bug-bounty

553 articles

sort: new top best

bug-bounty553 xss288 rce169 google122 bragging-post120 exploit108 account-takeover100 open-source91 microsoft88 facebook84 privilege-escalation81 csrf80 cve76 authentication-bypass75 malware74 stored-xss72 access-control65 ai-agents63 writeup62 reflected-xss61 ssrf54 web-security53 input-validation53 sql-injection49 cross-site-scripting48 phishing47 smart-contract46 tool46 ethereum45 defi45 privacy44 web-application43 apple42 cloudflare41 browser39 dos39 information-disclosure39 web338 lfi37 llm37 responsible-disclosure37 burp-suite35 api-security35 opinion35 vulnerability-disclosure34 oauth34 reverse-engineering34 automation34 supply-chain32 idor32

0 4/10

⚡ Automating Web Security Testing with OWASP ZAP A Beginner-Friendly Guide for Bug Bounty…

tutorial

A beginner-focused guide on using OWASP ZAP to automate web application security testing for bug bounty hunting.

owasp-zap web-security-testing automation bug-bounty tutorial beginner-friendly

OWASP ZAP Ghostyjoe

medium.com · ghostyjoe · 3 days ago · details

The Web3 IDOR: Leaving the Bank Vault Wide Open

vulnerability

bug-bounty idor web3

hunterx461.medium.com · Tabrez Mukadam · 3 days ago · details

Web Security Series #1 — Exploiting Authentication Using a Brute-Force Attack

bug-bounty

medium.com · Laibakashif · 3 days ago · details

How to Choose a Smart Contract Auditor: A Guide for Web3 Protocols

bug-bounty

bug-bounty web3

medium.com · Abraham · 3 days ago · details

Hacking with permission: the rules that make it ethical

bug-bounty

intigriti.com · Eleanor Barlow · 3 days ago · details

Intigriti collaborates with PortSwigger to support ethical hacking excellence

bug-bounty

intigriti.com · Eleanor Barlow · 4 days ago · details

Fixing request smuggling vulnerabilities in Pingora OSS deployments

vulnerability

bug-bounty cache-poisoning cloudflare cve exploit node request-smuggling

CVE-2026-2833 CVE-2026-2835 CVE-2026-2836

blog.cloudflare.com · Edward Wang · 6 days ago · details

Intigriti launches new global Hacker Ambassador Program

bug-bounty

intigriti.com · Eleanor Barlow · 11 days ago · details

Avira: Deserialize, Delete and Escalate - The Proper Way to Use an AV

vulnerability

bug-bounty cve deserialization dos exploit microsoft pentest privilege-escalation race-condition writeup

CVE-2026-27748 CVE-2026-27749 CVE-2026-27750

blog.quarkslab.com · Lucas Laise · 12 days ago · details

Python pitfalls: Turning developer mistakes into vulnerabilities

vulnerability

bug-bounty ctf cve exploit lfi rce writeup

CVE-2025-57403 CVE-2025-6278

yeswehack.com · bugbountydaily · 16 days ago · details

vinext: Vibe-Hacking Cloudflare's Vibe-Coded Next.js Replacement

vulnerability

auth-bypass bug-bounty cache-poisoning cloudflare dos exploit info-disclosure lfi open-redirect race-condition rce react ssrf

hacktron.ai · bugbountydaily · 16 days ago · details

From curiosity to critical bugs: Interview with Marc-Oliver Munz (c1phy)

bug-bounty

intigriti.com · Eleanor Barlow · 17 days ago · details

From curiosity to critical bugs: Interview with Marc-Oliver Munz (c1phy)

bug-bounty

intigriti.com · Eleanor Barlow · 17 days ago · details

Total.js RCE gadgets all around

vulnerability

bug-bounty cve node prototype-pollution rce supply-chain

CVE-2020-28495 CVE-2021-23344 CVE-2021-31760

lab.ctbb.show · bugbountydaily · 20 days ago · details

Intigriti Bug Bytes #233 - February 2026 🚀

vulnerability

bug-bounty ctf kubernetes race-condition rce web3

intigriti.com · Ayoub · 23 days ago · details

How to use AI for improved vulnerability report writing

bug-bounty

intigriti.com · Ayoub · 26 days ago · details

Chaining in action: techniques, terminology, and real-world impact on business

authentication

bug-bounty privilege-escalation

intigriti.com · Eleanor Barlow · 27 days ago · details

Naming and shaming: How ransomware groups tighten the screws on victims

authentication

account-takeover bug-bounty exploit info-disclosure malware phishing supply-chain

welivesecurity.com · welivesecurity · 1 month ago · details

Most Security Programs Test a Fraction of Their Applications. That Changes Today.

threat

bug-bounty cloud malware pentest

bishopfox.com · bishopfox · 1 month ago · details

Azure DevOps Agent Interception

vulnerability

bug-bounty jwt microsoft oauth race-condition rce

lab.ctbb.show · bugbountydaily · 1 month ago · details

A CTF-Style XSS Chain in the Wild: DOM Clobbering, Gadgets, and CSP Bypass

vulnerability

browser bug-bounty cloudflare csp-bypass ctf exploit google xss

blog.antoniusblock.net · bugbountydaily · 1 month ago · details

Draft of a night walk: the diagnosis of a researcher’s quest for success

bug-bounty

zhero-web-sec.github.io · bugbountydaily · 1 month ago · details

UofTCTF 2026 - Pasteboard Writeup - ⸜(｡˃ ᵕ ˂ )⸝⚑

vulnerability

aws browser bug-bounty cors ctf exploit facebook google rce ssrf writeup xss

estse.github.io · bugbountydaily · 1 month ago · details

Hijacking Netflix SMS

threat

bug-bounty malware phishing

sijan.dev · bugbountydaily · 2 months ago · details

Intigriti December XSS Challenge (1225) | Jorian Woltjer

vulnerability

bug-bounty ctf exploit postmessage xss

jorianwoltjer.com · bugbountydaily · 2 months ago · details

React2Shell Deep Dive: CVE-2025-55182 Exploit Mechanics | Wiz Blog

vulnerability

aws bug-bounty cve deserialization docker exploit kubernetes malware node privilege-escalation rce react

CVE-2021-4034 CVE-2025-55182

wiz.io · bugbountydaily · 3 months ago · details

Stopping Redirects

vulnerability

browser bug-bounty cloudflare exploit facebook oauth postmessage xss

lab.ctbb.show · bugbountydaily · 3 months ago · details

Vega CVE-2025-59840 - Unusual XSS Technique toString gadget chains

vulnerability

bug-bounty cve exploit writeup xss

CVE-2025-59840

lab.ctbb.show · bugbountydaily · 3 months ago · details

Write Path Traversal to a RCE Art Department

vulnerability

bug-bounty cve exploit lfi rce ssti

CVE-2014-0130

lab.ctbb.show · bugbountydaily · 3 months ago · details

Who Needs a Blind XSS? Server-Side CSV Injection

vulnerability

browser bug-bounty google xss

hx01.me · bugbountydaily · 3 months ago · details