I found a way to access thousands of private meetings in a video recording software and sent a report to their program. To support an impact, I confirmed access to a single private 29-min corporate meeting😳

Epic Games' bug bounty program just launched a new campaign, and it's the first public program to enable dupe windows outside of LHE. Check it out: hackerone.com/epicgames

TIL, TrueMoney, Thailand’s leading financial service provider, doesn’t allow you to change a phone number. Instead, you should dispose of your money, delete your account, and set up a new account with a new phone number. I managed to send all the money to my wife so I could

“Please limit your traffic to 2 requests per second when testing” my brother in planet earth, a legit website browsing would generate more requests per second

Full Referer URL leak through img tag alert! Farm while you can. This will probably be fixed, though it will likely take some time, as it won't be tracked as a high-priority bug. I already identified and reported an OAuth token leak through the Referer header.

As an update, H1 increased the severity to Medium 5.3 this morning, agreeing on the low complexity and adding a $1.5k bounty, totaling $2.9k. Not too shabby for a Medium, we are balling chat

IP whitelisting is fundamentally broken. At Assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: github.com/assetnote/newt…

I just found the coolest csp bypass ever! did you know that a valid pdf can ALSO be valid javascript? (details below)

How do we turn bad SSRF (blind) into good SSRF (full response)? The Assetnote Security Research team at Searchlight Cyber used a novel technique involving HTTP redirect loops and incremental status codes that leaked the full HTTP resp. It may work elsewhere! slcyber.io/assetnote-secu…

"Who's SHA is it Anyway: Bypassing Google Cloud Build Comment Control for $30,000" by Adnan Khan adnanthekhan.com/posts/cloud-bu…

Facebook Messenger for Windows RCE worth $112K via Slack/Viber DLL files override using path traversal in attachments by Dzmitry Lukyanenko vulnano.com/2025/09/remote…

FYI, the reputation-based milestone program will be entirely replaced by the new milestone rewards program on HackerOne, centered around valid vulnerabilities. If you are eligible for milestones swags, request them before October 31st. Otherwise, they'll be lost.

Had enough people reaching out around the React createElement XSS stuff that I decided to throw up a blog post. Nothing really new added here from the original presentations, just gives some of it somewhere more accessible to live longer term. turb0.one/pages/From_Com…

Earlier this year, shubs and I discovered multiple vulnerabilities that allowed us to access the back office admin panel of ClubWPT Gold (the World Poker Tour's website) where we could manage customer data, KYC, and more. Read the writeup here: samcurry.net/hacking-clubwp…

📢 New research from Brumens is out! Learn how to detect & exploit syntax confusion in real web apps, how he turned an SSRF & blind file read into a full file read, and more besides 👇 yeswehack.com/learn-bug-boun…