-
Tweets239
-
Followers3K
-
Following219
-
Likes2K
New Google VRP writeup "XSS in Google IDX Workstation" for a bounty of $22,500 by @sudhanshur705: sudistark.github.io/2025/07/02/idx…
@GoogleVRP disclosed my most impactful client-side report to date: bughunters.google.com/reports/vrp/wG… TL;DR An attacker could've gained access to Gemini Code Assist Tools (GitLab, GitHub etc.) configured by the victim
"AI Agents for Offsec with Zero False Positives" by @moyix, a journey on how we managed to get 0 FPs with XBOW. You can find the slides for his BH talk here: cdn.prod.website-files.com/686c11d5bee015…
An Introduction to using Artificial Intelligence (AI) for Vulnerability Research x.com/i/broadcasts/1…
🚨HTTP Request Smuggling in lua-nginx-module!🚨 This affects major proxies like Kong GW, OpenResty, Apache APISIX and many more👀 Check it out: benasin.space/2025/03/18/Ope… Big thanks to @albinowax for his awesome research and for answering all my questions! #bugbounty #bugbountytips
❌ Eliminating almost all exploitable web vulnerabilities? This blog post covers how the Google security team implemented a high-assurance web framework to achieve this goal for its services, and what this framework's most important characteristics are. bughunters.google.com/blog/664431627…
Write-up of my v8 bug: Critical type confusion in V8's Turboshaft compiler allowed stale pointers to bypass GC, leading to exploitable memory corruption. Full details + PoC: bushido-sec.com/index.php/2025…
It's an honor that my research, Exploiting Number Parsers in JS, has been nominated for the Top Ten Web Hacking Techniques of 2024. I discussed how discrepancies in JS number parsers could be used to carry out DoS attacks. If you find it interesting, please vote for it!
It's an honor that my research, Exploiting Number Parsers in JS, has been nominated for the Top Ten Web Hacking Techniques of 2024. I discussed how discrepancies in JS number parsers could be used to carry out DoS attacks. If you find it interesting, please vote for it!
Just discovered 10 memory corruption vulnerabilities in the popular Mongoose Web Server (11k stars on GitHub) by fuzzing its embedded TLS stack protocol with @aflplusplus. More technical details here: nozominetworks.com/blog/hunting-t…
There is no prize to perfection, only an end to pursuit
Released a new extension :) - console.info for postMessages from all_frames. - detects the scope of sent messages. - origins that are insecure, will be prefixed with UNSAFE. - detects if a website does not check .origin - MessageChannel API chrome.google.com/webstore/detai…
Awesome research!🔥
I created a small tool to automatically set breakpoints in Chrome using the CDP (Chrome DevTools Protocol). It’s still in beta, but I’m actively working on a complete version.. github.com/m4ll0k/autobre…
Here's a code snippet that as far as I can tell pretty much solves prototype pollution. It's based on github.com/tc39/proposal-…, and after running it you can access an object's prototype with object[Symbol.instanceProto], and object["__proto__"] will be undefined.
