kingthorin_rmI wrote a Blog post about combining ZAP with CyberChef.
#AppSec #WebAppSec #BugBountyTips
https://www.zaproxy.org/blog/2026-02-17-encoder-cyberchef-via-scripts/
@zaproxy Released add-ons today:
GraphQL ➡️ Fixes the optional integration with the Tech Detection add-on which had been failing.
OpenAPI ➡️ Re-enables Swagger Secret Detector Script Scan Rule, the JS Engine memory leak has been addressed.
Sam Stepanyan 
🐘#Antgravity - an AI code editor from Google that has access to your entire codebase and terminal had a Remote Code Execution (#RCE) vulnerability - a great find and write-up by @HacktronAI earning them $10k #BugBounty!
#BugBountyTips
👇
TenguConSamuel Cohen's ( @metabugbounty ) presentation at TenguCon 2.0 is now available to watch online!
#TenguCon #InfoSec #tokyo #bugbountytips #Hacking #CyberSecurity
TenguCon 2.0 - Day 1 Keynote: Samuel Cohen, Meta
Hey Fediverse. Can you get @zaproxy to 15k ⭐️?
#OpenSource #DAST #AppSec #WebAppSec #ITSec #CyberSec #PenTest #BugBountyTips
Current Stars 14500
Marduk_James 
Using #owasp tool Amass 5.0.0 for recon. Hope this helps!
https://medium.com/@marduk.i.am/amass-5-0-0-usage-for-recon-8041bc727480
#bugbountytips #bugbounty #CyberSecurity #resonnaissance #EthicalHacking
iShowCybersecurity🛡️The payload contains '|/???/\b**\h,' which is meant to confuse WAF rules. Unusual characters are a common evasion tactic.
image by: win3zz
0xcebathis is your reminder that if you're using Burp for web app testing, you should be using an extension that lets you use variables in your outgoing requests. variables functionality gives you a single place to update credential, token, and identifier values which improves productivity and reduces false positives. there are a few extensions that provide this functionality and I recommend my extension, Burp Variables, which is purpose-built for it: https://github.com/0xceba/burp_variables
#burp #burpsuite #burp_suite #pentesting #pentest #bugbounty #bugbountytips #hacking
