When Gregxsunday embarked on a career in offensive security he expected increasingly secure development practices to result in dwindling opportunities for Bug Bounty hunters.

How these expectations were confounded by the hacking community’s impressive creativity is among the topics covered during this interview with the Polish hacker and popular YouTuber and podcaster.

During our Q&A, Gregxsunday also reflects on the attractions that sparked and sustain his interest in Bug Bounty, why authentication bugs are a particular area of interest, his experiences using both Caido and Burp, his antidote to procrastination, and his hobbies beyond hacking.

gregxsunday – real name Grzegorz Niedziela – documents his exploits on his hugely popular YouTube channel, 

 (almost 64,00 subscribers and counting) and conducts his own interviews with his peers on a companion 

I got into web hacking through CTFs. I found out you can also make money while doing this. So I wanted to become a pentester, and I was successful with becoming a pentester.

I gained a lot of experience. But I knew Bug Bounty is something that I wanted to do in the long run. So always, even as a pentester, I learned from a lot of Bug Bounty reports, from write-ups, from disclosure reports, and from basically anywhere I [could] because I knew I wanted to become a Bug Bounty hunter one day.

And eventually, I quit my job. And for about three years now, I’ve been doing Bug Bounty and YouTube full-time.

On what he enjoys most about Bug Bounty…

I think it’s the challenge. Every once in a while, you find a functionality where you feel the potential of how bad it will be if something that you are trying works. And it’s just so addictive: feeling so close to discovering a critical vulnerability is incredibly addictive and it just keeps me going, keeps me willing to explore new ideas to eventually exploit a bug.

On his favourite types of vulnerability…

I’m really paying a lot of attention to authentication – specifically if it’s single sign-on or SAML-based flaws. I do really know a lot about these flaws. There are a lot of things that can go wrong, especially with OAuth.

This is definitely something that I started to pay more attention to last year. And a big part of my findings this year are authentication-related bugs.

I mostly just use proxy [tools]. I’m very much a manual hacker, so I do not rely a lot on tools.

I’ve been testing Caido and Burp this year, and I’ve been switching from one to another every single time. I even had a period when I used both of them: I just proxied the traffic through both Caido and Burp. And I’m still undecided on which one I want to use in the long run.

No matter which proxy I choose, I know that it’s good that they are now competing for the hackers’ market, because it just makes our proxy tools better and makes our hacking easier.

I expected that [the] Bug Bounty [market] would maybe become smaller with time, because the natural process I expected was that apps become more and more secure. But it’s not actually what we see.

I think we as hackers evolve quicker, and we develop new hacking techniques quicker than developers are able to create new processes and new frameworks that are secure by default. And whereas there are some bug classes getting fixed by something like SameSite cookies that fix a big part of CSRFs – we just come up with so many different attacks that… it’s something I’m surprised about.

With more time, we just find more bugs, more critical bugs – and luckily for us, [it results in] more bounties being paid by the programs.

Outside of hacking, I spend a lot of time doing sports. Different kinds of sports: I do jujitsu, I do some climbing, some calisthenics. I also like to travel around the world, especially when it’s winter and it gets cold in my home, in Poland. I like to travel to some warmer countries, like Spain or Argentina. But most of my days I work, then I go do some sports. And also, a lot of sports are these days the way for me to connect with my friends.

I think the most important thing is to not procrastinate, to start too late. The truth is that while advanced techniques are important, some people treat it as a way to procrastinate, and they think they must reach extremely high levels of web hacking skills to start Bug Bounty – which is not necessarily true, because equally important is just learning to discover a lot of functionalities of the app.

So for beginners: they should learn some basics of web security, but then they should start actual hunting fairly quickly and learn along the way. Because learning can be a great thing – everyone must learn, but it can also be a way of procrastinating.

Learn more about hunting through YesWeHack

, or learn about the latest hacking tools and techniques 

‘Feeling close to a critical vulnerability is incredibly addictive’ – YouTuber gregxsunday on the joys of Bug Bounty

AI is of course a mixed blessing for security

. ⚖️ The technology is simultaneously an accelerant for vulnerability discovery and a source of novel risks owing to its unpredictable behaviour and interactions with other components. On the positive side of the ledger, 

has publishing an outbound coordinated disclosure policy

 for disclosing vulnerabilities to third-parties because its models “have already uncovered zero-day vulnerabilities in third-party and open-source software, and we are taking this proactive step in anticipation of future discoveries”. ✅ 

