Spent half the night chasing a weird auth bug…turns out someone rotated the API key during your test window. #bugbounty

pentests feel like chess, bug bounties feel like dumpster diving. #bugbounty

why do all staging servers have cooler bugs than prod? #bugbounty

Track deployments and changelogs. Subscribe to status pages, RSS feeds, or GitHub commits. New code means fresh attack surface before defenders patch. #BugBounty

red team writes poetry with payloads, blue team answers with firewalls. #infosec

prompt injection is just sql injection for robots. #bugbounty #AIsecurity

The scariest zero-day isn’t in code—it’s the coworker who clicks “Enable Macros” before finishing their morning coffee. #infosec

BREAKING: xAI Shatters All Records with $20 Billion Funding Round. #xAI has just made history by securing the largest funding round ever recorded. xAI is building #Colossus. A supercomputer of unprecedented scale designed to train their AI assistant Grok.

OpenAI introduces Health mode. You can now upload your lab results and get instant, easy-to-understand breakdowns of what those numbers actually mean. #openai #medicalAI #health #ai

Bug bounty reality: 3 days of recon, 2 days of exploitation, and a $0 “duplicate” payout in 3 seconds. #BugBounty

If you're running n8n in production, treat this as a top priority emergency patch. Your automation security depends on it. #n8n #CyberSecurity #SecurityAlert #WorkflowAutomation #CriticalUpdate #InfoSec #TechNews #SecurityPatch #Automation #DevOps

AI godfather Yann LeCun just quit Meta amid fury over Zuck’s $14B bet on a 28-year-old to chase LLM “superintelligence.” He calls LLMs a total dead end, slams faked benchmarks, and is launching his own startup for real world-model AI. #AI #TechNews #MachineLearning #BigTech

study put 100 writers in a room with AI brainstorming partners. everyone loved it. felt creative. scores went up. then they put the stories next to each other. one story. a hundred bylines.

Tesla’s Kubernetes Breach (2018) – Hackers found an unsecured Kubernetes console running Tesla’s cloud. They quietly mined cryptocurrency on Tesla’s dime while using a custom mining pool to avoid detection. #Hackers

Palo Alto Networks CISO: AI agents are 2026’s ultimate insider threat. One sneaky prompt injection turns your trusted autonomous bot into a hacker’s puppet. It quietly steals data, deletes backups, or worse. Defenders are scrambling as agents multiply. #CyberSecurity #AI #AIAgents #InfoSec

Leading AI safety expert warns: We might run out of time to build safeguards before AI self-improves out of control. David Dalrymple says AI could automate full days of R&D by late 2026. That kicks off runaway acceleration. Safety work can’t keep up—economic chaos could follow fast.

Finally got around to reading this one and, it's not great. Mostly it's frustrating to see how the muddled logic and motivated reasoning of Yoshua Bengio & co make it hard for journalists to get and convey a clear understanding. www.nationalgeographic.com/science/arti... Short 🧵>>

blue teamers don’t get enough credit for the whack-a-mole game they play daily. #cybersecurity

don’t compare your chapter one to someone else’s chapter twenty. #cybersecurity

Cybersecurity billionaire calls for limiting the First Amendment to “control” social media. Israeli tech mogul Shlomo Kramer wants governments to restrict free speech online. He says we must seize platforms and dictate what’s said. #FreeSpeech #Cybersecurity #Censorship #Tech

don’t worry if you’re not moving fast. recon rewards patience. #osint #hacking

the amount of notes i take just to rediscover the same endpoints later… #bugbounty

Big tech billionaires are bragging that AI and robots will wipe out every job on the planet, making work a hobby for the bored. You’ve got Musk and Gates up on their soapboxes declaring victory: machines will handle everything, humans kick back and… do what, exactly?

OpenAI Is ‘Definitely Not’ Too Big to Fail, Economist Says similarities between the current AI boom and the dot-com era, and believes the economy can weather the AI bubble bursting, if and when that happens. #artificialintelligence #AI #dotcom #bubble #economy #technology #tech #openai #chatgpt

🚀 **Big news!** Meta just acquired AI startup Manus for over $2 billion! Known for their unique task automation technology, they're set to revolutionize AI in our daily lives. 💡🤖 What do you think this means for the future of work? #AI #TechNews #MetaMagic LINK

#Meta just bought #Manus, an #AI #startup everyone has been talking about | @TechCrunch.com ift.tt/pj4JVze #Facebook #tech #TechTuesday

1 in 5 data breaches now trace back to employees voluntarily pasting company secrets into #AI #chatbots. you didn't get hacked. your people VOLUNTEERED.

