43962
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Constant-time support lands in LLVM: Protecting cryptographic code at the compiler level
https://blog.trailofbits.com/2025/11/25/constant-time-support-lands-in-llvm-protecting-cryptographic-code-at-the-compiler-level/
Understanding signal-to-noise for vulnerability management success
https://www.intigriti.com/blog/business-insights/understanding-signal-to-noise-for-vulnerability-management-success
Sonar honored in Fast Company
https://www.sonarsource.com/blog/sonar-honored-in-fast-company-next-big-things-in-tech/
From Token to Takeover: Exploiting Weak HS256 Secrets (POC)
1998satheesh/from-token-to-takeover-exploiting-weak-hs256-secrets-poc-c53afb9a75a0" rel="nofollow">https://medium.com/@1998satheesh/from-token-to-takeover-exploiting-weak-hs256-secrets-poc-c53afb9a75a0
Android Quick Share Support for AirDrop: A Secure Approach to Cross-Platform File Sharing
http://security.googleblog.com/2025/11/android-quick-share-support-for-airdrop-security.html
SupaPwn: Hacking Our Way into Lovable
https://www.hacktron.ai/blog/supapwn
We found cryptography bugs in the elliptic library using Wycheproof
https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/
Securing GitHub Actions With SonarQube: Real-World Examples
https://www.sonarsource.com/blog/securing-github-actions-with-sonarqube-real-world-examples/
Level up your Solidity LLM tooling with Slither-MCP
https://blog.trailofbits.com/2025/11/15/level-up-your-solidity-llm-tooling-with-slither-mcp/
Release v3.5.0 · projectdiscovery/nuclei
https://github.com/projectdiscovery/nuclei/releases/tag/v3.5.0
How we avoided side-channels in our new post-quantum Go cryptography libraries
https://blog.trailofbits.com/2025/11/14/how-we-avoided-side-channels-in-our-new-post-quantum-go-cryptography-libraries/
SonarQube Named a Leader and Fast Mover in GigaOm
https://www.sonarsource.com/blog/sonarqube-named-leader-in-gigaom-application-security-testing/
Building checksec without boundaries with Checksec Anywhere
https://blog.trailofbits.com/2025/11/13/building-checksec-without-boundaries-with-checksec-anywhere/
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101)
https://labs.watchtowr.com/is-it-citrixbleed4-well-no-is-it-good-also-no-citrix-netscalers-memory-leak-rxss-cve-2025-12101/
Introducing HTTP Anomaly Rank
https://portswigger.net/research/introducing-http-anomaly-rank
Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)
https://labs.watchtowr.com/stop-putting-your-passwords-into-random-websites-yes-seriously-you-are-the-problem/
Announcing SonarSweep: Improving training data quality for coding LLMs
https://www.sonarsource.com/blog/announcing-sonarsweep-improving-training-data-quality-for-coding-llms/
Intigriti Bug Bytes #230 - November 2025 🚀
https://www.intigriti.com/researchers/blog/bug-bytes/intigriti-bug-bytes-230-november-2025
Securing GitHub Actions With SonarQube: Real-World Examples
https://www.sonarsource.com/blog/securing-github-actions-with-sonarqube-real-world-examples/
Black Friday and Cyber Monday price distortion identification
https://www.intigriti.com/blog/business-insights/black-friday-and-cyber-monday-price-distortion-identification
Securing GitHub Actions With SonarQube: Real-World Examples
https://www.sonarsource.com/blog/securing-github-actions-with-sonarqube-real-world-examples/
Intigriti wins ‘Security Innovation of the Year’ at the 2025 UK IT Industry Awards
https://www.intigriti.com/blog/awards/intigriti-wins-security-innovation-of-the-year-at-the-2025-uk-it-industry-awards
Flutter SSL Bypass: How to Intercept HTTPS Traffic When all other Frida Scripts Fail
https://m4kr0x.medium.com/flutter-tls-bypass-how-to-intercept-https-traffic-when-all-other-frida-scripts-fail-bd3d04489088
When The Impersonation Function Gets Used To Impersonate Users (Fortinet FortiWeb Auth. Bypass CVE-2025-64446)
https://labs.watchtowr.com/when-the-impersonation-function-gets-used-to-impersonate-users-fortinet-fortiweb-auth-bypass/
Hacking with Burp AI in the Chesspocalypse: API expert Corey Ball showcases how Burp AI can support pentesters.
https://portswigger.net/blog/hacking-with-burp-ai-in-the-chesspocalypse-api-expert-corey-ball-showcases-how-burp-ai-can-support-pentesters
Injection for an athlete
https://swarm.ptsecurity.com/injection-for-an-athlete/
Rust in Android: move fast and fix things
http://security.googleblog.com/2025/11/rust-in-android-move-fast-fix-things.html
Critical: Remote Code Execution via Malicious Obfuscated Malware in Imunify360 AV (AI-bolit)
https://patchstack.com/articles/remote-code-execution-vulnerability-found-in-imunify360/
SonarQube Named a Leader and Fast Mover in GigaOm
https://www.sonarsource.com/blog/sonarqube-named-leader-in-gigaom-application-security-testing/
Hunting for DOM-based XSS vulnerabilities: A complete guide
https://www.intigriti.com/researchers/blog/hacking-tools/exploiting-dom-based-xss-vulnerabilities