15-year old ‘zombie’ path traversal vulnerability

being propagated not only by developers (inadvertently) “but also by LLMs trained on vulnerable code samples scoured from data sets derived from GitHub and Stack Overflow code”. 🧟 And while AI-powered security systems can accelerate “threat detection and response processes”, AI’s hallucination habit raises the spectre of unnecessary and expensive downtime if systems are taken offline because of fictional cyber-attacks, or AI systems recommending unwise security measures based on fabricated data – a topic 

We’re staying on AI for the next story in our latest roundup aimed at CISOs and security teams – and it still won’t be the last (for good or ill, it’s hard to avoid). Continuous security testing based on intended use cases is a must if organisations want to 

, according to Chatterbox Labs CTO Stuart Battersby, who was 

 recently alongside the AI risk company’s CEO, Danny Coleman, by 

.🔒 “So the first thing is to think about what is safe and secure for your use case," he explained. “And then what you have to do is not trust the rhetoric of either the model vendor or the guardrail vendor, because everyone will tell you it's super safe and secure.” When it comes to continuous testing of AI systems, by the way, we believe 

 (after all, Google, Meta, Microsoft, OpenAI and Anthropic all run AI Bug Bounty Programs). 🧠

Relatedly, Javier Castro, CTO of XDR and SIEM protection platform Wazuh, notes that only 42% of CISOs polled by Darktrace profess to have confidence in their AI deployment and truly understand how it fits with their security stack. 

, he warns that “many AI-powered solutions operate as 

, which goes against the grain of the open source, community-driven threat response the industry is now rightly moving toward”. He prescribes a unified, high-visibility approach, given that “fragmented tools with partial views and proprietary, closed-source alert logic only hinder cybersecurity efforts.”💡

“Gartner’s Hype Cycle emphasises the rising importance of 

continuous threat exposure management (CTEM)

, underscoring why red teaming must integrate fully into the DevSecOps lifecycle,” 

article on conducting AI red teaming and adversarial testing

. In our opinion, the increasing role of CTEM also advertises the benefits of consolidating findings from multiple testing mechanisms into a single, unified interface and 

integrating security testing with attack surface management

Two Congressional Democrats have demanded a review of the 

Common Vulnerabilities and Exposures (CVE) program

’s “efficiency and effectiveness” with the scheme limping on after an 11th hour reprieve from the Trump Administration’s swingeing cuts.💰 The pair have 

asked the Government Accountability Office

 to “conduct a study of the federal programs designed to support vulnerability management for discovered vulnerabilities and weaknesses in information technology systems.” As well as the “recent near-lapse of CISA’s contract supporting the CVE program”, they cited concerns over the fact that, “in early 2024, funding challenges at NIST resulted in a backlog of thousands of vulnerabilities” in the National Vulnerability Database (NVD). 📂 Funding challenges are a concern across the board for US cyber defences. President Trump’s nominee for National Cyber Director was recently 

Cybersecurity and Infrastructure Security Agency (CISA)

 and the risk entailed to critical infrastructure. And all this against the backdrop of a “

 in the United States” following American airstrikes against Iranian nuclear facilities.⚠️

, more evidence has emerged that the much-needed ‘

’ in software development is not running entirely smoothly. Devs are feeling overburdened by vulnerability overload, an AI-fuelled acceleration in development and challenges integrating tools, 

according to a survey by AI security firm Pynt

. The poll found that a quarter of developers felt overwhelmed by the sheer volume of vulnerabilities they were having to deal with, while more than a third considered false positives to be the biggest barrier to successfully ‘shifting left’. 🔄

Before we segue to our own recent output, here’s a few more stories that may pique your interest:

Ukraine war spurred infosec vet Mikko Hyppönen to pivot to drones

Vulnerability in Google's password-recovery page that allowed bruteforcing of users’ phone numbers nets researcher $5k bounty

Report: CISO scepticism is clouding CEO’s GenAI ambitions

‘Redefining Hacking’: Review of book on red teaming and Bug Bounty hunting in an AI-driven world

10 tough cybersecurity questions every CISO must answer

‘Valuable for frequently updated platforms’

“I’m consistently impressed by the depth of expertise among the hunters,” says the red team lead for one of our US-headquartered customers.💪 Dean Dunbar from 

 why Bug Bounty is a boon for DevSecOps environments, about a “game-changer” Gong hit upon when finetuning testing conditions, and the benefits of crowdsourced testing, especially compared to time-boxed pentests.⏱️ More than 4,500 companies worldwide leverage Gong’s platform to boost productivity, increase predictability and drive revenue growth.📈

