundcube webmail, a really nice find by the original finder. #roundcube #cve-2025-49113 #rce
New from us! Testing a Rails + Nginx app? This should be in your checklist. Read the blog to know how we disclosed Discourse database backups!
New Blogpost - We identified a vulnerability in Discourse where a misconfiguration in Rails send_file + Nginx's internal directive can expose database backups! projectdiscovery.io/blog/discourse… This issue isn't limited to Discourse. It can affect other Rails + Nginx apps with similar
I just published a new blog post sharing an improved Deserialization Gadget Chain for Ruby! It builds on the work of others, including Leonardo Giovanni, Peter Stöckli @GHSecurityLab and @wcbowling nastystereo.com/security/ruby-…
Check out our latest blog post! We dive into GitHub Enterprise’s SAML implementation and explore an authentication bypass in encrypted assertion mode. CVE-2024-4985 / CVE-2024-9487: GitHub Enterprise SAML Authentication Bypass. projectdiscovery.io/blog/github-en…
Checkout our new blogpost! In this post we talk about SAML and the recent Ruby-SAML Auth bypass. CVE-2024-45409: Ruby-SAML Auth Bypass in GitLab blog.projectdiscovery.io/ruby-saml-gitl…
My colleague @hash_kitten and I discovered a full-read SSRF vulnerability in Next.js (CVE-2024-34351). We published our research today on @assetnote's blog: assetnote.io/resources/rese…. Thank you to the Vercel team for a smooth disclosure process.
Check out my write-up on a seemingly harmless and limited send() in GitHub (CVE-2024-0200) and how it could be used to obtain environment variables from a production container and to achieve remote code execution in GitHub Enterprise Server: starlabs.sg/blog/2024/04-s…
Enjoy our next blog post this time an SQL Injection on Apple’s Infra. Another win nets us a $25,000 bounty! 💻💰 #AppleSecurity #Research #bugbountytips #bugbounty blog.projectdiscovery.io/hacking-apple-…
Check out our latest research blog, including detailed overview of how we discovered an SQL injection vulnerability (+ nuclei template) in Masa/Mura CMS and Hacked into Apple's Infrastructure. blog.projectdiscovery.io/hacking-apple-… #AppleSecurity #Research #CyberSecuirty #BugBounty
Check out our new blog post! We hacked into Apple Travel Portal (yes, again!) using a 0-day Remote Code Execution exploit. Part 1 is live now, stay tuned for the follow-up on another RCE worth a total bounty of $40k! blog.projectdiscovery.io/hello-lucee-le…
As the PoC is almost out, we are now publishing our analysis.
🚀 Just released our in-depth analysis of CVE-2023-22527, a critical RCE vulnerability in Atlassian Confluence Data Center & Server. 🛡️ Don't miss out on our findings and learn how to detect and protect your systems! 🔍 blog.projectdiscovery.io/atlassian-conf… #cybersecurity #CVE #RCE
@VietPetrus @iamnoooob @rootxharsh Nope, tested only on Confluence 8.5.3 and got the code execution working!
Reproduced the CVE-2023-46747 F5 Big-IP RCE via AJP smuggling. Props to @praetorianlabs for identifying this cool bug. @pdnuclei template dropping soon. Time to sleep😴 #f5-rce #CVE-2023-46747
Reproduced the AJP request Smuggling to access /tmui/* resources directly. Very interesting bug indeed, need to further look into post-exploitation. Until next time😴
Reproduced the AJP request Smuggling to access /tmui/* resources directly. Very interesting bug indeed, need to further look into post-exploitation. Until next time😴
F5 BIGIP is vulnerable to a smuggling request vulnerability that an attacker can exploit to achieve unauthorized RCE. Our vulnerability research team responsibly disclose this to F5, which released a hotfix today. hubs.ly/Q026ThPw0 #vulnerabilityresearch #f5 #cve
HTTP Request Splitting vulnerabilities exploitation offzone.moscow/upload/iblock/…
Here is the #exploit that targets the "VMWare Aria Operations for Networks" which has CVSS 9.8 and targets all the versions from 6.0 to 6.10 (CVE-2023-34039) 🔥 I just wrote the exploit, but the discovery credit is for @rootxharsh and @iamnoooob 👏 github.com/sinsinology/CV…
@LiveOverflow Just googled "literal_eval CTF" and landed here😂
Sam Curry @samwcyo
101K Followers 1K Following
Nicolas Krassas @Dinosn
158K Followers 770 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKZLB Posting content that I find interesting.
