I may have organized a challenge (or two) for upCTF by @xstf_team, starting in 14 hours!
Register now for a chance to win cool prizes 🥷
06.03.2026 18:00
👍 0
🔁 0
💬 0
📌 0
I may have organized a challenge (or two) for upCTF by @xstf_team, starting in 14 hours!
Register now for a chance to win cool prizes 🥷
This blog site of @samm0uda is a treasure trove of everything Meta (Facebook, Instagram, Oculus) hacking 👇
Lost in Translation: Exploiting Unicode Normalization
With this research, ryancbarnett and 4ng3lhacker added another layer of understanding to this area. They introduced a lot of very interesting techniques.
Check it out 👇
Playing with HTTP/2 CONNECT by @fl0mb.bsky.social
This research explores how HTTP/2 CONNECT can be utilized for port scanning. It may also bypass traditional network inspection tools, which opens up a lot of possibilities.
Check the blog👇
Many people overlook Android hacking due to the challenges associated with configuring emulators and proxies.
Thankfully, there's a comprehensive guide from @bugcrowd.com that walks you through the setup process.
Tired of hitting 403 errors during your security testing?
NoMore403 by @devploit automates bypass techniques to get past those pesky restrictions.
Try it at 👇
github.com/devploit/nomore403
CewlAI by @rez0__ takes your domains, learns the naming patterns, and generates new variations using Gemini, OpenAI, WhiteRabbitNeo, or a local Ollama model.
It's great to expand recon and improve permutations👇
Vulnerability Spoiler Alert Action by @spaceraccoonsec
It monitors repositories and uses Claude to detect patching of security vulns. This early warning can give security teams more time to patch before the CVE drops.
GitHub repo👇
Hackian uncovered interesting business logic flaws in SonarQube and n8n.
Blog post by @pcuco92👇
Replace "cross-site-scripting" with any other vulnerability type and your feed will be updated each time someone publishes an article with that tag.
Then, you can also combine this with AI/n8n etc to classify a post as interesting/novel and post to a Discord webhook, so you get notified about it.
Did you know that you can subscribe to topics using RSS on Medium?
For example, if you want to receive updates about cross-site scripting, simply use this link:
https://medium[.]com/feed/tag/cross-site-scripting
ASN/CIDR lookups are massively underrated for recon.
Start with a company name. Find all their assets. Get instant ASN to CIDR lookups, IP/DNS/ORG resolution, and JSON/CSV output 👇
ASN/CIDR lookups are massively underrated for recon.
Start with a company name. Find all their assets. Get instant ASN to CIDR lookups, IP/DNS/ORG resolution, and JSON/CSV output 👇
Agentic ProbLLMs: Exploiting AI Computer-use and Coding Agents - by @wunderwuzzi23
Openclaw (Clawdbot) is cool and all but it’s also risky.
Make sure you get your bot audited with some better security practices 👇
https://auth0.com/blog/five-step-guide-securing-moltbot-ai-agent/
Manually hunting for endpoints and hidden parms in web apps?
Another nice tool from xnl_h4ck3r is xnLinkFinder that crawls targets, extracts links, discovers secrets, and builds target-specific wordlists.
Try it out 👇
https://github.com/xnl-h4ck3r/xnLinkFinder
404 page to RCE. A report by Spaceraccoon
Chained CVE-2007-0450 (mod_proxy traversal via %5C../) + CVE-2007-1036 (exposed JBoss console) + Java deserialization RCE with jexboss
Full report 👇
- WebSocket CORS Bypass: No origin validation means attackers can reach localhost through the victim's browser
- Instant RCE: Stolen token = full system access via arbitrary commands.
- gatewayUrl Parameter: A GET parameter automatically overrides the WebSocket gateway URL used by the Control UI
- Token Exfiltration: Visiting a malicious link leaks the victim's auth token to the attacker's server
💥 One click could completely compromise a OpenClaw / Moltbot / Clawdbot (CVE-2026-25253)
The vulnerability is now fixed, but here's how it worked:
- gatewayUrl Parameter: A GET parameter automatically overrides the WebSocket gateway URL used by the Control UI
- Token Exfiltration: Visiting a malicious link leaks the victim's auth token to the attacker's server
Very interesting techniques by Slonser.
If your AI agent is reading external data (especially from MCP servers), proceed with caution. Incoming data might trick your model into executing unintended actions.
Blog link 👇
Need to find the APIs the devs forgot about?
Combine waymore with xnLinkFinder or similar.
- waymore: Gathers the archived URL responses.
- xnLinkFinder: Extracts the hidden paths and parameters.
GitHub repos 👇
https://github.com/xnl-h4ck3r/waymore
https://github.com/xnl-h4ck3r/xnLinkFinder
Our pentesting agent found a 1-click ATO to RCE in @moltbot Gateway Control UI in under 2 hours.
Local instances can also be exploited with one click.
Patched in main, update now.
Watch the exploit 👇
This blog by @phwd_ has always been a great inspiration. It's a goldmine of everything about hacking @meta
Blog link 👇
It's been a while since I've tried to find bugs in Facebook. Maybe it's time to look into the new stuff.
I remember the days when we spent one entire day intercepting mobile app traffic by patching a native lib when nobody knew about it and finding an open redirect on instagram[.]com///evil.com