Next up on our 2025 schedule is the grandaddy of hacker cons, Black Hat USA, where we’ll be debuting as exhibitors. If you’re attending the event, which takes place between 6-7 August in Las Vegas, swing by 

 to meet the YesWeHack team. They can walk you through our Bug Bounty and vulnerability management platform and explain how crowdsourced security is helping organisations uncover vulnerabilities at scale. We’ll also be giving away some super-cool swag and running a casino-themed ‘Hide and Seek’ CTF challenge. 👀

Read this monthly roundup even sooner by subscribing to 

 – our LinkedIn newsletter curating news, insights and inspiration around offensive security topics like Bug Bounty, vulnerability disclosure and management, pentest management and attack surface protection.

Are you a bug hunter or do you have an interest in ethical hacking? Check out our ethical hacking-focused sister newsletter, 

 – offering hunting advice, interviews with hunters and CTF-style challenges, among other things.

OpenAI VDP for bugs found by AI, CVE funding fears persist, ‘shift left’ towards vulnerability overload – OffSec roundup for CISOs

The mystery organisation providing the targets will, as usual, be unmasked immediately before the competition begins – all will be revealed at 10am this Saturday (28 June) at the 

What better way to build anticipation than resurfacing 

highlights from last year’s resoundingly successful live Bug Bounty

? The YesWeHack customer that provided the scopes – L’Oréal – hardly needs an introduction. Websites, APIs and mobile apps belonging to the iconic cosmetics and personal care brand were strengthened by the remediation of 71 vulnerabilities uncovered during an 18-hour bug hunt at LeHACK 2024. More than 100 hunters took part in pursuit of bounty rewards rising to a maximum of €5,000. 

Asked how L'Oréal had benefited from the event, Guillaume Kermarrec, in charge of the company’s Bug Bounty Program and threat and vulnerability management function, cited “meeting the security researchers, meeting the triage team, and working together to find and fix some complex vulnerabilities”. They also seized the opportunity to “test some new scopes with very specific configurations that couldn’t be added to our continuous program”.

To learn more about how the action unfolded, see the final podium and read feedback from participating hunters, check out our 

. The targets for LeHACK 2023, by the way, were provided by the

 French Red Cross and retail distribution giant Les Mousquetaires Group

, also filmed at leHACK 2024, Guillaume Kermarrec and Jean-Jacques Mallet, group cybersecurity director at L’Oréal, discussed L'Oréal’s security culture, the motivations for starting a Bug Bounty Program with YesWeHack, the benefits observed so far, how the program has evolved, and their advice for maximising your return on investments in crowdsourced security.

Any LeHACK attendees can join this year’s bug hunt at any point during proceedings.

The most obvious benefit of participating is the chance to win hundreds or thousands of euros for discovering valid vulnerabilities on the scopes. However, those who take part typically also enthuse about how much they value the opportunity to connect socially with their peers in the hacking community (as well as getting their hands on some exclusive YesWeHack swag!).

The bug hunt kicks off at 10am on 28 June. You can find the hunters, YesWeHack triage team and security team of the participating organisation in Le Loft at the Cité des Sciences et de l'Industrie, where LeHACK is taking place.

YesWeHack will also be fielding questions about our 

Bug Bounty and vulnerability management platform

, as well has giving out exclusive merch with some fresh designs, from booth 41.

If you’re unable to attend the conference, then you can still follow proceedings on 

. We’re taking you backstage from today as everyone gets ready for day one of LeHACK tomorrow!

If your appetite for in-person bug-hunting that is both competitive and collaborative is not sufficiently whetted, then you can also read about last year’s hacking event with 

 (CDC), a French public financial institution, as well as watch highlights from our live Bug Bounty with iconic fashion house Louis Vuitton (this was 

YesWeHack’s second ‘Hack Me I'm Famous’ event

As well as one later in the year with Argentinian bank Banco Galicia…

And finally, another event with Italian sweet-packaged food giant Ferrero:

Every single customer associated with the aforementioned hacking events declared themselves pleased with the outcome in terms of the vulnerabilities discovered and the security lessons learned by collaborating with our hunters. 

Find out more about how your organisation can 

benefit from holding live hacking events with YesWeHack

 to discuss how you can best leverage crowdsourced security testing to suit your testing goals and budgetary constraints.

