43961
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Top 10 web hacking techniques of 2025: call for nominations
https://portswigger.net/research/top-10-web-hacking-techniques-of-2025-nominations-open
Top 10 web hacking techniques of 2025: call for nominations
https://portswigger.net/research/top-10-web-hacking-techniques-of-2025-nominations-open
CVE-2025-61922: Zero-Click Account Takeover on Prestashop
https://dhakal-ananda.com.np/blogs/cve-2025-61922-analysis/
Release v3.6.2 · projectdiscovery/nuclei
https://github.com/projectdiscovery/nuclei/releases/tag/v3.6.2
Grafana CVE-2025-6023 Bypass: A Technical Deep Dive
https://blog.ethiack.com/blog/grafana-cve-2025-6023-bypass-a-technical-deep-dive
Blind trust: what is hidden behind the process of creating your PDF file?
https://swarm.ptsecurity.com/blind-trust-what-is-hidden-behind-the-process-of-creating-your-pdf-file/
Introducing Sonar Foundation Agent | Sonar
https://www.sonarsource.com/blog/introducing-sonar-foundation-agent/
When WebSockets Lead to RCE in CurseForge
https://elliott.diy/blog/curseforge/
Seventeen years later, code quality is more relevant than ever
https://www.sonarsource.com/blog/sonars-17-year-anniversary/
When OAuth Becomes a Weapon: Lessons from CVE-2025-6514 | Amla Labs
https://amlalabs.com/blog/oauth-cve-2025-6514/
The inevitable rise of poor code quality in AI-accelerated codebases
https://www.sonarsource.com/blog/the-inevitable-rise-of-poor-code-quality-in-ai-accelerated-codebases/
How a single backslash got me £1000 bounty from a bug bounty program
sairajthorat077/how-a-single-backslash-got-me-1000-bounty-from-a-bug-bounty-program-39239e8fc017" rel="nofollow">https://medium.com/@sairajthorat077/how-a-single-backslash-got-me-1000-bounty-from-a-bug-bounty-program-39239e8fc017
Ollama Remote Code Execution: Securing the Code That Runs LLMs
https://www.sonarsource.com/blog/ollama-remote-code-execution-securing-the-code-that-runs-llms/
Intigriti Bug Bytes #231 - December 2025 🚀
https://www.intigriti.com/researchers/blog/bug-bytes/intigriti-bug-bytes-231-december-2025
Ollama Remote Code Execution: Securing the Code That Runs LLMs
https://www.sonarsource.com/blog/ollama-remote-code-execution-securing-the-code-that-runs-llms/
Reverse engineering my cloud-connected e-scooter and finding the master key to unlock all scooters
https://blog.nns.ee/2026/01/06/aike-ble/
GitHub - jenish-sojitra/JSAnalyzer
https://github.com/jenish-sojitra/JSAnalyzer
MongoBleed: CVE-2025-14847 Memory Corruption in MongoDB. Your Database Talks Back
https://phoenix.security/mongobleed-vulnerability-cve-2025-14847/
Detect Go’s silent arithmetic bugs with go-panikint
https://blog.trailofbits.com/2025/12/31/detect-gos-silent-arithmetic-bugs-with-go-panikint/
Turning a harmless XSS behind a WAF into a realistic phishing vector
https://blog.hackcommander.com/posts/2025/12/28/turning-a-harmless-xss-behind-a-waf-into-a-realistic-phishing-vector/
Server-Side Request Forgery (SSRF): Detection, Impact, and Defense Bypass Techniques
https://seclak07.medium.com/server-side-request-forgery-ssrf-detection-impact-and-defense-bypass-techniques-71787fe52db1
CSRF Protection without Tokens or Hidden Form Fields
https://blog.miguelgrinberg.com/post/csrf-protection-without-tokens-or-hidden-form-fields
December CTF Challenge: Chaining XS leaks and postMessage XSS
https://www.intigriti.com/researchers/blog/hacking-tools/december-ctf-challenge-xs-leaks-postmessage-xss
Turning List-Unsubscribe into an SSRF/XSS Gadget
https://security.lauritz-holtmann.de/post/xss-ssrf-list-unsubscribe/
ORM Leaking More Than You Joined For - elttam
https://www.elttam.com/blog/leaking-more-than-you-joined-for/
Ollama Remote Code Execution: Securing the Code That Runs LLMs
https://www.sonarsource.com/blog/ollama-remote-code-execution-securing-the-code-that-runs-llms/
Can chatbots craft correct code?
https://blog.trailofbits.com/2025/12/19/can-chatbots-craft-correct-code/
Year in Review: The Vulnerabilities That Defined 2025 — ProjectDiscovery Blog
https://projectdiscovery.io/blog/year-in-review-the-vulnerabilities-that-defined-2025
Critical Arbitrary File Upload Vulnerability in Motors Theme Affecting 20k+ Sites - Patchstack
https://patchstack.com/articles/critical-arbitrary-file-upload-vulnerability-in-motors-theme-affecting-20k-sites/
Use GWP-ASan to detect exploits in production environments
https://blog.trailofbits.com/2025/12/16/use-gwp-asan-to-detect-exploits-in-production-environments/