Before you pop a box, you pop a scan. Wide → deep → focused recon. That’s the playbook for finding the weird staging site or dusty API everyone forgot. The bounties start here: www.toxsec.com/p/web-enum #bugbounty #cybersecurity

researchers found #Copilot can reproduce secrets it learned from training data. API keys. #credentials. the model MEMORIZED them because someone fed it the answer key. your #engineer pastes code to debug it. code lands on third-party servers... www.toxsec.com/p/the-volunt...

DeepMind’s Gemini 3 Flash blitzes math/coding comps, while OpenAI rolls out GPT-5.2, Codex upgrades, ChatGPT app stores & major partnerships. 2026 is set for an AI-powered leap. #AI #TechNews

The AI industry is facing its biggest legal battle yet. Six major tech companies including OpenAI and Google are being sued by authors who claim their AI models were trained on massive libraries of pirated books without permission or payment.

Jensen Huang just dropped $20 billion cash to buy the one company that could hurt him in inference. On Christmas Eve. Because why wait to gift-wrap a monopoly.

CNAME records still hold value. When AWS buckets, GitHub Pages, or Azure blobs are retired but DNS persists, you can claim the domain. Quickly scout, confirm ownership, and collect rewards. Check out the guide: www.toxsec.com/p/subdomain-... #CyberSecurity #BugBounty

Your Smart Contract Just Got Mugged by a Bot The latest #ThreatsDay bulletin is a bloodbath of "I told you so." Anthropic’s Red Team just watched #Claude and GPT-5 hunt down zero-days in blockchain code and craft exploits that could’ve cleared out millions in digital assets.

Old Man #Bernie Screams at Clouds (And Data Centers) Bernie took to #CNN to remind us that while billionaires are busy building digital gods for profit, you’re just the guy footing the bill for their massive energy hikes.

CNAME records still hold value. When AWS buckets, GitHub Pages, or Azure blobs are retired but DNS persists, you can claim the domain. Quickly scout, confirm ownership, and collect rewards. Check out the guide: www.toxsec.com/p/subdomain-... #CyberSecurity #BugBounty

red team: “click this link.” blue team: “please don’t click this link.” #infosec

The toughest walls usually have the biggest cracks. keep poking. #hacking #bugbounty

Jensen Huang just dropped $20 billion cash to buy the one company that could hurt him in inference. On Christmas Eve. Because why wait to gift-wrap a monopoly.

Project Raven Box (1970s) – Underground builders sold custom “black boxes” that simulated coin tones, letting phreakers make free pay-phone calls worldwide until Bell finally changed its signaling. #Hackers

The AI industry is facing its biggest legal battle yet. Six major tech companies including OpenAI and Google are being sued by authors who claim their AI models were trained on massive libraries of pirated books without permission or payment.

🇺🇸 Trump launches “US Tech Force” — hiring THOUSANDS of AI experts to dominate China! 💪
Partnering with Google, OpenAI, Nvidia & more. Salaries up to $200K, no degree needed.
America fighting back in the global AI war. Game changer?
#AITalent #TrumpAI

NIST releases draft Cyber AI Profile to guide secure AI adoption using the Cybersecurity Framework. The new resource helps organizations map AI risks to existing security controls, covering system protection, AI-enabled defenses, and countermeasures against AI-powered attacks.

Two inches of electrical tape on a speed limit sign. Tesla accelerated to 85 in a 35 zone. The most advanced #AI systems on the road, defeated by office supplies.

NIST releases draft Cyber AI Profile to guide secure AI adoption using the Cybersecurity Framework. The new resource helps organizations map AI risks to existing security controls, covering system protection, AI-enabled defenses, and countermeasures against AI-powered attacks.

#Gemini 3 #Flash is crushing #benchmarks. 78% on SWE-bench. The lab boys tell me that’s good. I told them I don’t pay them to tell me things are “good,” I pay them to make things that don’t explode. Point is: reasoning, multimodality, coding, agents. Fraction of the cost.

gotta love MCP!

Method override split-brain. Cache thinks GET, app treats POST: X-HTTP-Method-Override: GET Great place to look for leaks/poisoning. Playbook: toxsec.com/p/web-cache-poisoning #BugBounty #AppSec #HTTP

Delve into the hidden insights error notifications can provide. Detailed stack traces, database faults, and debug indicators might expose table names or internal paths. Test edge cases like long strings or malformed JSON for vulnerabilities. #CyberSecurity #InfoSec

Iran-linked hackers claiming they’ve doxxed Israeli drone engineers? Cyber threats are getting personal and geopolitical. Reminder: nation-state actors don’t play by the same rules as script kiddies. Stay vigilant out there. 🔒 #CyberSecurity #InfoSec