Flashback to the L’Oréal Live Bug Bounty: Watch last year’s highlights as anticipation builds for leHACK 2025

 to hunt for vulnerabilities? Would you like to access your favourite Bug Bounty Programs from inside this popular AppSec auditing toolkit?

, a new plugin for effortlessly browsing YesWeHack hunting opportunities, monitoring your chosen programs, and adding or updating scopes as they evolve in real-time. This time-saving add-on streamlines your workflow so you can spend even more time hunting for bugs.

In this guide, we'll walk you through everything you need to know about YesWeCaido – including the benefits it brings, and how to install and use the plugin.

 tool used for web application security testing. This increasingly popular tool, which is written in Rust, intercepts HTTP traffic between your browser and target applications, allowing you to inspect, modify and replay requests in real time.

YesWeCaido is a plugin that allows Caido users to fetch 

 from YesWeHack and access their details from within a Caido instance. YesWeCaido is built on 

 server, which ensures that all program details remain up to date as policies evolve and scopes are added.

New or updated scopes, as well as (if required) User-Agents, can be added to your Caido Scopes interface with a click of your mouse.

You can install YesWeCaido from either the 

In Caido, navigate to the plugin page from the left-side panel

Locate the YesWeCaido plugin and click ‘INSTALL’

Download the latest plugin_package.zip file

Click ‘Install Package’ and select your downloaded plugin_package.zip file

YesWeCaido is easy to use and has a user-friendly interface. You can scroll through all YesWeHack Bug Bounty Programs, search for specific programs, and view program details and policies by clicking on the program card.

If you want to work on a particular scope, simple click ‘ADD’ and the scope will be automatically added to, or updated within, Caido's ‘Scopes’ interface. Adding a User-Agent is also a click away, should a given program require you to use one.

Whether you’re an experienced ethical hacker or just starting out as a bug hunter, integrating YesWeCaido with Caido is a smart, simple way to streamline your workflow and stay focused on what matters: finding vulnerabilities.

Installation is quick and easy, while the plugin’s intuitive interface makes it easy to explore hacking opportunities, track policy changes and fetch updated scopes or add new scopes that catch your eye.

 to save time and simplify your workflow!

YesWeCaido: a new Caido plugin for tracking Bug Bounty Programs 

We begin our latest security research roundup (also published as a 

”. Building on Paulos Yibelo’s recent 

, the researcher was enamoured of the hacking technique in part because he liked “using small browser features in creative combinations to make convincing ways of breaking security boundaries”, according to a 

 documenting his adventures exploring this terrain. The PoC that emerged leverages a fake Cloudflare Captcha and iconic video game Flappy Bird. 🐤

Thomas Stacey of Assured Security Consultants meanwhile has 

detailed some overlooked HTTP request tunnelling attacks

 that affect popular servers like IIS, Azure Front Door and AWS Application Load Balancer. He also promises an “innovative detection approach combining the single-packet attack method with established HTTP desync techniques”. His conclusion: “

Well done also to the researchers who managed to 

, the open source JavaScript implementation of the OpenPGP standard for message encryption and signing, by passing a maliciously modified message to openpgp.verify or openpgp.decrypt. 🔑 In a 

, Edoardo Geraci and Thomas Rinsma from Codean Labs said the critical vulnerability “means an attacker can use any previous valid signature made by a victim, and ‘replace’ the signed data with anything while the signature remains valid”. They also explained why “for messages that are signed and encrypted, the situation is even worse.” The flaw was remediated via the 

 of the vulnerability along with related open source bug-hunting opportunities. 🐞

Before we move onto our latest bug-hunting guides, Dojo news and leaderboard update, here’s a 

final roundup of interesting security research

 we’ve spotted over the course of the past month:

Eclipse on Next.js: Conditioned exploitation of an intended race-condition

How to pull off a near undetectable DDoS attack (and how to stop it)

 – BSidesSF presentation from Simon Wijckmans

Security issues found in pre-installed apps on Android smartphones

Poison everywhere: No output from your MCP server is safe

 – writeup by Simcha Kosman of CyberArk Labs

O2 VoLTE: locating any customer with a phone call

 is an uncomplicated, passive way to uncover misconfigured subdomains and exposed credentials within minutes. Our latest Bug Bounty recon guide is a beginner-friendly explainer for 

harnessing the power of Google's search function

Potentially exposing passwords and secret tokens, source code or internal endpoints, 

path traversal or arbitrary file read vulnerabilities

 can achieve significant impacts and Bug Bounty rewards. Should your knowledge of these flaws be less than comprehensive, you may therefore be interested then to 

learn some practical path traversal or arbitrary file read attacks

 to Dojo). 💎 Well done to khimluck4, P0pR0cK5 and duplicatesucks for the three best solutions submitted for ‘Ruby Treasure’. In the 

