43961
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
When OAuth Becomes a Weapon: Lessons from CVE-2025-6514 | Amla Labs
https://amlalabs.com/blog/oauth-cve-2025-6514/
The inevitable rise of poor code quality in AI-accelerated codebases
https://www.sonarsource.com/blog/the-inevitable-rise-of-poor-code-quality-in-ai-accelerated-codebases/
How a single backslash got me £1000 bounty from a bug bounty program
sairajthorat077/how-a-single-backslash-got-me-1000-bounty-from-a-bug-bounty-program-39239e8fc017" rel="nofollow">https://medium.com/@sairajthorat077/how-a-single-backslash-got-me-1000-bounty-from-a-bug-bounty-program-39239e8fc017
Ollama Remote Code Execution: Securing the Code That Runs LLMs
https://www.sonarsource.com/blog/ollama-remote-code-execution-securing-the-code-that-runs-llms/
Intigriti Bug Bytes #231 - December 2025 🚀
https://www.intigriti.com/researchers/blog/bug-bytes/intigriti-bug-bytes-231-december-2025
Ollama Remote Code Execution: Securing the Code That Runs LLMs
https://www.sonarsource.com/blog/ollama-remote-code-execution-securing-the-code-that-runs-llms/
A Deep And Very Technical Analysis of CVE-2025-55182 (React2Shell)
https://i0.rs/blog/a-deep-and-very-technical-analysis-of-cve-2025-55182-react2-shell/
Ollama Remote Code Execution: Securing the Code That Runs LLMs
https://www.sonarsource.com/blog/ollama-remote-code-execution-securing-the-code-that-runs-llms/
The Fragile Lock: Novel Bypasses For SAML Authentication
https://portswigger.net/research/the-fragile-lock
Catching malicious package releases using a transparency log
https://blog.trailofbits.com/2025/12/12/catching-malicious-package-releases-using-a-transparency-log/
DAST without disruption: Burp Suite DAST winter update 2025
https://portswigger.net/blog/burp-suite-dast-winter-update-2025
Introducing mrva, a terminal-first approach to CodeQL multi-repo variant analysis
https://blog.trailofbits.com/2025/12/11/introducing-mrva-a-terminal-first-approach-to-codeql-multi-repo-variant-analysis/
.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL
https://thehackernews.com/2025/12/net-soapwn-flaw-opens-door-for-file.html?m=1
HTTPS certificate industry phasing out less secure domain validation methods
http://security.googleblog.com/2025/12/https-certificate-industry-phasing-out.html
New Prompt Injection Attack Vectors Through MCP Sampling
https://unit42.paloaltonetworks.com/model-context-protocol-attack-vectors/
ORM Leaking More Than You Joined For - elttam
https://www.elttam.com/blog/leaking-more-than-you-joined-for/
Ollama Remote Code Execution: Securing the Code That Runs LLMs
https://www.sonarsource.com/blog/ollama-remote-code-execution-securing-the-code-that-runs-llms/
Can chatbots craft correct code?
https://blog.trailofbits.com/2025/12/19/can-chatbots-craft-correct-code/
Year in Review: The Vulnerabilities That Defined 2025 — ProjectDiscovery Blog
https://projectdiscovery.io/blog/year-in-review-the-vulnerabilities-that-defined-2025
Critical Arbitrary File Upload Vulnerability in Motors Theme Affecting 20k+ Sites - Patchstack
https://patchstack.com/articles/critical-arbitrary-file-upload-vulnerability-in-motors-theme-affecting-20k-sites/
Use GWP-ASan to detect exploits in production environments
https://blog.trailofbits.com/2025/12/16/use-gwp-asan-to-detect-exploits-in-production-environments/
Release v3.6.1 · projectdiscovery/nuclei
https://github.com/projectdiscovery/nuclei/releases/tag/v3.6.1
Vibe, then verify: How to navigate the risks of AI-generated code
https://www.sonarsource.com/blog/how-to-navigate-the-risks-of-ai-generated-code/
Burp On Tour 2025: bringing the AppSec community together around the world
https://portswigger.net/blog/burp-on-tour-2025-bringing-the-appsec-community-together-around-the-world
Beyond cybersecurity awareness: Make a strategic shift to code security
https://www.sonarsource.com/blog/make-a-strategic-shift-to-code-security/
CVE-2025-55182: New Detection Profiles for Burp Bounty Pro
https://bountysecurity.ai/blogs/news/cve-2025-55182-react2shell-new-detection-profiles-for-burp-bounty-pro
SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL
https://labs.watchtowr.com/soapwn-pwning-net-framework-applications-through-http-client-proxies-and-wsdl/
Privilege Escalation Vulnerability in Soledad Theme Affecting 50k+ Sites - Patchstack
https://patchstack.com/articles/privilege-escalation-vulnerability-in-soledad-theme-affecting-50k-sites/
Architecting Security for Agentic Capabilities in Chrome
http://security.googleblog.com/2025/12/architecting-security-for-agentic.html
Announcing Tracebit Community Edition | Tracebit
https://tracebit.com/blog/announcing-tracebit-community-edition