Luke Stephens (hakluk... @hakluke
100K Followers 2K Following Hacker, marketer. I manage socials and marketing for cybersecurity orgs. Founder of @hacker_content and @haksecio
InfoSec Community @InfoSecComm
56K Followers 636 Following Largest InfoSec publication with 80,000+ followers and 3M+ monthly views.
shubs @infosec_au
59K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
Gareth Heyes \u2028 @garethheyes
38K Followers 1K Following Web security researcher at PortSwigger. Author of JS for Hackers and Hackvertor. https://t.co/e0aNEbFb9D
Bug Bounty Reports Ex... @gregxsunday
54K Followers 613 Following Grzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.
James Kettle @albinowax
84K Followers 101 Following Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
Md Ismail Šojal �... @0x0SojalSec
46K Followers 5K Following Cyber_Security_Re-searcher || Ai Re-searcher || AI-Sec|| Malware Analysis II iOS || Pwn || 0SINT || Project AI-StrikeSec || 0ldAccounts Suspended @0xSojalSec ||
Tuan Anh Nguyen⚡️... @haxor31337
16K Followers 2K Following 30 y/o Bug Bounty Hunter and Red Team Lead at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @Bugcrowd
Youssef Sammouda (sam... @samm0uda
41K Followers 590 Following Security Researcher/Hacker 1st in Meta bug bounty program for 6 years Opinions are my own and not my employer's.
Harsh Jaiswal @rootxharsh
22K Followers 1K Following Building @hacktronai | researching at @httpvoid0x2f | auditing at @cure53berlin | prev @zomato @vimeo @pdiscoveryio
ProjectDiscovery @pdiscoveryio
42K Followers 144 Following Real, exploitable vulnerabilities. No noise. Nuclei scans fast. Neo closes the loop. @pdnuclei × @neo_ai_engineer
Rahul Maini @iamnoooob
15K Followers 2K Following Research at @httpvoid0x2f @HacktronAI, before @pdiscoveryio
MorningStar @0xMstar
20K Followers 1K Following security researcher , bug bounty hunter ,bugcrowd top 10, co-founder https://t.co/1bT321Ayen, https://t.co/WqLPzN7PyL
张惠倩 @momika233
19K Followers 236 Following Anda boleh melakukan segala-galanya dari syurga ke bumi, wanita kecil!! If you have any questions, please contact me https://t.co/MkzsavUU9V
Peter M @pmnh_
3K Followers 560 Following aka pmnh / ex-Security researcher / Synack #1 SRT 2022-2023 / Synack, HackerOne, BC / Deep recon / source code analysis. Opinions my own, not employer.
Ukinami @UkinamiSec
0 Followers 10 Following
MalakaBudala @MalakaBudala6
1 Followers 284 Following
Shiva @shiva_websec
7 Followers 289 Following Bug Bounty Hunter | Web Security Enthusiast | Learning & Exploring Cyber Security
H jjj @h_jjj30098
0 Followers 79 Following
Vikas Kathuria @kathuriavikas99
59 Followers 2K Following Wannabe Ninja, Djoker fan ▪︎ SWE by day ▪︎ Prev @zscaler, @IBM ▪︎ Alum @SCUEngineering, @NSUT_OFFICIAL
Hacker Stickers @HackerStick3rs
3K Followers 7K Following we're just here to spread neat hacking and cybersecurity related stickers. need high quality vinyl stickers made? DM us.