Project Zero blog: LLMs find 0days now! 👀 And: our fuzzer setup did *not* reproduce it! googleprojectzero.blogspot.com/2024/10/from-n…
I have updated the list of custom filters for Logger++. The new additions include: . New API Style (gRPC-Web) . Improved previous filters . Exposed API keys custom filters . New filters for API vulnerabilities github.com/bnematzadeh/Lo…
Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! blog.orange.tw/2024/08/confus… Highlights include: ⚡ Escaping from DocumentRoot to System Root ⚡ Bypassing built-in ACL/Auth with just a '?' ⚡ Turning XSS into RCE with legacy code…
#TypeScript Remote Procedure Call (tRPC) Security Research: Hunting for Vulnerabilities in Modern APIs, a nice read from @LogicalHunter: medium.com/@LogicalHunter… Vulnerable tRPC playground: github.com/bnematzadeh/tr…

Md Ismail Šojal �... @0x0SojalSec
31K Followers 5K Following Cyber_Security_Re-searcher || 0SINT || Malware Analysis II Pwn || Ai Re-searcher || Project @AIStrikeSec || 0ld Accounts Suspended @0xSojalSec ||
Reza Sharifzade @safe_mode01
2K Followers 140 Following Security Researcher| bug hunter | redTeamer Instagram: PentesterLand
Nicolas Krassas @Dinosn
147K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3
amirpayamani @amirpayamani
2K Followers 2K Following Cyber security engineer🕸️Penetration tester🕷️Bug hunter
Esmaeil Rahimian @H_Mosafer
3K Followers 562 Following hack into my DNA :) Who am I? DevSecOps Engineer,PenTester,Security researcher,BugHunter(Sometimes) 🇦🇪🇮🇷
محمدامین کر... @kariman_ma
819 Followers 599 Following هر چیز که در جستن آنی آنی ... https://t.co/yth3uFNcwO
Sina @_SecurityAttack
4K Followers 549 Following BugHuntingPentest!! Jump 0x90 - Graduated in software engineering & Loves computer security Research
Fat @fattselimi
16K Followers 9K Following Chasing Positive vibes only & Ethical Hacking for fun and profit🧑🍳
seyyid @__seyyid__
956 Followers 550 Following #تبریز Kazanan hiç olmadı hayat oyununda مثلا اکانت شخصیمه https://t.co/H11NBhIs5r https://t.co/jd0zgnyo2r
BUZZLE @buzz11e
2 Followers 169 Following
Lyiow @LyiowGhnd
2 Followers 51 Following
Liam @bitcrawler
3 Followers 36 Following
Behnam Sh @behnamshirin76
2 Followers 75 Following
Mike Ehrmantraut @kamalgara2v
0 Followers 2K Following
javad javadi @javadi1871
2 Followers 98 Following
Sobhan @RetR0nuLL
4 Followers 140 Following 🐞 Bug hunter | 🕶 Security through curiosity| 🔍 Always watching the source
MFarhadzade @MFarhadzade_
8 Followers 249 Following ۳۴ ساله٬ارشد نرم افزار خوندم،مشاور امنیت سایبری٬ هکر و برنامه نویس بازنشسته٬علاقمند به هوش مصنوعی و یادگیری علم اقتصاد و مدیریت٬ کوله بدوش ایران ↔️ ترکیه
Darren @dabear1981
165 Followers 1K Following
elFamoso @0xf2258f_fr
322 Followers 8K Following AI/ML Consultant & MLOps | NIS2, EBIOS RM, NIST CSF, RGPD, ISO 27001 | Advisory, Dev & Delivery NetHunter :: Security Analyst & Developer Build&Break Things
Mostafa @khodam_midonam2
37 Followers 54 Following
Amin Arab @AminArabBH
0 Followers 50 Following Where others go shallow, i go deep | Network Pentester
jr hunder @harleyquin69690
2 Followers 160 Following
jafar @jafar93504878
15 Followers 58 Following
0b1d1 @_0b1d1
26K Followers 825 Following pwn ⚔️ | r3d t34m 🎯 | bug hunt (soon™) 🐞 | r4nd0m r3d guy 🔴 | scribbles → https://t.co/TS9EGo4UI7 | boxes → https://t.co/oq0WyNLZ6C
