43247
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Hacking Kerio Control via CVE-2024-52875: from CRLF Injection to 1-click RCE | Karma(In)Security
https://karmainsecurity.com/hacking-kerio-control-via-cve-2024-52875
NIS2: Next Step Forward on EU Security Requirements
https://www.hackerone.com/public-policy/nis2-eu-security-requirements
Post: Mutation XSS: Explained, CVE and Challenge | Jorian Woltjer
https://jorianwoltjer.com/blog/p/hacking/mutation-xss
Decoding Spectra Lab’s Bonding Contract $250K Exploit
https://quillaudits.medium.com/decoding-spectra-labs-bonding-contract-250k-exploit-b88d249c3218
Talkie Pwnii #2: Exploiting second order SQL injection to extract data
https://www.youtube.com/watch?v=S8qrBTJjH7k
GitHub - bitbomdev/minefield: Graphing SBOM's Fast.
https://github.com/bitbomdev/minefield
Regression testing: The key to ensuring software quality and reliability
https://blog.intigriti.com/business-insights/regression-testing-the-key-to-ensuring-software-quality-and-reliability
Bcrypt Hash Input Truncation & Mobile Device Threat Modeling (Ep. 97)
https://www.youtube.com/watch?v=m5mR6dvhtpg
The Insecure IoT Cloud Strikes Again: RCE on Ruijie Cloud-Connected Devices
https://claroty.com/team82/research/the-insecure-iot-cloud-strikes-again-rce-on-ruijie-cloud-connected-devices
Messenger Group Call DoS for iOS
https://s11research.com/posts/Messenger-Group-Call-DoS-for-iOS/
Why Can't You Fix This Bug Faster?
https://maxwelldulin.com/BlogPost/Why-Can't-You-Fix-This-Bug-Faster
🎅 visited @patchstackapp and has a quest for you to find vulns in #WordPress plugins and themes.
📅 When: 10-17 Dec
🛡️ What: XSS, CSRF, Arbitrary file download, privilege escalation, sensitive data exposure
📊 CVSS: 6.4+
📈 Installs: 50+
Learn more at https://patchstack.com/bug-bounty/
Google Cloud expands vulnerability detection for Artifact Registry using OSV
http://security.googleblog.com/2024/12/google-cloud-expands-vulnerability.html
How I Found a Critical Vulnerability and Earned $4,000 in Bug Bounty Hunting
zack0x01_/how-i-found-a-critical-vulnerability-and-earned-4-000-in-bug-bounty-hunting-2ce4a1227fdc" rel="nofollow">https://medium.com/@zack0x01_/how-i-found-a-critical-vulnerability-and-earned-4-000-in-bug-bounty-hunting-2ce4a1227fdc
Privilege Escalation via Impersonation Features feature
0x_xnum/privilege-escalation-via-impersonation-features-feature-c49cf3a3dc03" rel="nofollow">https://medium.com/@0x_xnum/privilege-escalation-via-impersonation-features-feature-c49cf3a3dc03
YesWeHack Customer Story: Ferrero, Italy's sweet-packaged food giant
https://www.youtube.com/watch?v=JwZ6KevYJHc
Messenger Group Call DoS for iOS
https://s11research.com/posts/Messenger-Group-Call-DoS-for-iOS/
Insecure file uploads: A complete guide to finding advanced file upload vulnerabilities
https://blog.intigriti.com/hacking-tools/insecure-file-uploads-a-complete-guide-to-finding-advanced-file-upload-vulnerabilities
Understanding XSS in Android Apps
anandrishav2228/earn-10-000-xss-in-android-apps-scratch-to-advance-cb3aa6c2b98f" rel="nofollow">https://medium.com/@anandrishav2228/earn-10-000-xss-in-android-apps-scratch-to-advance-cb3aa6c2b98f
Intigriti Bug Bytes #219 - December 2024 🎅
https://blog.intigriti.com/bug-bytes/bug-bytes-219-december-2024
Android's CVE-2022-20201 (InstalldNativeService)
https://pwner.gg/blog/Android's-CVE-2022-20201
A Guide To Subdomain Takeovers 2.0
https://www.hackerone.com/community/guide-subdomain-takeovers
Citrix Denial of Service: Analysis of CVE-2024-8534
https://www.assetnote.io/resources/research/citrix-denial-of-service-analysis-of-cve-2024-8534
Forget PSEXEC: DCOM Upload & Execute Backdoor
https://www.deepinstinct.com/blog/forget-psexec-dcom-upload-execute-backdoor
Cleo Harmony, VLTrader, and LexiCom - RCE via Arbitrary File Write (CVE-2024-50623)
https://labs.watchtowr.com/cleo-cve-2024-50623/
Hacking AI Applications: From 3D Printing to Remote Code Execution
https://www.securityrunners.io/post/hacking-ai-applications
How to Streamline Your SDLC With Hai
https://www.hackerone.com/ai/streamline-sdlc-with-hai
266 - Machine Learning Attacks and Tricky Null Bytes
https://dayzerosec.com/podcast/266.html
PentesterLab Blog: How to Securely Design Your JWT Library
https://pentesterlab.com/blog/secure-jwt-library-design
Performing Android Static Analysis 101-A Complete Guide for Beginners - Laburity
https://laburity.com/performing-android-static-analysis-101-a-complete-guide-for-beginners/