0xmaddy | Tech Adrena... @tech_maddy
461 Followers 1K Following Building secure AI systems | Dev x Security Engineer | Dm's open
Osur @Osur_Gaetano
36 Followers 2K Following Cybersecurity Analyst | Web Application Security | Bug Hunter | Backend application development
harsh raj @harsh38raj
0 Followers 65 Following
Tmawe Li @DRAGONFLAME1111
0 Followers 217 Following
Onkar Kolekar @Onkar_1604
1 Followers 53 Following
Satar @satar_nz
587 Followers 7K Following
!Ozymandias @0x0zzy99
327 Followers 1K Following
cmdexploit @cmdexploit
2 Followers 179 Following
Qanon @qanonfree
1 Followers 5K Following
0NullH @LiveMishko89553
0 Followers 22 Following
harsh @harsh5037346934
0 Followers 11 Following
tjenarvi @tjenarvi
22 Followers 95 Following
Gabriel Alves @Gabrie0x6c
1 Followers 109 Following
Lalit_m3c4 @Lalitbhosale6
54 Followers 1K Following Lets H4ck | Pentest | Research | Bounty | CTFs | Researcher 🄱🄴🄻🄸🄴🅅🄴 🄺🄰🅁🄼🄰
Ismail Arabi @IsmailArabi18
73 Followers 2K Following
Alena Minenkova @AlenaM15472
0 Followers 15 Following
Mr Bharat @BharatWorldWide
11 Followers 72 Following
Cavalcante Henry @Cavalcante9748
0 Followers 137 Following
MosaicRegressor @MRegressor10725
1 Followers 173 Following
Yassin Elgammal @yassinelgammal0
100 Followers 2K Following
Mohit Bansal @mohit062000
19 Followers 441 Following
0xadt204 @0xadt204
3 Followers 478 Following
jae woong choi @redmint38
0 Followers 32 Following
0xzdiox @0xzdiox
1 Followers 284 Following Assumptions fail before silicon does. Between states. Breaking invariants. Hardware Security Researcher Speaker @ BlackHat | c0c0n
Sam Curry @samwcyo
101K Followers 1K Following
shubs @infosec_au
59K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
Gareth Heyes \u2028 @garethheyes
38K Followers 1K Following Web security researcher at PortSwigger. Author of JS for Hackers and Hackvertor. https://t.co/e0aNEbFb9D
LiveOverflow 🔴 @LiveOverflow
160K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
James Kettle @albinowax
84K Followers 101 Following Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
PortSwigger Research @PortSwiggerRes
121K Followers 7 Following Web security research from the team at @PortSwigger
Youssef Sammouda (sam... @samm0uda
41K Followers 590 Following Security Researcher/Hacker 1st in Meta bug bounty program for 6 years Opinions are my own and not my employer's.
Harsh Jaiswal @rootxharsh
22K Followers 1K Following Building @hacktronai | researching at @httpvoid0x2f | auditing at @cure53berlin | prev @zomato @vimeo @pdiscoveryio
ProjectDiscovery @pdiscoveryio
42K Followers 144 Following Real, exploitable vulnerabilities. No noise. Nuclei scans fast. Neo closes the loop. @pdnuclei × @neo_ai_engineer
Frans Rosén @fransrosen
44K Followers 909 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
Rahul Maini @iamnoooob
15K Followers 2K Following Research at @httpvoid0x2f @HacktronAI, before @pdiscoveryio
Nicolas Grégoire @Agarri_FR
28K Followers 628 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricks
Kirill Firsov @k_firsov
4K Followers 376 Following Co-founder and CTO of @FearsOff | Protecting the World’s Top Crypto Exchanges & Financial Institutions | Cybersecurity Enthusiast
SinSinology @SinSinology
13K Followers 741 Following Pwn2Own 20{22,23,24*2,25*3,26*2}, i look for 0-Days but i find N-Days & i chase oranges 🍊
Ambionics Security @ambionics
2K Followers 92 Following A @LexfoSecurite solution. Ambionics is a native Continuous Threat Exposure Management (CTEM) solution that helps organizations reduce cyber exposure.
Charles Fol @cfreal_
4K Followers 709 Following @Synacktiv – previously @ambionics @LexfoSecurite – blogs: https://t.co/cLoNdCGPU7 https://t.co/JVMLjUzTJU https://t.co/t9a5IcOXSU
Ngo Wei Lin @Creastery
1K Followers 534 Following www = web web web · Staff Security Engineer @praetorianlabs · Previously 🌐 Security Researcher @starlabs_sg · Plays CTFs with HATS SG. Opinions are my own.
