Looking for some help, boosts appreciated:
Anyone with a security contact at Disney or ABC Network?
I know Disney has a bug bounty program, but the issue is with a third-party software leaking data from multiple companies.
Found no information as to who owns the software online and would like some help figuring out who to notify.
Which lesser-known Burp extensions do you swear by? Share your favorites below! 
<script>alert(1)</script> - 403 Forbidden
<img src=x onerror=console.log(1)> - 403 Forbidden
<svg onload=print()> - 403 Forbidden
I've recently encountered a web application firewall in a pentest, blocking all my attempts to insert an XSS payload.
In such cases, I love to use the #PortSwigger cross-site scripting cheat sheet: https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
I copied all payloads to the clipboard, pasted them into the Intruder's word list and hit the "Start attack" button.
Within seconds, I had a working proof of concept.
How do you use the XSS cheat sheet? I'm keen to know!
#Microsoft now pays up to $30,000 for some #AI vulnerabilities
New Open-Source Tool Spotlight 
Scopify is a Python-based recon tool for pentesters, leveraging `netify.ai` to analyze CDNs, hosting, and SaaS infra of target companies. Optional OpenAI integration adds AI-guided insights for deeper testing. Built by @Jhaddix & Arcanum-Sec. #CyberSecurity #BugBounty
Project link on #GitHub 
https://github.com/Arcanum-Sec/Scopify
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— 
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 
Druhou prosbou je, zda byste mohli udělat #bugbounty a ověřili u všech zprávobotíků, které sledujete, že skutečně běží (postují), i když třeba nepříliš často, a nareportovali mi, pokud najdete nějaký problematický/nefunkční? I když se snažím, nemám šanci vše uhlídat a tohle by hodně pomohlo. Díky i za to.
2/2
URLFINDER
#go URL discovery tool:
- different sources (alienvault,commoncrawl etc)
- filter by extensions/regex
- very fast (122000+ URLs in 30 sec):
https://github.com/projectdiscovery/urlfinder
Creator x.com/pdnuclei
90% of code will be writen by AI, they say...
And Bug Bounty Hunters...
Calling all Chromium developers and fans!
Ready to showcase your coding skills and earn up to $10,000? The Supporters of Chromium Based Browsers (SOCBB) Bug Bounty Program is live! Fix bugs in Chromium-based browsers like Chrome & Edge.
Contribute to repos like chromium, v8, Skia, and more! 
Payment via GitHub Sponsors.
Get started now: https://github.com/Supporters-Of-Chromium-Based-Browsers/Bug-Bounty-Program/blob/main/README.md
A new security fund opens up to help protect the #fediverse
https://techcrunch.com/2025/04/02/a-new-security-fund-opens-up-to-help-protect-the-fediverse/
This article outlines a method for performing reconnaissance, a crucial step in ethical hacking and cyber attacks. It involves the use of various Open Source Intelligence (OSINT) tools such as subfinder, amass, httpx-toolkit, waybackurls, Katana, and gauplus to discover, verify, and enumerate subdomains of a target system. By gathering this information, an attacker can better understand their target and potentially exploit vulnerabilities. #infosec #BugBounty #Cybersecurity
https://osintteam.blog/how-i-do-recon-d24bea0ff421?source=rss------bugbounty-5
New article with many personal firsts:
- First bug on Google's Vulnerability Reward Program
- First remote code execution bug
- First 5-figure bug bounty
- First CVE
What a ride.
#OpenAI now pays researchers $100,000 for critical vulnerabilities
New: OpenAI Bug Bounty program boosts max reward to $100,000, expanding scope and offering new incentives to enhance AI security.
Read: https://hackread.com/openai-bug-bounty-program-increases-top-reward/
Buenas! Ahora en un ratito estare resolviendo maquinas virtuales de portswigger en un live en caso de que le interese a alguien
With #CVE_2025_29927, Next.js has now suffered its second major vulnerability in just three months, following #CVE_2024_51479.
I originally built CVE Crowd with #NextJS.
However, as the application became more complex (especially with authentication), I decided to switch to a framework I was more familiar with.
Honestly, I’m feeling a bit relieved about that right now...
@cR0w If you're in a BB program like Hacker1, they are very quick to claim these. Often -1 to +1 day my tooling will.
If your org suffers this often, I do recommend including it within the scope of your BB program*
*First must start a BB program
#Google paid $12 million in bug bounties last year to security researchers
I'm excited to share CVE Crowd's Top 5 Vulnerabilities from February 25!
These five stood out among the 352 CVEs actively discussed across the Fediverse.
For each CVE, I’ve included a standout post from the community.
Enjoy exploring!
