43962
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Apple Developer Stored XSS — $5,000 Bounty | Writeup 2025
ZombieHack/apple-developer-stored-xss-5-000-bounty-writeup-2025-cc34a030a5bf" rel="nofollow">https://medium.com/@ZombieHack/apple-developer-stored-xss-5-000-bounty-writeup-2025-cc34a030a5bf
Sonar launches integration program to unify code governance across the SDLC
https://www.sonarsource.com/blog/sonar-launches-integration-program/
An Evening with Claude (Code) - SpecterOps
https://specterops.io/blog/2025/11/21/an-evening-with-claude-code/
Constant-time support lands in LLVM: Protecting cryptographic code at the compiler level
https://blog.trailofbits.com/2025/11/25/constant-time-support-lands-in-llvm-protecting-cryptographic-code-at-the-compiler-level/
Understanding signal-to-noise for vulnerability management success
https://www.intigriti.com/blog/business-insights/understanding-signal-to-noise-for-vulnerability-management-success
Sonar honored in Fast Company
https://www.sonarsource.com/blog/sonar-honored-in-fast-company-next-big-things-in-tech/
From Token to Takeover: Exploiting Weak HS256 Secrets (POC)
1998satheesh/from-token-to-takeover-exploiting-weak-hs256-secrets-poc-c53afb9a75a0" rel="nofollow">https://medium.com/@1998satheesh/from-token-to-takeover-exploiting-weak-hs256-secrets-poc-c53afb9a75a0
Android Quick Share Support for AirDrop: A Secure Approach to Cross-Platform File Sharing
http://security.googleblog.com/2025/11/android-quick-share-support-for-airdrop-security.html
SupaPwn: Hacking Our Way into Lovable
https://www.hacktron.ai/blog/supapwn
We found cryptography bugs in the elliptic library using Wycheproof
https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/
Securing GitHub Actions With SonarQube: Real-World Examples
https://www.sonarsource.com/blog/securing-github-actions-with-sonarqube-real-world-examples/
Level up your Solidity LLM tooling with Slither-MCP
https://blog.trailofbits.com/2025/11/15/level-up-your-solidity-llm-tooling-with-slither-mcp/
Release v3.5.0 · projectdiscovery/nuclei
https://github.com/projectdiscovery/nuclei/releases/tag/v3.5.0
How we avoided side-channels in our new post-quantum Go cryptography libraries
https://blog.trailofbits.com/2025/11/14/how-we-avoided-side-channels-in-our-new-post-quantum-go-cryptography-libraries/
SonarQube Named a Leader and Fast Mover in GigaOm
https://www.sonarsource.com/blog/sonarqube-named-leader-in-gigaom-application-security-testing/
How to Research & Reverse Web Vulnerabilities 101 — ProjectDiscovery Blog
https://projectdiscovery.io/blog/how-to-research-web-vulnerabilities
November CTF Challenge: Exploiting JWT vulnerabilities to achieve RCE
https://www.intigriti.com/researchers/blog/hacking-tools/november-ctf-challenge-exploiting-jwt-vulnerabilities
🔥 Intigriti Challenge 1125 — JWT Confusion to SSTI → RCE (My Fastest CTF Solve Ever)
https://savi0r.medium.com/intigriti-challenge-1125-jwt-confusion-to-ssti-rce-my-fastest-ctf-solve-ever-43d43df4182c
Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)
https://labs.watchtowr.com/stop-putting-your-passwords-into-random-websites-yes-seriously-you-are-the-problem/
Announcing SonarSweep: Improving training data quality for coding LLMs
https://www.sonarsource.com/blog/announcing-sonarsweep-improving-training-data-quality-for-coding-llms/
Intigriti Bug Bytes #230 - November 2025 🚀
https://www.intigriti.com/researchers/blog/bug-bytes/intigriti-bug-bytes-230-november-2025
Securing GitHub Actions With SonarQube: Real-World Examples
https://www.sonarsource.com/blog/securing-github-actions-with-sonarqube-real-world-examples/
Black Friday and Cyber Monday price distortion identification
https://www.intigriti.com/blog/business-insights/black-friday-and-cyber-monday-price-distortion-identification
Securing GitHub Actions With SonarQube: Real-World Examples
https://www.sonarsource.com/blog/securing-github-actions-with-sonarqube-real-world-examples/
Intigriti wins ‘Security Innovation of the Year’ at the 2025 UK IT Industry Awards
https://www.intigriti.com/blog/awards/intigriti-wins-security-innovation-of-the-year-at-the-2025-uk-it-industry-awards
Flutter SSL Bypass: How to Intercept HTTPS Traffic When all other Frida Scripts Fail
https://m4kr0x.medium.com/flutter-tls-bypass-how-to-intercept-https-traffic-when-all-other-frida-scripts-fail-bd3d04489088
When The Impersonation Function Gets Used To Impersonate Users (Fortinet FortiWeb Auth. Bypass CVE-2025-64446)
https://labs.watchtowr.com/when-the-impersonation-function-gets-used-to-impersonate-users-fortinet-fortiweb-auth-bypass/
Hacking with Burp AI in the Chesspocalypse: API expert Corey Ball showcases how Burp AI can support pentesters.
https://portswigger.net/blog/hacking-with-burp-ai-in-the-chesspocalypse-api-expert-corey-ball-showcases-how-burp-ai-can-support-pentesters
Injection for an athlete
https://swarm.ptsecurity.com/injection-for-an-athlete/
Rust in Android: move fast and fix things
http://security.googleblog.com/2025/11/rust-in-android-move-fast-fix-things.html