Pierdet Antoine @AntoinePierdet
4 Followers 80 Following
Anthony. @AnthonySecurity
2K Followers 2K Following Founder @HiveSecLtd, AI / . / Offensive Security
Stephen Fewer @stephenfewer
10K Followers 258 Following Senior Principal Security Researcher @rapid7. Specializing in software vulnerabilities and exploitation.
frycos @frycos
4K Followers 520 Following Private account! Red teamer @codewhitesec. @[email protected] @frycos.bsky.social
Piotr Bazydło @chudyPB
5K Followers 318 Following Principal Vulnerability Researcher at watchTowr | Previously: Zero Day Initiative | @[email protected]
ch @chybeta
14K Followers 5K Following open to bug bounty collaboration @HackenProof Security Researcher Just dm https://t.co/VVU1OV5yz6
VCSLab @vcslab
3K Followers 27 Following This is the Twitter channel of VCSLab - the research team of Viettel Cyber Security
Khoa Dinh @_l0gg
2K Followers 117 Following
Simon Pieters @zcorpan
3K Followers 846 Following Web standards engineer @mozilla ✍️ https://t.co/2fFzurhkPa & https://t.co/ljBt9EU7zR
Soroush Dalili @irsdl
20K Followers 942 Following Hacker (ethical), web appsec specialist, trainer, tools builder & apps breaker 🕸️https://t.co/YipuTcYnWc🥷 🍏A dad-joke maker🍐
浅蓝 @b1u3r
3K Followers 204 Following
huli @aszx87410
5K Followers 424 Following Taiwan / Front-end Engineer <=> Security Researcher. Interested in web. CTF player at @Water_Paddler
Pham Khanh @rskvp93
2K Followers 373 Following Security Engineer at @calif_io. Winner of Pwn2own Vancouver 2021, Torento 2022, Vancouver 2023. MSRC top 100 2019, 2020, 2021.
Arseniy Sharoglazov @_mohemiv
4K Followers 252 Following Penetration Tester at Positive Technologies, likes to share what I learn with others | @ptswarm
Nir Goldshlager @Nirgoldshlager
9K Followers 585 Following Senior Director of Product Security at https://t.co/vjnYDTNyOW Disclaimer: I speak for myself, not my employer.
Emil Lerner @emil_lerner
3K Followers 391 Following Independent security researcher. CTO & co-founder of https://t.co/F296lUgKA8. Bushwhackers CTF team.
terjanq @terjanq
11K Followers 271 Following security enthusiast that loves hunting for bugs in the wild. co-founder and player of @justCatTheFish. infosec at @google. opinions are mine.
@[email protected]... @SecurityMB
11K Followers 284 Following Improving the world’s security at Google. Opinions are mine.
Eduardo Vela @sirdarckcat
13K Followers 614 Following not mad. mentally divergent. personal profile, opinions my own. everything I say is probably wrong. @Google
Matthias Kaiser @matthias_kaiser
7K Followers 1K Following Vulnerability Researcher. 0xACED. Ex-Apple. Now @matthiaskaiser.bsky.social
Maciej Piechota @haqpl
4K Followers 1K Following I’m a security enthusiast and technology polyglot, pug lover and drum’n’bass head. Vice Cpt @justCatTheFish, Daily Pwning @ElectrovoltSec @cure53berlin
Zeddy @ZeddYu_Lu
2K Followers 410 Following Web Developer | CTFer | Security Researcher. Play CTFs w/ Tea Deliverers and @Water_Paddler. Like cats. Looking for jobs in HK and SG.
smaury 4.8 @smaury92
4K Followers 2K Following Co-Founder @ShielderSec | Cliff Jumping Lover (23mt max so far) | ♫ I knew all the rules but the rules did not know me. ♫
wvu @wvuuuuuuuuuuuuu
6K Followers 2K Following Sentient one-liner grepping the Internet for signs of intelligence.
Jun Kokatsu @shhnjk
6K Followers 123 Following Hacking the Web, Browsers, and Agents. Opinions are my own.










































