Mr.Niko
@_MrNiko
OSCP+ | OSCP | BSCP | CRTA | ACP | HTB #6 | Red Teamer | Pentester | Security Researcher | CVE-2025-3046 | CVE-2025-6208 | CVE-2025-5472 | CVE-2025-3108
I'm proud to share that I earned a $750 AI/ML bug bounty for discovering CVE-2025-3046, a high-severity (CVSS 7.5) path traversal vulnerability in LLaMA-Index exploitable via symlinks: huntr.com/bounties/90a1f…

Active Directory Audit and exploit Tools github.com/mwrlabs/SharpG… github.com/BloodHoundAD/B… github.com/BloodHoundAD/S… github.com/chryzsh/awesom… github.com/hausec/Bloodho… github.com/CompassSecurit… github.com/knavesec/Max github.com/vletoux/pingca… github.com/cyberark/ACLig……
GIVEAWAY!! 🔥 Hacker Summer 2025 giveaway! We are giving away a total of 2 seats for any of the highly coveted on-demand courses by @AlteredSecurity To participate - Like👍, Repost🔁 and Comment💬 the course/certification name, what makes it useful to you and follow…
✅ Excited to share that I’ve officially passed the OSCP+/OSCP certification!! @offsectraining #OSCP #CyberSecurity #EthicalHacking #OffensiveSecurity #InfoSec #ProfessionalDevelopment


CVE-2025-5472 The JSONReader in run-llama/llama_index versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This vulnerability allows attacke… cve.org/CVERecord?id=C…
CVE-2025-5472 Recursive JSON Parsing Stack Overflow Vulnerability in Llama Index... vulmon.com/vulnerabilityd… Vulnerability Alert Subscriptions: alerts.vulmon.com/?utm_source=tw…
CVE-2025-3108 A critical deserialization vulnerability exists in the run-llama/llama_index library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. Thi… cve.org/CVERecord?id=C…
CVE-2025-3046 A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic link… cve.org/CVERecord?id=C…
Hacker Summer 2025 giveaway! I am giving away a total of 3 seats for any of the highly coveted on-demand courses by @AlteredSecurity To participate - please Repost, Comment the course/certification name, what makes it useful to you and follow @nikhil_mitt and @AlteredSecurity…
🚨 Received a New #CVE 🚨 CVE-2025-3108 - Unsafe Deserialisation in JsonPickleSerializer in LlamaIndex (GPT Index) Severity: Medium (5) Packages: llama_index, llama_index-core Versions: < 0.12.28 huntr.com/bounties/9b55a… #LLMs #redteam #pentesting #BugBounty #infosec

List of Awesome Red Teaming Resources github.com/0xMrNiko/Aweso…
🚨 Received a New #CVE 🚨 CVE-2025-5472 - Denial of Service via JSON Parsing in LlamaIndex (GPT Index) Severity: Medium (6.5) Packages: llama_index, llama_index-core Versions: < 0.12.28 huntr.com/bounties/df187… #LLMs #redteam #pentesting #BugBounty

BSCP (Burp Suite Certified Practitioner) #burpsuitecertified Thank you @PortSwigger !!

🚨 Received a new #CVE CVE-2025-6208 - Uncontrolled Memory Consumption in llama-index (GPT Index) Bounty: 125$ Severity: Medium (5.3) Packages: llama_index, llama_index-core Versions: < 0.12.42 huntr.com/bounties/7d722…

Another launch and giveaway from our sponsors @TheSecOpsGroup ! 🚨 Latest Launch + Win a FREE Exam Chance! 🚨 The all-new Binary Fuzzing & Reversing pentesting exam just dropped and 3 of you can win it for FREE! 🎉 The SecOps Group is back with their latest pentesting exam:…
🚨 𝗡𝗲𝘄 𝗘𝘅𝗮𝗺 𝗔𝗹𝗲𝗿𝘁: 𝗖𝗲𝗿𝘁𝗶𝗳𝗶𝗲𝗱 𝗕𝗶𝗻𝗮𝗿𝘆 𝗙𝘂𝘇𝘇𝗶𝗻𝗴 & 𝗥𝗲𝘃𝗲𝗿𝘀𝗶𝗻𝗴 𝗣𝗿𝗼𝗳𝗲𝘀𝘀𝗶𝗼𝗻𝗮𝗹 (𝗖𝗕𝗙𝗥𝗣𝗿𝗼) 𝗶𝘀 𝗛𝗲𝗿𝗲! 🚨 Introducing the 🆕 𝗖𝗲𝗿𝘁𝗶𝗳𝗶𝗲𝗱 𝗕𝗶𝗻𝗮𝗿𝘆 𝗙𝘂𝘇𝘇𝗶𝗻𝗴 & 𝗥𝗲𝘃𝗲𝗿𝘀𝗶𝗻𝗴 𝗣𝗿𝗼𝗳𝗲𝘀𝘀𝗶𝗼𝗻𝗮𝗹…
🚨 OSCP GIVEAWAY ALERT🚨 We’re giving away 3 OSCP vouchers to supercharge your pentesting journey – proudly sponsored by @offsectraining ! 💥🙌 To enter: 1.✅ Follow Us 2.🔁 Retweet this post 3.❤️ Like this post 4.💬 Reply with your funniest cybersecurity meme 🎯 We’ll pick 3…
Diving deep into fuzzing TLS extensions - pushing boundaries with unexpected inputs to uncover hidden quirks and crashes. Fuzz smarter, not harder. 🔍 #fuzzing #security #bughunt #infosec #openssl