Real security is POC||GTFO – and XBOW agrees.
We’re releasing technical deep-dives on cool findings from our journey to the top of the HackerOne US leaderboard.

The first is a zero-day XSS in Palo Alto Networks GlobalProtect by @pwntester https://t.co/9IsjyTewiA pic.twitter.com/QDDZ89yExw

— XBOW (@Xbow) June 24, 2025

XBOW automatically runs expert-level attacks across all webapps, giving security teams unprecedented scale.@XBOW reported 1092 vulnerabilities on HackerOne in just a few months, including RCE, XXE, SQLi, SSRF, exposed secrets, and XSS. pic.twitter.com/Om0ZJrndm9

— XBOW (@Xbow) June 24, 2025

dont keep us in the dark any longer, what happened in April? Did you throw more gpu, more people, or more brain cycles into it? :) Quite some progress!

— Julien Vanegue (@jvanegue) June 24, 2025

We took bug bounty a bit more serious, and spent the time finding and submitting bugs.
Before that, is what just a consequence of findings bugs on OSS software.

— Nico Waisman (@nicowaisman) June 24, 2025

it is unfortunately not free but totally worth it imo, there is also a free course for preview.

I am honestly so happy there is a fun resource to learn this stuff, most uni professors make 0 efforts to make it interesting.https://t.co/SsiPRYoocv

— ℏεsam (@Hesamation) June 23, 2025

2012: Stuxnet was configured to shut down after this date - just over 2 years after the discovery of that version of Stuxnet in June 2010. pic.twitter.com/n19JpUOF0b

— Today In Infosec (@todayininfosec) June 24, 2025

This is still funny and still rings true. pic.twitter.com/kFj2ZSeAyJ

— Kαι (@UnknownBinary) June 24, 2025