Just Call Me Amin @maximusixcode
129 Followers 895 Following
UPVEX @UPVEX_
18 Followers 163 Following Bug hunter 🐞 | Backend Django dev 💻 | Software Engineering student 🎓 | Gaming enthusiast 🎮
Selina @Patrici13367677
921 Followers 5K Following Not to please the world, not to judge right and wrong. Just be yourself.
Amir @Am1r_M8
0 Followers 23 Following
محمد صالح ت�... @twad_y10985
1 Followers 59 Following
cryptominer2000 @cryptomine35634
0 Followers 167 Following
Rohan Kumar Mandal @mandalrohan798
14 Followers 1K Following
outis @outisalive
1 Followers 36 Following
Parham @23X0R
1 Followers 80 Following
negin @negin1372n
60 Followers 221 Following
dariush @dariush_2026e
39 Followers 1K Following 🖤یاور از ره رسیده با من از ایران بگو🖤 درود بی کران بر شما مهربانو و مهربان آریایی خوش آمدید سپاس برای همراهی ما به پاس آمدن شما از جای خود بر می خیزیم
Mhdy @mhdy3p
21 Followers 89 Following
Gb @Dividerone
2 Followers 49 Following
Glum @_M03ta4a
319 Followers 348 Following
Alone @Night_saw01
0 Followers 34 Following
Saeed @Saeed1572194
0 Followers 7 Following
Erfan @Erfix_Hunter
208 Followers 89 Following
Ben Sadeghipour @NahamSec
235K Followers 1K Following Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
Intigriti @intigriti
195K Followers 657 Following Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
Reza Sharifzade @safe_mode01
2K Followers 140 Following Security Researcher| bug hunter | redTeamer Instagram: PentesterLand
InfoSec Community @InfoSecComm
52K Followers 635 Following Largest InfoSec publication with 62,000+ followers and 1M+ monthly views.
Nicolas Krassas @Dinosn
147K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3
payloadartist @payloadartist
43K Followers 284 Following Yapping about AI, AppSec, Hacking, & Cybersecurity • Helped secure organizations like Google • Opinions are my cat's • Part-time shitposter
JS0N Haddix @Jhaddix
167K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. Cybersecurity + Hacking + AI + Sec Leadership @arcanuminfosec
ReconOne @ReconOne_bk
20K Followers 54 Following Tweet about Bug Bounty, Recon, Recon Tips and Attack Surface Management.
The Bug Bounty Hunter @tbbhunter
47K Followers 0 Following Promotions or business ✉️[email protected]
Bug Bounty Reports Ex... @gregxsunday
53K Followers 616 Following Grzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.
Esmaeil Rahimian @H_Mosafer
3K Followers 562 Following hack into my DNA :) Who am I? DevSecOps Engineer,PenTester,Security researcher,BugHunter(Sometimes) 🇦🇪🇮🇷
محمدامین کر... @kariman_ma
819 Followers 599 Following هر چیز که در جستن آنی آنی ... https://t.co/yth3uFNcwO
Sina @_SecurityAttack
4K Followers 549 Following BugHuntingPentest!! Jump 0x90 - Graduated in software engineering & Loves computer security Research
PortSwigger Research @PortSwiggerRes
112K Followers 7 Following Web security research from the team at @PortSwigger
Gareth Heyes \u2028 @garethheyes
37K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
STÖK ✌️ @stokfredrik
135K Followers 1K Following Hi.. im that hacker / creative that your friends told you about., 💫🔮
James Kettle @albinowax
79K Followers 94 Following Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
seyyid @__seyyid__
956 Followers 550 Following #تبریز Kazanan hiç olmadı hayat oyununda مثلا اکانت شخصیمه https://t.co/H11NBhIs5r https://t.co/jd0zgnyo2r
مین @mobiinaraki
7K Followers 255 Following
نیک @nfnicknf
2K Followers 251 Following
0b1d1 @_0b1d1
26K Followers 825 Following pwn ⚔️ | r3d t34m 🎯 | bug hunt (soon™) 🐞 | r4nd0m r3d guy 🔴 | scribbles → https://t.co/TS9EGo4UI7 | boxes → https://t.co/oq0WyNLZ6C
sep @itssepiiideh
4K Followers 370 Following
parniyan @Parniynjf
2K Followers 182 Following
Pedro Ribeiro @pedrib1337
9K Followers 317 Following Reverse Engineer | Director @ https://t.co/KuU3tiG1Om | Exploit Chef @FlashbackPwn
Stephen Sims @Steph3nSims
24K Followers 833 Following Perpetual Student | SANS Fellow | Musician | Braggart Hater | Gray Hat Hacking | VR | 🏂 | deadcode | https://t.co/CadJehomsU
Project Zero Bugs @ProjectZeroBugs
35K Followers 0 Following A bot that posts the latest blog posts and disclosures from Google's Project Zero
zh1x1an1221 @zh1x1an1221
935 Followers 307 Following Bug bounty hunter | 2024 Top 20 Chrome VRP Researcher|Web3 smart contract auditor | prev Ant Security Tianqiong Light-Year Lab
