Goal: Quickly locate GitHub Actions workflow exposures / misconfigs inside a specific Bug Bounty program org (GitHub search, code search, and dorks). Assume target org: ORG_NAME.

org:ORG_NAME path:.github/workflows language:YAML

This technical brief details the implementation of a Cgroup v2 eBPF device controller bypass. This method leverages the bpf() system call to detach the security programs governing device access.

First, locate the specific Cgroup v2 mount point for the current process. This is the filesystem target from which we will detach the eBPF programs.

A few weeks ago, I came across an interesting security vulnerability inside Google Cloud Shell. While analyzing how Cloud Shell Editor (Code OSS) loads projects, I observed that simply opening a specially crafted project within the editor triggers silent and automatic code execution. The user doesn't need to type any commands, or run any tasks manually. Simply open the project and the payload will be executed.

The root cause was that many components/processes executes inside the Cloud Shell Editor during workspace load. Tools like the Gradle language server, the Clang language server, and the VS Code tasks system evaluate config files or build scripts as soon as the folder is opened. This seems simple in a normal development workflow, but it breaks a very basic assumption/principle we all rely on: cloning a repo or opening a project in an editor will never execute a command without user action.

I understood this behavior, the attack scenario was

Many applications use inconsistent or custom parameter names to handle post-logout redirection, and this is where open redirect, forced navigation, and privilege-related issues often hide. Whenever you encounter a /logout, /signout, /endSession, or similar endpoint — fuzz it with this list.

Burp Intruder / Turbo Intruder

/logout?§PARAM§=https://attacker.com

Google Colab (short for Colaboratory) is a powerful, browser-based platform that allows you to write and execute Python code with zero configuration.

At its core, Colab operates through Notebooks, where you can run code cells independently. Gain free access to powerful GPUs (like the T4) and TPUs, making it ideal for training heavy deep learning models. Read more at https://research.google.com/colaboratory/faq.html

1. Web: Visit https://colab.research.google.com/ and sign in with your Google account.
2. Google Drive: Right-click in any folder, select More, and choose Google Colaboratory to create a new notebook.

ReconX is an end-to-end automated external security assessment framework designed for professional penetration testers, bug bounty hunters, and enterprise red teams. It performs deep recon, enumeration, vulnerability scanning, OSINT, exposure discovery, and reporting across multiple targets at scale.

• Automated subdomain enumeration

An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafted HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function. Exploitation requires the existence of a Server Function which explicitly or implicitly exposes a stringified argument.