43962
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Building checksec without boundaries with Checksec Anywhere
https://blog.trailofbits.com/2025/11/13/building-checksec-without-boundaries-with-checksec-anywhere/
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101)
https://labs.watchtowr.com/is-it-citrixbleed4-well-no-is-it-good-also-no-citrix-netscalers-memory-leak-rxss-cve-2025-12101/
Introducing HTTP Anomaly Rank
https://portswigger.net/research/introducing-http-anomaly-rank
Assessing the Attack Surface of Remote MCP Servers
https://blog.kulkan.com/assessing-the-attack-surface-of-remote-mcp-servers-92d630a0cab0
Announcing SonarQube MCP Server: Bringing code quality into your AI workflow
https://www.sonarsource.com/blog/announcing-sonarqube-mcp-server/
Balancer hack analysis and guidance for the DeFi ecosystem
https://blog.trailofbits.com/2025/11/07/balancer-hack-analysis-and-guidance-for-the-defi-ecosystem/
Introducing native Jira Cloud integration for SonarQube Cloud
https://www.sonarsource.com/blog/introducing-native-jira-cloud-integration-for-sonarqube-cloud/
Introducing native Jira Cloud integration for SonarQube Cloud
https://www.sonarsource.com/blog/introducing-native-jira-cloud-integration-for-sonarqube-cloud/
Introducing native Jira Cloud integration for SonarQube Cloud
https://www.sonarsource.com/blog/introducing-native-jira-cloud-integration-for-sonarqube-cloud/
Release v3.4.7 · projectdiscovery/nuclei
https://github.com/projectdiscovery/nuclei/releases/tag/v3.4.7
Introducing Credential Monitoring — ProjectDiscovery Blog
https://projectdiscovery.io/blog/leaked-credential-monitoring
Release v3.4.8 · projectdiscovery/nuclei
https://github.com/projectdiscovery/nuclei/releases/tag/v3.4.8
Infrastructure Collapse: How a Forgotten Folder in Coca-Cola’s Network Exposed Critical…
https://medium.com/legionhunters/infrastructure-collapse-how-a-forgotten-folder-in-coca-colas-network-exposed-critical-a4d9dc1ab8a6
Firebase Security Fundamentals
https://projectblack.io/blog/firebase-security-fundamentals/
CVE-2025-52665 - RCE in Unifi Access ($25,000)
https://www.catchify.sa/post/cve-2025-52665-rce-in-unifi-os-25-000
Critical: Remote Code Execution via Malicious Obfuscated Malware in Imunify360 AV (AI-bolit)
https://patchstack.com/articles/remote-code-execution-vulnerability-found-in-imunify360/
SonarQube Named a Leader and Fast Mover in GigaOm
https://www.sonarsource.com/blog/sonarqube-named-leader-in-gigaom-application-security-testing/
Hunting for DOM-based XSS vulnerabilities: A complete guide
https://www.intigriti.com/researchers/blog/hacking-tools/exploiting-dom-based-xss-vulnerabilities
How I Found the Worst ASP.NET Vulnerability — A $10K Bug (CVE-2025-55315)
https://www.praetorian.com/blog/how-i-found-the-worst-asp-net-vulnerability-a-10k-bug-cve-2025-55315/
Announcing SonarQube MCP Server: Bringing code quality into your AI workflow
https://www.sonarsource.com/blog/announcing-sonarqube-mcp-server/
How Android provides the most effective protection to keep you safe from mobile scams
http://security.googleblog.com/2025/10/how-android-protects-you-from-scams.html
Practical Android Pentesting: A Case Study on TikTok RCE
https://dphoeniixx.medium.com/practical-android-pentesting-a-case-study-on-tiktok-rce-4a82e79cc7c6
Release v3.4.10 · projectdiscovery/nuclei
https://github.com/projectdiscovery/nuclei/releases/tag/v3.4.10
Release v3.4.9 · projectdiscovery/nuclei
https://github.com/projectdiscovery/nuclei/releases/tag/v3.4.9
Release v3.4.6 · projectdiscovery/nuclei
https://github.com/projectdiscovery/nuclei/releases/tag/v3.4.6
Exploiting JWT Vulnerabilities: Advanced Exploitation Guide
https://www.intigriti.com/researchers/blog/hacking-tools/exploiting-jwt-vulnerabilities
At the forefront of ethical hacking: What’s Intigriti’s impact and position?
https://www.intigriti.com/blog/business-insights/at-the-forefront-of-ethical-hacking-what-s-intigriti-s-impact-and-position
What’s That Coming Over The Hill? (Monsta FTP Remote Code Execution CVE-2025-34299)
https://labs.watchtowr.com/whats-that-coming-over-the-hill-monsta-ftp-remote-code-execution-cve-2025-34299/
How James Kettle's Desync Research Started
https://www.youtube.com/shorts/FRAGO31_UyY
Next.js Security Testing Guide for Bug Hunters and Pentesters
https://deepstrike.io/blog/nextjs-security-testing-bug-bounty-guide