Brad Schlintz @nmdhkr
320 Followers 376 Following Traveler, security researcher, software engineer. Microsoft MVR 2025 (5th) and 2024 (19th).
jtriley2p @jtriley2p
11K Followers 319 Following liberate the source code, liberate the people https://t.co/8nnw8HeRWT https://t.co/uH7rN6S9Bw https://t.co/IGfqS6Ug6h https://t.co/vTWtq8OYDt
Sathish @SathishOFC
59 Followers 146 Following 🏆Top Security Researcher in Microsoft Q1 2022,Q4 2023,Q1 2024 🔍 | CEH V12 | Bug Hunter🐛 | Security Engineer 👨💻 | Safeguarded Microsoft, Apple, Lenovo ,Etc
Alisa Esage Шевч�... @alisaesage
38K Followers 101 Following Independent Hacker, Sovereign Builder, Solo Business Owner • @zerodaytraining • Pronounced ‘is edge’
Slavcheww @Slavcheww
2K Followers 311 Following @SBSecurity_ 🥷 Help Web3 protocols with Expert Auditing 🤝
phoen1xxx @phoen16xxx
247 Followers 75 Following VR at https://t.co/wxJnbWKni1 Captain of ctf team LCD.
Kévin GERVOT (Mizu) @kevin_mizu
6K Followers 756 Following Researcher for @ctbbpodcast lab 🐛 | DOMLogger++ developer 👨🏻💻 | CTF with @FlatNetworkOrg, @rhackgondins 🦦 | @ECSC_TeamFrance 2023 🇫🇷
Zero Day Engineering @zerodaytraining
8K Followers 1 Following State-of-the-Art Vulnerability Research & Training • @alisaesage
Liran Tal @liran_tal
13K Followers 1K Following 🧠 MCP 🍩 Socially Engineering LLM 🤖 Hacking AI Agents 🦄 Node.js Secure Coding 🌟 @GitHub Star 🏅 @OpenJS Pathfinder award for Security 🥑 DevRel @snyksec
Matan Berson @MtnBer
4K Followers 270 Following Hacker and bug bounty hunter mostly focusing on client-side security. h1-702 Vigilante, h1-65 Eliminator, AWC23 Best New Hacker
dmnk.bsky.social @domenuk
5K Followers 512 Following 【DΞCOMPILΞ NΣVΞR】 Android Red Team @google Fuzzing @aflplusplus CTF @enoflag (opinions my own)
tonghuaroot @tonghuaroot
452 Followers 3K Following Staff Security Engineer. Cyber Security enthusiast, not Hacker. Focus on Application Security, Penetration testing. #OSCP #OSEP #RedTeam #AppSec #WebSec
Thomas Rinsma @thomasrinsma
1K Followers 318 Following Looking for strange loops and weird machines. Lead security analyst @CodeanIO.
Clint Gibler @clintgibler
22K Followers 563 Following 🗡️ Head of Security Research @semgrep 📚 Creator of https://t.co/xwtIAI0CuJ newsletter
Mohammad Abedini @MMD_Abedinii
23 Followers 87 Following
mahdiRostami @0xmahdirostami
879 Followers 388 Following Master's degree in machine learning. Focused on web3 Security. Rank #1 @hatsfinance . Security auditor @accretion_xyz
XBOW @Xbow
10K Followers 6 Following Bringing AI to offensive security by autonomously finding and exploiting web vulnerabilities. Watch XBOW hack things: https://t.co/D5Mco1u8zM
Ali Yousefi @Mr_AliYousefi
62 Followers 57 Following 🇺🇸🇮🇷🇹🇷🇫🇷🇩🇪🇦🇪 Everyone has weaknesses, but I'm not everyone ………………………..Run 🏃♂️🤣
Trend Zero Day Initia... @thezdi
83K Followers 16 Following Trend Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
SSD Secure Disclosure @SecuriTeam_SSD
24K Followers 2 Following SSD provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. [email protected]