Community

pwnii (aka pwnwithlove), the star of this YesWeHack hunter interview, is pictured and quoted saying: “Don’t forget that a duplicate bug is a valid bug”

‘There are a lot of vulnerabilities on public programs’: pwnii’s Bug Bounty journey so far

A YesWeHack hunter interview with Bug Bounty hacker Blaklis, pictured, who talks about being “a bit of a Cro-Magnon in the way I hack”

‘Hacking is essentially about curiosity’: Blaklis on the art and science of Bug Bounty hunting

HTML code on a PC monitor to illustrate DOMPurify bypasses on an ethical hacker news roundup

DOMPurify bypasses, prompt injecting ChatGPT to shell, AI fuzz finds – ethical hacker news roundup

YesWeHack Bug bounty hunter interview: Drak3hft7 aka Simone Paganessi, who says “soft skills are as important as technical skills”

‘My best attribute is persistence – technical skills you can learn’: drak3hft7’s Bug Bounty story so far

Ethical hacker Nagli holds microphone during hunter interview with YesWeHack, in which he says: “When you’re a hacker you have some superpowers.”

‘Collaboration helped me become successful’: Nagli on becoming a world-renowned Bug Bounty hunter

XSS and bug bounty

New tool for finding mutated XSS, $20k Chromium sandbox escape, Live bug bounty results from Ekoparty – ethical hacker news roundup

YesWeHack vulnerability triage chief Adrien Jeanneau on the art of triaging bug bounty vulnerability reports in this YesWeHack interview

‘Happy hunters equal happy customers and vice versa’: YesWeHack vulnerability triage chief Adrien Jeanneau on creating a virtuous Bug Bounty circle

Ethical hacker HakuPiku talks on camera to YesWeHack about his Bug Bounty career and his preference for hacking Android apps and open-source code

‘I like Android apps and open-source code’: HakuPiku on Bug Bounty, CTFs and his favourite targets

Web timing attacks, Apache HTTP confusion attacks, email parsing discrepancies – ethical hacker news roundup

Hacking for €10k rewards and a secure open source ecosystem: Bug Bounty opportunities from the Sovereign Tech Fund

ORM leaks, CSRF is alive, lockpicking lessons – ethical hacker news roundup

Sam Curry modem masterclass, PHP threat to Windows Servers, Calls for AI safety Bug Bounties – ethical hacker news roundup