Community

Signature spoofing OpenPGP

Critical signature-spoofing vulnerability in OpenPGP.js hits the headlines

GitHub screenshot

‘Airborne’ AirPlay attacks, netting $64k from deleted files, triaging AI slop – ethical hacker news roundup

Vulnerabilities affecting middleware

Middleware mayhem, Zoolander banter PoC, Malta to pardon hackers over ‘unfair’ charges – ethical hacker news roundup

YouTube email leak exploit, Great ‘Wallbleed’ of China, Burp’s overlooked ‘best feature’ – ethical hacker news roundup

Trophy for the top web hacking techniques of 2024

Top web hacking techniques of 2024, McDelivery hijack, 4D SOTA jailbreak – ethical hacker news roundup

pwnii (aka pwnwithlove), the star of this YesWeHack hunter interview, is pictured and quoted saying: “Don’t forget that a duplicate bug is a valid bug”

‘There are a lot of vulnerabilities on public programs’: pwnii’s Bug Bounty journey so far

A YesWeHack hunter interview with Bug Bounty hacker Blaklis, pictured, who talks about being “a bit of a Cro-Magnon in the way I hack”

‘Hacking is essentially about curiosity’: Blaklis on the art and science of Bug Bounty hunting

HTML code on a PC monitor to illustrate DOMPurify bypasses on an ethical hacker news roundup

DOMPurify bypasses, prompt injecting ChatGPT to shell, AI fuzz finds – ethical hacker news roundup

YesWeHack Bug bounty hunter interview: Drak3hft7 aka Simone Paganessi, who says “soft skills are as important as technical skills”

‘My best attribute is persistence – technical skills you can learn’: drak3hft7’s Bug Bounty story so far

Ethical hacker Nagli holds microphone during hunter interview with YesWeHack, in which he says: “When you’re a hacker you have some superpowers.”

‘Collaboration helped me become successful’: Nagli on becoming a world-renowned Bug Bounty hunter

XSS and bug bounty

New tool for finding mutated XSS, $20k Chromium sandbox escape, Live bug bounty results from Ekoparty – ethical hacker news roundup

YesWeHack vulnerability triage chief Adrien Jeanneau on the art of triaging bug bounty vulnerability reports in this YesWeHack interview

‘Happy hunters equal happy customers and vice versa’: YesWeHack vulnerability triage chief Adrien Jeanneau on creating a virtuous Bug Bounty circle