43961
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Multiple XSS in Meta Conversion API Gateway Leading to Zero-Click Account Takeover
https://ysamm.com/uncategorized/2025/01/13/capig-xss.html
Burp MCP + Codex CLI
This guide shows how to connect Burp Suite MCP Server to Codex CLI so that Codex can reason directly on your real HTTP traffic — no API keys, no scanning, no fuzzing.
https://pentestbook.six2dez.com/others/burp#burp-mcp?codex-cli
Two CVEs, Zero Ego: A Mailpit Story
https://rosecurify.com/two-cves-zero-ego-a-mailpit-story/
Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691)
https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/
Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691)
https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/
GitHub - Chocapikk/CVE-2026-21858: n8n Ni8mare - Unauthenticated Arbitrary File Read to RCE Chain (CVSS 10.0)
https://github.com/Chocapikk/CVE-2026-21858
Top 10 web hacking techniques of 2025: call for nominations
https://portswigger.net/research/top-10-web-hacking-techniques-of-2025-nominations-open
Top 10 web hacking techniques of 2025: call for nominations
https://portswigger.net/research/top-10-web-hacking-techniques-of-2025-nominations-open
CVE-2025-61922: Zero-Click Account Takeover on Prestashop
https://dhakal-ananda.com.np/blogs/cve-2025-61922-analysis/
Release v3.6.2 · projectdiscovery/nuclei
https://github.com/projectdiscovery/nuclei/releases/tag/v3.6.2
Grafana CVE-2025-6023 Bypass: A Technical Deep Dive
https://blog.ethiack.com/blog/grafana-cve-2025-6023-bypass-a-technical-deep-dive
Blind trust: what is hidden behind the process of creating your PDF file?
https://swarm.ptsecurity.com/blind-trust-what-is-hidden-behind-the-process-of-creating-your-pdf-file/
Introducing Sonar Foundation Agent | Sonar
https://www.sonarsource.com/blog/introducing-sonar-foundation-agent/
When WebSockets Lead to RCE in CurseForge
https://elliott.diy/blog/curseforge/
Seventeen years later, code quality is more relevant than ever
https://www.sonarsource.com/blog/sonars-17-year-anniversary/
Burp MCP Agents
Practical setup guides and helpers to connect Burp Suite MCP Server to multiple AI backends
https://github.com/six2dez/burp-mcp-agents
Droid LLM Hunter is a tool to scan for vulnerabilities in Android applications using Large Language Models (LLMs)
https://github.com/roomkangali/droid-llm-hunter
Arista Firewall XSS to RCE Chain
https://bishopfox.com/blog/arista-nextgen-firewall-xss-to-rce-chain
Case study: How Libya’s Leading Host - Libyan Spider - Blocked 65k+ Threats with Patchstack - Patchstack
https://patchstack.com/articles/case-study-how-libyas-leading-host-libyan-spider-blocked-65k-threats-with-patchstack/
Seahawk Media Partners with Patchstack to Strengthen WordPress Security - Patchstack
https://patchstack.com/articles/seahawk-media-partners-with-patchstack-to-strengthen-wordpress-security/
Predator iOS Malware: Building a Surveillance Framework - Part 1 | Reverse Society
https://blog.reversesociety.co/blog/2025/predator-ios-malware-surveillance-framework-part-1
Reverse engineering my cloud-connected e-scooter and finding the master key to unlock all scooters
https://blog.nns.ee/2026/01/06/aike-ble/
GitHub - jenish-sojitra/JSAnalyzer
https://github.com/jenish-sojitra/JSAnalyzer
MongoBleed: CVE-2025-14847 Memory Corruption in MongoDB. Your Database Talks Back
https://phoenix.security/mongobleed-vulnerability-cve-2025-14847/
Detect Go’s silent arithmetic bugs with go-panikint
https://blog.trailofbits.com/2025/12/31/detect-gos-silent-arithmetic-bugs-with-go-panikint/
Turning a harmless XSS behind a WAF into a realistic phishing vector
https://blog.hackcommander.com/posts/2025/12/28/turning-a-harmless-xss-behind-a-waf-into-a-realistic-phishing-vector/
Server-Side Request Forgery (SSRF): Detection, Impact, and Defense Bypass Techniques
https://seclak07.medium.com/server-side-request-forgery-ssrf-detection-impact-and-defense-bypass-techniques-71787fe52db1
CSRF Protection without Tokens or Hidden Form Fields
https://blog.miguelgrinberg.com/post/csrf-protection-without-tokens-or-hidden-form-fields
December CTF Challenge: Chaining XS leaks and postMessage XSS
https://www.intigriti.com/researchers/blog/hacking-tools/december-ctf-challenge-xs-leaks-postmessage-xss
Turning List-Unsubscribe into an SSRF/XSS Gadget
https://security.lauritz-holtmann.de/post/xss-ssrf-list-unsubscribe/