21h ago · 2 min read · https://hackita.it/articoli/hashcat When you capture a hash during a pentest, cracking it quickly can make the difference between a dead end and full domain compromise. Hashcat is the go-to tool for t
Join discussion23h ago · 4 min read · April 18, 2026, started like any other Saturday in crypto until it didn't. At 17:35 UTC, an attacker quietly drained 116,500 rsETH from Kelp DAO's cross-chain bridge. By the time protocols started fre
Join discussion
4d ago · 6 min read · On May 4, 2026, an attacker pulled off one of the more embarrassing incidents in the short history of autonomous AI agents. They manipulated Grok (xAI's chatbot) and Bankrbot (an automated crypto trad
Join discussion
6d ago · 4 min read · Setting up Burp Suite with Android devices or emulators can be annoying, especially on newer Android versions where user-installed certificates are not trusted by many apps by default. There are many
Join discussion
6d ago · 6 min read · Originally published on satyamrastogi.com Cisco patched a DoS flaw in Crosswork Network Controller and NSO requiring manual reboots for recovery. Attack chains orchestration platform downtime into supply chain and OT network paralysis. Cisco Crossw...
Join discussion
Apr 26 · 6 min read · The harmless profile endpoint that taught me how real bugs work Early in my bug bounty journey, I found a bug that looked simple from the outside, but it changed the way I think about web security. At
Join discussion
Apr 26 · 3 min read · In cybersecurity, we often hunt for complex technical bugs. However, some of the most fun vulnerabilities aren’t found in the code's syntax, but in its Business Logic. I discovered a Medium-severity f
Join discussionApr 21 · 8 min read · TL;DR: Got an MCP OAuth proxy to hand me real production access tokens for any user who clicked one link. No fake login page. No cert warning. No MFA bypass. The victim actually signs in at the real S
Join discussion
