43961
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Master C and C++ with our new Testing Handbook chapter
https://blog.trailofbits.com/2026/04/09/master-c-and-c-with-our-new-testing-handbook-chapter/
Five takeaways from the UK’s Cyber Security & Resilience Bill
https://www.intigriti.com/blog/news/key-takeaways-from-the-uk-cyber-security-and-resilience-bill
Crafting a Full Read SSRF: A Journey Through Oauth DCR, Open URL Redirects, and Path Normalization
https://eib.hashnode.dev/crafting-a-full-read-ssrf-a-journey-through-oauth-dcr-open-url-redirects-and-path-normalization
ShadowPrompt: How Any Website Could Have Hijacked Claude's Chrome Extension
https://www.koi.ai/blog/shadowprompt-how-any-website-could-have-hijacked-anthropic-claude-chrome-extension
Remote Command Execution in Google Cloud with Single Directory Deletion
https://flatt.tech/research/posts/remote-command-execution-in-google-cloud-with-single-directory-deletion/
Instagram Notes Audio Leakage via URL Extraction (Fixed & Rewarded)
https://github.com/i12gocaj/Instagram-Notes-Audio-Leakage-via-URL-Extraction-Fixed
Pentesting a pentest agent - Here's what I've found in AWS Security Agent
https://blog.richardfan.xyz/2026/03/14/pentesting-a-pentest-agent-heres-what-ive-found-in-aws-security-agent.html
ALMOST IMPOSSIBLE: JAVA DESERIALIZATION THROUGH BROKEN CRYPTO IN OPENTEXT DIRECTORY SERVICES
https://slcyber.io/research-center/almost-impossible-java-deserialization-through-broken-crypto-in-opentext-directory-services/
LeakyLooker: Hacking Google Cloud’s Data via Dangerous Looker Studio Vulnerabilities
https://www.tenable.com/blog/leakylooker-google-cloud-looker-studio-vulnerabilities
How We Hacked McKinsey's AI Platform
https://codewall.ai/blog/how-we-hacked-mckinseys-ai-platform
How I Cured My Bug Hunting AI's Goldfish Memory
https://labs.trace37.com/blog/mastermind-hooks-architecture/
When Audits Fail Part 2: From Pre-Auth SSRF to RCE in TRUfusion Enterprise
https://www.rcesecurity.com/2026/02/when-audits-fail-from-pre-auth-ssrf-to-rce-in-trufusion-enterprise/
TRUSTING CLAUDE WITH A KNIFE: UNAUTHORIZED PROMPT INJECTION TO RCE IN ANTHROPIC’S CLAUDE CODE ACTION
https://johnstawinski.com/2026/02/05/trusting-claude-with-a-knife-unauthorized-prompt-injection-to-rce-in-anthropics-claude-code-action/
Evaluating and mitigating the growing risk of LLM-discovered 0-days
https://red.anthropic.com/2026/zero-days/
Leaking the phone number of any Google user
https://brutecat.com/articles/leaking-google-phones
PortSwigger partners with Meta Bug Bounty to empower bug hunters with training and Pro licenses
https://portswigger.net/blog/portswigger-partners-with-meta-bug-bounty-to-empower-bug-hunters-with-training-and-pro-licenses
What we learned about TEE security from auditing WhatsApp
https://blog.trailofbits.com/2026/04/07/what-we-learned-about-tee-security-from-auditing-whatsapps-private-inference/
How Command Injection Vulnerability in OpenAI Codex Leads to GitHub Token Compromise
https://www.beyondtrust.com/blog/entry/openai-codex-command-injection-vulnerability-github-token
Breaking Pingora: HTTP Request Smuggling & Cache Poisoning in Cloudflare's Reverse Proxy
https://xclow3n.github.io/post/6/
How I Earned $76,000 From a Single Program on Bugcrowd
https://anonhunter.medium.com/how-i-earned-76-000-from-a-single-program-on-bugcrowd-adf2a0eeece0
CVE-2026-22730: SQL Injection in Spring AI’s MariaDB Vector Store
https://blog.securelayer7.net/cve-2026-22730-sql-injection-spring-ai-mariadb/
Analysis of RCE of Xiaomi C400 camera by exploiting Vulnerability #1 and #3 combined together. Vulnerabilities are not patched!
Vulnerability #1: Xiaomi - miIO Protocol Authentication Bypass
Vulnerability #2: Xiaomi - miIO client cryptographically weak PRNG
Vulnerability #3: miIO client heap buffer overflow
Analysis: https://labs.taszk.io/articles/post/nowyouseemi/
Exploits and jailbreak for Xiaomi Smart Cameras: https://github.com/TaszkSecLabs/xiaomi-c400-pwn
Needle in the haystack: LLMs for vulnerability research
https://devansh.bearblog.dev/needle-in-the-haystack/
Hacking Gemini Enterprise for a $15,000 bounty
https://x.com/behi_sec/status/2029219439028171210?s=46&t=RUHDSSKAhWrUfYiwLCvA2w
New Burp Bounty Pro v3.0.0 release:
* Multi-Step Scanning: Chain Attacks That Single Requests Can't
* Time-Based Detection Engine: Catch What String Matching Misses
* Global Variables System: Write Profiles Once, Reuse Everywhere
* Per-Scan Performance Control: Different Settings for Different Targets
* True Pause & Resume: No More Lost Scan State
* UI Improvements: Faster Profile Workflow
* Tag-Based Passive Scan Launching
https://bountysecurity.ai/blogs/news/new-burp-bounty-pro-v3-0-0-release
GraphQL Pentesting for Bug Bounty Hunters: From Endpoint Discovery to High-Impact Exploits…!
mpjani294/graphql-pentesting-for-bug-bounty-hunters-from-endpoint-discovery-to-high-impact-exploits-821f64a953b5" rel="nofollow">https://medium.com/@mpjani294/graphql-pentesting-for-bug-bounty-hunters-from-endpoint-discovery-to-high-impact-exploits-821f64a953b5
RCE in Google's AI code editor Antigravity - $10000 Bounty
https://www.hacktron.ai/blog/hacking-google-antigravity
Understanding and Experimenting with Apple's Pointer Authentication Codes (PAC) on iOS
https://blog.reversesociety.co/blog/2026/pointer-authentication-code-for-ios
GatewayToHeaven: Finding a Cross-Tenant Vulnerability in GCP's Apigee
https://omeramiad.com/posts/gatewaytoheaven-gcp-cross-tenant-vulnerability/
Iframe Sandbox Trick
Triggering Authentication Dialogs Without allow-popups
https://phor3nsic.github.io/2026/01/21/trick-iframe-sandbox.html