43962
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Copy Fail: 732 Bytes to Root on Every Major Linux Distribution
https://xint.io/blog/copy-fail-linux-distributions
PortSwigger recognized at the Northern Tech Awards 2026.
https://portswigger.net/blog/portswigger-recognized-at-the-northern-tech-awards-2026
Benchmarking Neo's Black-Box DAST Capabilities — ProjectDiscovery Blog
https://projectdiscovery.io/blog/neo-black-box-dast-capabilities
AI threats in the wild: The current state of prompt injections on the web
http://security.googleblog.com/2026/04/ai-threats-in-wild-current-state-of.html
Vulnpocalypse Now? How AI is changing vulnerability discovery
https://www.intigriti.com/blog/business-insights/vulnpocalypse-now-how-ai-is-changing-vulnerability-discovery
Release v3.8.0 · projectdiscovery/nuclei
https://github.com/projectdiscovery/nuclei/releases/tag/v3.8.0
We beat Google’s zero-knowledge proof of quantum cryptanalysis
https://blog.trailofbits.com/2026/04/17/we-beat-googles-zero-knowledge-proof-of-quantum-cryptanalysis/
A(I) future of Bug Bounty
https://www.intigriti.com/blog/business-insights/ai-future-of-bug-bounty
Protecting Cookies with Device Bound Session Credentials
http://security.googleblog.com/2026/04/protecting-cookies-with-device-bound.html
Master C and C++ with our new Testing Handbook chapter
https://blog.trailofbits.com/2026/04/09/master-c-and-c-with-our-new-testing-handbook-chapter/
Five takeaways from the UK’s Cyber Security & Resilience Bill
https://www.intigriti.com/blog/news/key-takeaways-from-the-uk-cyber-security-and-resilience-bill
Crafting a Full Read SSRF: A Journey Through Oauth DCR, Open URL Redirects, and Path Normalization
https://eib.hashnode.dev/crafting-a-full-read-ssrf-a-journey-through-oauth-dcr-open-url-redirects-and-path-normalization
ShadowPrompt: How Any Website Could Have Hijacked Claude's Chrome Extension
https://www.koi.ai/blog/shadowprompt-how-any-website-could-have-hijacked-anthropic-claude-chrome-extension
Remote Command Execution in Google Cloud with Single Directory Deletion
https://flatt.tech/research/posts/remote-command-execution-in-google-cloud-with-single-directory-deletion/
Instagram Notes Audio Leakage via URL Extraction (Fixed & Rewarded)
https://github.com/i12gocaj/Instagram-Notes-Audio-Leakage-via-URL-Extraction-Fixed
Extending Ruzzy with LibAFL
https://blog.trailofbits.com/2026/04/29/extending-ruzzy-with-libafl/
The Trust Gap Behind the AI Coding Boom: What 200 Security Practitioners Just Told Us — ProjectDiscovery Blog
https://projectdiscovery.io/blog/the-trust-gap-behind-the-ai-coding-boom-what-200-security-practitioners-just-told-us
Intigriti Bug Bytes #235 - April 2026 🚀
https://www.intigriti.com/researchers/blog/bug-bytes/intigriti-bug-bytes-235-april-2026
Trailmark turns code into graphs
https://blog.trailofbits.com/2026/04/23/trailmark-turns-code-into-graphs/
CVE-2026-41238: How Prototype Pollution Turns DOMPurify Into an XSS Gadget
https://labs.trace37.com/blog/dompurify-pp-ceh-bypass/
Common misconceptions debugged!
https://www.intigriti.com/blog/business-insights/common-misconceptions-debugged
Introducing the official Burp Ambassador Program
https://portswigger.net/blog/introducing-the-official-burp-ambassador-program
Bringing Rust to the Pixel Baseband
http://security.googleblog.com/2026/04/bringing-rust-to-pixel-baseband.html
How We Cut LLM Costs by 59% With Prompt Caching — ProjectDiscovery Blog
https://projectdiscovery.io/blog/how-we-cut-llm-cost-with-prompt-caching
PortSwigger partners with Meta Bug Bounty to empower bug hunters with training and Pro licenses
https://portswigger.net/blog/portswigger-partners-with-meta-bug-bounty-to-empower-bug-hunters-with-training-and-pro-licenses
What we learned about TEE security from auditing WhatsApp
https://blog.trailofbits.com/2026/04/07/what-we-learned-about-tee-security-from-auditing-whatsapps-private-inference/
How Command Injection Vulnerability in OpenAI Codex Leads to GitHub Token Compromise
https://www.beyondtrust.com/blog/entry/openai-codex-command-injection-vulnerability-github-token
Breaking Pingora: HTTP Request Smuggling & Cache Poisoning in Cloudflare's Reverse Proxy
https://xclow3n.github.io/post/6/
How I Earned $76,000 From a Single Program on Bugcrowd
https://anonhunter.medium.com/how-i-earned-76-000-from-a-single-program-on-bugcrowd-adf2a0eeece0
CVE-2026-22730: SQL Injection in Spring AI’s MariaDB Vector Store
https://blog.securelayer7.net/cve-2026-22730-sql-injection-spring-ai-mariadb/