1 Bug, $50K+ in bounties: how Zendesk left a backdoor in hundreds of companies #bugbountytips gist.github.com/hackermondev/6…

Our research on vulnerabilities caused by the great firewall was nominated for the top ten web hacking techniques this year (Insecurity through Censorship). This affects 30-40m domains. If you found our research interesting, you can vote here: portswigger.net/polls/top-10-w…

Launching today! Volerion transforms raw CVEs into structured and instant insights #CVE #CyberSecurity #infosec

We just launched our blog! blog.volerion.com

Pre-orders have started shipping and getting to readers around the world! Whether you’re new to vulnerability research or sharpening an existing skill set, this book will show you how to think (and work) like a bug hunter. This book will teach you how to: ✅ Identify promising

Our models identified the correct product (CPE), versions (semver) and gathered remediation options. This data is available through our API within minutes after a CVE is published.

getJS will now ignore certificate errors, so that your bug bounty automation will less likely error on the hosts that are the most interesting (e.g. self-signed certificates). github.com/003random/getJ…

CVE-2025-54576 is quite cool. It's so easy to make your web app vulnerable to this. You would expect `skip_auth_routes` to match routes only, but meanwhile it was comparing against `GetRequestURI`. Fixed in v7.11.0 by comparing against `GetRequestPath`. 👉blog.volerion.com/posts/CVE-2025…

🦾💼 #DEFCON33 may feel like a “hacker holiday,” but the CVE conveyor belt never stops. Out of the 249 newly published CVEs, the highest EPSS in the set is 0.09475 — CVE-2025-47188 — with a CRITICAL CVSS score. Volerion gives it a contextual risk score of 3.6/10, factoring in

😭