43961
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
CVE-2026-22730: SQL Injection in Spring AI’s MariaDB Vector Store
https://blog.securelayer7.net/cve-2026-22730-sql-injection-spring-ai-mariadb/
Analysis of RCE of Xiaomi C400 camera by exploiting Vulnerability #1 and #3 combined together. Vulnerabilities are not patched!
Vulnerability #1: Xiaomi - miIO Protocol Authentication Bypass
Vulnerability #2: Xiaomi - miIO client cryptographically weak PRNG
Vulnerability #3: miIO client heap buffer overflow
Analysis: https://labs.taszk.io/articles/post/nowyouseemi/
Exploits and jailbreak for Xiaomi Smart Cameras: https://github.com/TaszkSecLabs/xiaomi-c400-pwn
Needle in the haystack: LLMs for vulnerability research
https://devansh.bearblog.dev/needle-in-the-haystack/
Hacking Gemini Enterprise for a $15,000 bounty
https://x.com/behi_sec/status/2029219439028171210?s=46&t=RUHDSSKAhWrUfYiwLCvA2w
New Burp Bounty Pro v3.0.0 release:
* Multi-Step Scanning: Chain Attacks That Single Requests Can't
* Time-Based Detection Engine: Catch What String Matching Misses
* Global Variables System: Write Profiles Once, Reuse Everywhere
* Per-Scan Performance Control: Different Settings for Different Targets
* True Pause & Resume: No More Lost Scan State
* UI Improvements: Faster Profile Workflow
* Tag-Based Passive Scan Launching
https://bountysecurity.ai/blogs/news/new-burp-bounty-pro-v3-0-0-release
GraphQL Pentesting for Bug Bounty Hunters: From Endpoint Discovery to High-Impact Exploits…!
mpjani294/graphql-pentesting-for-bug-bounty-hunters-from-endpoint-discovery-to-high-impact-exploits-821f64a953b5" rel="nofollow">https://medium.com/@mpjani294/graphql-pentesting-for-bug-bounty-hunters-from-endpoint-discovery-to-high-impact-exploits-821f64a953b5
RCE in Google's AI code editor Antigravity - $10000 Bounty
https://www.hacktron.ai/blog/hacking-google-antigravity
Understanding and Experimenting with Apple's Pointer Authentication Codes (PAC) on iOS
https://blog.reversesociety.co/blog/2026/pointer-authentication-code-for-ios
GatewayToHeaven: Finding a Cross-Tenant Vulnerability in GCP's Apigee
https://omeramiad.com/posts/gatewaytoheaven-gcp-cross-tenant-vulnerability/
Iframe Sandbox Trick
Triggering Authentication Dialogs Without allow-popups
https://phor3nsic.github.io/2026/01/21/trick-iframe-sandbox.html
Account Takeover in Facebook mobile app due to usage of cryptographically unsecure random number generator and XSS in Facebook JS SDK
https://ysamm.com/uncategorized/2026/01/17/math-random-facebook-sdk.html
Leaking Meta FXAuth Token leading to 2 click Account Takeover
https://ysamm.com/uncategorized/2026/01/16/leaking-fxauth-token.html
Multiple cross-site leaks disclosing Facebook users in third-party websites
https://ysamm.com/uncategorized/2026/01/16/cross-site-leaks.html
Datr cookie theft and AI leads to Facebook account takeover via trusted device recovery
https://ysamm.com/uncategorized/2026/01/15/steal-dtsg-cookie.html
Multiple XSS in Meta Conversion API Gateway Leading to Zero-Click Account Takeover
https://ysamm.com/uncategorized/2026/01/13/capig-xss.html
Pentesting a pentest agent - Here's what I've found in AWS Security Agent
https://blog.richardfan.xyz/2026/03/14/pentesting-a-pentest-agent-heres-what-ive-found-in-aws-security-agent.html
ALMOST IMPOSSIBLE: JAVA DESERIALIZATION THROUGH BROKEN CRYPTO IN OPENTEXT DIRECTORY SERVICES
https://slcyber.io/research-center/almost-impossible-java-deserialization-through-broken-crypto-in-opentext-directory-services/
LeakyLooker: Hacking Google Cloud’s Data via Dangerous Looker Studio Vulnerabilities
https://www.tenable.com/blog/leakylooker-google-cloud-looker-studio-vulnerabilities
How We Hacked McKinsey's AI Platform
https://codewall.ai/blog/how-we-hacked-mckinseys-ai-platform
How I Cured My Bug Hunting AI's Goldfish Memory
https://labs.trace37.com/blog/mastermind-hooks-architecture/
When Audits Fail Part 2: From Pre-Auth SSRF to RCE in TRUfusion Enterprise
https://www.rcesecurity.com/2026/02/when-audits-fail-from-pre-auth-ssrf-to-rce-in-trufusion-enterprise/
TRUSTING CLAUDE WITH A KNIFE: UNAUTHORIZED PROMPT INJECTION TO RCE IN ANTHROPIC’S CLAUDE CODE ACTION
https://johnstawinski.com/2026/02/05/trusting-claude-with-a-knife-unauthorized-prompt-injection-to-rce-in-anthropics-claude-code-action/
Evaluating and mitigating the growing risk of LLM-discovered 0-days
https://red.anthropic.com/2026/zero-days/
Leaking the phone number of any Google user
https://brutecat.com/articles/leaking-google-phones
Cloudflare Zero-day: Accessing Any Host Globally
https://fearsoff.org/research/cloudflare-acme
Compromising a NASDAQ Financial Giant
https://estse.github.io/posts/compromising-a-nasdaq-financial-giant/
Instagram account takeover via Meta Pixel script abuse
https://ysamm.com/uncategorized/2026/01/16/leaking-fbevents-ato.html
Two-click Facebook account takeover via FXAuth token and blob theft
https://ysamm.com/uncategorized/2026/01/15/steal-fxauth-leads-instagram-ato.html
Self-XSS in Facebook payments flow leads to Instagram and Facebook account takeovers
https://ysamm.com/uncategorized/2026/01/15/self-xss-facebook-payments.html
CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild
https://www.wiz.io/blog/wiz-research-codebreach-vulnerability-aws-codebuild