, the eponymous Pwnii discusses the solution to this challenge, whereby regex validation issue in Ruby – exploited via IO.read's ability to spawn subprocesses with specially crafted input – can lead to remote code execution (RCE). Our current monthly challenge is 

. Submit your solution by 4 July if you wish to be in contention for being among the three best writeups and thus winning exclusive swag. 🎁

Italian hacker drak3hft7 has been proverbially ‘on fire’ in recent months and has further burnished his credentials by climbing into the top three on YesWeHack’s 

 and other attributes, the hunter leverages the power of collaboration and chaining bugs to achieve his burgeoning success on our 

We’re fast approaching one of our biggest events of the year. Taking place in Paris between 27-29 June, 

event with a mystery target unveiled on-site. The marathon live hacking event will run from 10am on 28 June in ‘Le Loft’ and run until the early hours of the following morning. You can also find our team on booth 41 to talk Bug Bounty and of course add to your haul of merch. Finally, prizes will be up for grabs in relation to the successful completion of a CTF challenge crafted by our Tech Ambassador, BitK.🏆

That’s it for this month. Happy bug-hunting!👋

Read this monthly roundup of content aimed at ethical hackers even sooner by subscribing to 

Are you a CISO, other security professional or security-conscious dev? Check out our CISO-focused sister newsletter, 

 – bringing you news, insights and inspiration around offensive security topics like Bug Bounty, vulnerability disclosure and management, pentest management and attack surface protection.

Ultimate double-clickjacking exploit, novel HTTP/2 request tunnelling techniques, when encryption makes matters worse – ethical hacker news roundup

Bug Bounty Programs are a boon for DevSecOps environments, according to the red team lead for offensive security at Gong, the revenue AI company.

Reflecting on his experience overseeing Gong’s crowdsourced security testing, Dean Dunbar explains how 

 accommodates rapid release schedules, recounts how scoping challenges were surmounted, and marvels at bounty hunters’ skills, tools and “passion for security”.

 empowers everyone on a modern revenue team to improve productivity, increase predictability, and drive revenue growth by deeply understanding customers and business trends and driving impactful decisions and actions. The Gong Revenue AI Platform captures and contextualises customer interactions, surfaces insights and predictions, and powers actions and workflows that are essential for business success. More than 4,500 companies around the world rely on Gong to unlock their revenue potential.

How has your private Bug Bounty Program evolved so far?

 We launched our Bug Bounty Program with a focused scope, initially targeting critical areas for our clients and product.

As we saw the value hunters brought to the table, we expanded the scope and adjusted bounties to attract even more top talent. It’s been an evolving process, and each round of feedback helps us refine the program to make it more impactful.

What is the biggest challenge you have faced and how have you overcome it?

 Scoping has been a moving target. Historically, scoping for bug bounties a decade ago was working with simpler CIDR ranges, but modern ecosystems might include cloud providers and SaaS providers.

As Gong’s infrastructure grew, our Bug Bounty scope had to adapt to keep pace. YesWeHack has been instrumental in making scope management easy, helping us maximise coverage while clearly defining out-of-scope areas.

 for Bug Bounty researchers. YesWeHack has streamlined this with their credential pools, which allow researchers to access test credentials securely and efficiently.

This has been a game-changer, letting researchers dive deeper into testing our features without needing manual account setups. The credential portal is more secure than manual credential sharing.

What has most surprised you about Bug Bounty?

 I’m consistently impressed by the depth of expertise among the hunters. Over the last decade, I’ve seen submissions from specialists who notice vulnerabilities that automated tools or standard processes would miss.

It’s a powerful reminder of the unique value that fresh perspectives bring.

Browse interviews with YesWeHack customers operating in a variety of regions and industries

What are your plans or hopes for how your crowdsourced security testing operation will evolve in the coming months or years?

 Looking forward, we plan to broaden the scope to cover more features as they roll out, attracting new talent to the program.

We’re also focused on making it easier for developers to incorporate findings into their workflows, streamlining how vulnerabilities are addressed.

Why did you choose YesWeHack over other platforms?

 YesWeHack has been the right partner for us because they make Bug Bounty management, triaging and communication straightforward, which is essential as we scale.

