Interested in Spring Boot Actuators in the context of bug bounty hunting? I wrote something - nothing new - just some insights ;) Article: dsecured.com/en/articles/sp… Retweet appreciated! Dont expect 0days or some fancy magic.

Found an RCE in Google Web Designer :) Very similar to the CSS Injection to RCE found by Bálint Magyar. sudistark.github.io/2025/09/23/RCE…

🤩

Bug Bounty: De HTMLI a RCE — Guía práctica y paso a paso gorkaaa.medium.com/bug-bounty-de-… #bugbounty #bugbountytips #bugbountytip

Nice article This simply tells u only one thing ( there is no secrets ) Just do more search, don’t stop and think as a real hacker, like this man 👇🏻

Me and m0z found that if the web server is using HTTP/1.1, we can inject "Transfer-Encoding" header to truncate the response body data! Others (Jorian) also found the "Fixed Content-Length Value" trick! Read my author writeup for more details! siunam321.github.io/ctf/openECSC-2…

I’m excited to announce that I’ll be presenting The Fragile Lock: Novel Bypasses for SAML Authentication at Black Hat Europe! In this talk, I’ll show how I was able to continuously bypass security patches to achieve complete auth bypass for major libraries. #BHEU Black Hat

Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing: Trend ZDI researcher Simon Zuckerbraun shows how to go from a crash to a full exploit - & he provides you tools to do the same, including his technique used to get ROP execution. zerodayinitiative.com/blog/2025/10/6…

FINALLY! I overcame the procrastination wall and published my full breakdown on Dependency Confusion. This post covers my strategy for turning existing research into a 24/7 automated engine. Check out here: sl4x0.medium.com/turning-depend… #bugbountytips #supplychains

Earlier this year, shubs and I discovered multiple vulnerabilities that allowed us to access the back office admin panel of ClubWPT Gold (the World Poker Tour's website) where we could manage customer data, KYC, and more. Read the writeup here: samcurry.net/hacking-clubwp…

Serious bugs often occur in third-party components integrated by other software. Ivan Fratric 💙💛 and I found this vulnerability in the Dolby Unified Decoder. It affects Android, iOS and Windows among other platforms, sometimes 0-click. project-zero.issues.chromium.org/issues/4280754…

A mini research I did about escalating an XSS using 414 and 431 server size limit errors, and how I escalated an XSS to account takeover using a Salesforce URL Limit Gadget on a Ecommerce website. Hope you enjoy it castilho.sh/scream-until-e…

Also, Cursor can also connect to Caido’s proxy on localhost via its embedded browser when a proxy is needed, just saying 👀. Here it used the proxy to solve a traversal sequence that had been stripped by a superfluous URL-decode from PortSwigger Labs. #BugBounty

With only 48 hours remaining in a bug bounty event, I used Hacktron AI CLI to perform large-scale analysis of several JDBC drivers. Netting $85,000 in total rewards. This write-up shows how AI-assisted vulnerability research is speeding up the work of researchers and leading to

HTML tag names must start with an ASCII letter. If they don’t… jsfiddle.net/4v6xksaf/ #xss

This is really cool writeup. Self-XSS + Login CSRF + SSO gadget to ATO Nice find Lauritz! security.lauritz-holtmann.de/post/xss-ato-g…

My team at bugcrowd is hiring an Application Security Engineer in India! Feel free to hit me up with questions, or apply directly at grnh.se/iws1uqjs1us #cybersecurity #hiring #bugcrowd

As soon as I saw this come across my feed, I had to throw something together quickly to make use of this, as it will be a major help during recon for bug bounty. Thanks The Hacker's Choice (@[email protected]) . Here is a simple python tool with a couple features that will use their API to help in your

Sharing my Burp Extension that earned me $200k in 2025 while API testing heavy JS-rich targets. github.com/jenish-sojitra… The tool helps find endpoints, files, internal emails, and some secrets from minified JS. Its goal is to achieve maximum efficiency with reduced noise in