How to find SSTI, cache poisoning, business logic vulnerabilities: methodology tips from top Bug Bounty huntersLire plus ->
Why ‘HTTP/1.1 must die’, Intel exploits, C# Random hack with no maths – ethical hacker news roundupLire plus ->
Nonce CSP bypass using disk cache, ‘quiet side channel’ for request smuggling, Amazon Q and the malicious pull request – ethical hacker news roundupLire plus ->
‘I have the patience to spend long hours hacking through the night’: g4mb4 on his Bug Bounty career so farLire plus ->
Nonce CSP bypass using disk cache, ‘quiet side channel’ for request smuggling, Amazon Q and the malicious pull request – ethical hacker news roundupLire plus ->
‘The most challenging part is the psychological one’ – leorac on the ups and downs of Bug Bounty huntingLire plus ->
Chunked-body parsing flaws, making self-XSS great again, using HTTP redirect loops to achieve non-blind SSRFs – ethical hacker news roundupLire plus ->
‘Feeling close to a critical vulnerability is incredibly addictive’ – YouTuber gregxsunday on the joys of Bug BountyLire plus ->
‘The most challenging part is the psychological one’ – leorac on the ups and downs of Bug Bounty huntingLire plus ->
Flashback to the L’Oréal Live Bug Bounty: Watch last year’s highlights as anticipation builds for leHACK 2025Lire plus ->
Ultimate double-clickjacking exploit, novel HTTP/2 request tunnelling techniques, when encryption makes matters worse – ethical hacker news roundupLire plus ->
Flashback to the L’Oréal Live Bug Bounty: Watch last year’s highlights as anticipation builds for leHACK 2025Lire plus ->