As a fast-growing company, finding tools that grow with us and offer real value can be challenging. YesWeHack provides a comprehensive, cost-effective solution that lets us focus on getting the most out of our program.

What are the most significant benefits of Bug Bounty?

 One of the biggest benefits is that it gives us constant security coverage. Unlike periodic tests, it’s ongoing, so we’re always aware of emerging threats.

We also benefit from the diverse perspectives of security researchers around the world, many of whom specialise in unique or niche vulnerabilities.

In what ways is Bug Bounty distinct from pentesting?

Bug bounties are distinct from pentests in their scope and timing. A pentest is typically a time-boxed engagement that provides a snapshot of the application’s security at that moment.

A Bug Bounty, on the other hand, is ongoing and often involves many researchers with different skillsets. It lets us receive real-time feedback on our security as we release new features, rather than waiting for a scheduled test. This makes bug bounties especially valuable for fast-growing, frequently updated platforms like Gong.

What are the key factors for a successful Bug Bounty Program?

 Clear scopes and prompt response times are crucial. Hunters need to know exactly what’s in scope and what’s out, and they should receive quick, meaningful responses to their submissions.

Fair bounties and transparent communication build trust with hunters and motivate them to participate actively. It’s also important to have strong internal processes to handle triage and get findings to developers quickly so the vulnerabilities can be addressed efficiently.

Any advice for peers who are considering launching a Bug Bounty Program?

 I’d recommend starting with a private scope to understand the process without getting overwhelmed. Make sure you have resources dedicated to triaging and responding to submissions in a timely way, as this is key to maintaining hunter engagement.

Also, don’t rush to make it public right away – take time to refine your scope and process so it’s sustainable long-term. Finally, communicate clearly and openly with hunters to create a positive, collaborative experience for everyone involved.

 One of the best parts of managing a Bug Bounty program has been getting to know many of the 

These top performers operate at an incredibly high level. They’ve often developed their own custom asset management tools, which let them respond almost instantly when new vulnerabilities are announced.

It’s a reminder of just how dedicated and skilled this global community is – full of resourceful, creative people with a real passion for security. Working with them has been both inspiring and a great learning experience, and it’s reinforced the value that a strong Bug Bounty Program can bring to a company.

Is your security team managing a Bug Bounty Program yet? 

 to find out more about the benefits of crowdsourced security testing and how this model can be adapted to the specific needs of your organisation.

‘More efficient than a pentest and it generates trust’: TeamViewer’s Bug Bounty story so far

‘Valuable for fast-growing, frequently updated platforms’: Gong OffSec lead on the merits of continuous, crowdsourced security testing

“We still have not seen a single valid security report done with AI help,” was the unequivocal conclusion to a 

 by Daniel Stenberg, original author and lead of 

The YesWeHack Blog

‘Feeling close to a critical vulnerability is incredibly addictive’ – YouTuber gregxsunday on the joys of Bug Bounty

‘Feeling close to a critical vulnerability is incredibly addictive’ – YouTuber gregxsunday on the joys of Bug Bounty

OpenAI VDP for bugs found by AI, CVE funding fears persist, ‘shift left’ towards vulnerability overload – OffSec roundup for CISOs

Flashback to the L’Oréal Live Bug Bounty: Watch last year’s highlights as anticipation builds for leHACK 2025

‘Feeling close to a critical vulnerability is incredibly addictive’ – YouTuber gregxsunday on the joys of Bug Bounty

YesWeCaido: a new Caido plugin for tracking Bug Bounty Programs

Ultimate double-clickjacking exploit, novel HTTP/2 request tunnelling techniques, when encryption makes matters worse – ethical hacker news roundup

‘Valuable for fast-growing, frequently updated platforms’: Gong OffSec lead on the merits of continuous, crowdsourced security testing

YesWeCaido: a new Caido plugin for tracking Bug Bounty Programs

‘AI slop’ bug reports and outsourcing triage, OpenPGP.js signature-spoofing bug, race to combat zero-day exploits – OffSec roundup for CISOs

Recon Series #6: Excavating hidden artifacts with Wayback Machine and other web-archive tools

Critical signature-spoofing vulnerability in OpenPGP.js hits the headlines

‘AI slop’ bug reports and outsourcing triage, OpenPGP.js signature-spoofing bug, race to combat zero-day exploits – OffSec roundup for CISOs

Don't wait for threats to strike

Products

Researchers

Resources

Company

Follow us