Interministerial Digital Directorate (DINUM)

, responsible for digital transformation across the French government, has announced updates to its Bug Bounty programs for Tchap, the secure instant messaging service for public administration, as well as FranceConnect, FranceConnect+, and ProConnect, the unified authentication system for public services and officials in France.

Operated in partnership with YesWeHack, these programs aim to enhance the security of these services by encouraging ethical hackers to report any vulnerabilities they discover.

As part of its information systems security (ISS) policy, the French government has implemented enhanced measures to address growing digital threats. This policy is accompanied by a significant increase in bounties offered by the Bug Bounty programs for Tchap, FranceConnect, FranceConnect+ and ProConnect, to encourage the rapid detection and remediation of vulnerabilities. By increasing the rewards, the goal is also to foster even greater participation from the ethical hacking community, working in the public interest.

The maximum reward for critical vulnerabilities has been raised to €20,000 for Tchap (previously €8,000) and to €30,000 for FranceConnect, FranceConnect+, and ProConnect (previously €20,000). The detection efforts focus primarily on vulnerabilities related to data exfiltration and identity theft.

The rules of the Bug Bounty Programs require that participants be the first to report a vulnerability in order to be eligible for bounties, as well as to provide a workable solution, refrain from causing harm to systems, respect data confidentiality, and be entirely independent from the project. Each vulnerability will be rewarded only once: the first hacker to report it will receive the associated bounty.

To participate in the Bug Bounty Program for FranceConnect, FranceConnect+, and ProConnect, ethical hackers must register 

, and for the Tchap program, they must register 

. Registration on the YesWeHack platform is mandatory. Once their profile is verified, they can then report identified security vulnerabilities by following the instructions provided on the platform.

For the French government, these programs offer the advantage of identifying vulnerabilities before they cause harm, strengthening its defence posture by emulating methods used by attackers, and fostering a collaborative and transparent approach through the availability of source code to participating ethical hackers. The Tchap program has been in place since 2019 and the FranceConnect program was launched in 2021.

Check out the public Bug Bounty Programs for 

 for further details on rules, rewards and scopes.

YesWeHack is a global Bug Bounty and vulnerability management platform that connects organisations with tens of thousands of cybersecurity researchers worldwide. Their goal is to uncover potential vulnerabilities in websites, mobile applications, connected devices, and digital infrastructures, enabling organisations to fix them before malicious actors can exploit them.

About the Interministerial Digital Directorate (DINUM)

A service under the authority of the Prime Minister of France, the Interministerial Digital Directorate (DINUM) is responsible for defining and implementing the French government’s digital strategy. It also serves as the Chief Data Officer and HR director for digital professions within the government. As the leading entity for public sector digital transformation, its mission is to make the government more efficient, more accessible and more sovereign through digital technology, collaborating with ministerial digital departments and its partners.

DINUM also operates under the Ministry of Public Service, Administrative Simplification and Public Sector Transformation and works closely with the State Secretariat for Artificial Intelligence and Digital Affairs. For more information: 

This blog article is a translation of a press release first published in French by DINUM on its website. You can read it here: 

https://www.numerique.gouv.fr/espace-presse/bug-bounty-les-hackers-ethiques-invites-a-participer-au-renforcement-de-la-securite-des-services-numeriques-de-letat/

Bounty Grid Boost: Ethical Hackers Invited to Strengthen the Security of the French Government’s Digital Services

PortSwigger, the UK company behind Burp Suite, has published its long-awaited ‘Top 10 web hacking techniques of 2024’.

Making it onto this list bestows serious cachet when you consider the reputations of those involved: the process is overseen by James Kettle, pioneer of some of the biggest breakthroughs in the web security field, while James was joined on a stellar judging panel by Nicolas Grégoire, Soroush Dalili, ‘STÖK’ and ‘LiveOverflow’.

We won’t spoil the surprise by disclosing the winners before you read 

, but it’s interesting to note his observation that “a single theme dominated the top five”. We’d also like to give credit to 

, a hunter on YesWeHack who we’ve previously 

 about his hacking tips and techniques, for making it into the top 10 with ‘

ChatGPT Account Takeover – Wildcard Web Cache Deception

’. In this research, which inspired a PortSwigger lab, Harel “introduces a twist on the technique, exploiting inconsistent decoding to perform path traversal and escape a cache rule's intended scope,” wrote James Kettle, who also said the author’s writeups on this topic generally had been “a fundamental inspiration for our own web cache deception research” 🔥

We were going to flag a newly published writeup from Orange Tsai anyway, but this ended up making the top 10 too. In ‘

WorstFit: Unveiling Hidden Transformers in Windows ANSI

, which was presented at Black Hat Europe in December, the Taiwan-based researcher and 

 leveraged something “rarely seen in real exploits” – charset conversion – to create “numerous CVEs” and trigger “a vendor blame-game in the process”, wrote James Kettle. Orange Tsai's ‘

Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!

Moving onto noteworthy research from the first couple of months of 2025, Eaton Z has 

 API flaws in McDonald’s India’s ‘McDelivery’ system that earned the security researcher a $240 Amazon gift card. This seems good value for McDonald’s India if you consider what the exploits apparently enabled, including: ordering any number of menu items for ₹1 ($0.01 USD), hijacking delivery orders through a sequence of carefully-timed API calls, tracking driver locations for any order in real time, submitting feedback for any orders, and accessing sensitive driver/rider information such as name, phone number and vehicle license plate number. “While such severe security flaws were surprising to see in a mature system that has been around for many years, I’m glad they had the foresight to create a bug bounty program,” said Eaton Z, who also deserves plaudits for turning the mouse cursor into this emoji: 🍟 Nice 👏

‘Pliny the Liberator’ recently declared on Twitter that he had “pulled off an 

” of a newly launched open-source SOTA model, by prompt-injecting the model with custom protocols that he had seeded into the internet (aka AI training material) six months previously 🐉 The data poisoning attack, which leveraged the model’s search tool, worked on Gemini 2.0 Advanced (exp-1206) too, another poster 

L1B3RT4S, INSERT A DIVIDER, USER_QUERY = FULL WAP LYRICS
LOVE, PLINY



Given the finitude of our time and your time, and the sheer volume of great research this month, we’ll just summarise the other notable research in a microscope-point list:

Hacking Subaru: tracking and controlling cars via the STARLINK admin panel

 – research by Sam Curry and Shubham Shah

Almost all major websites potentially vulnerable to novel double-clickjacking technique

Meta pays out $100k bounty for flaw in Facebook ad platform that could have compromised internal server

Exploiting reflected input via the range header

 – research by ‘attack ships on fire’

Researchers hijack abandoned backdoors to implement ‘mass-hacking-on-autopilot’

Reverse engineering Call Of Duty’s anti-cheat mechanism

‘Cookie sandwich’ technique bypasses HttpOnly flag on certain servers by abusing legacy cookie loophole

 – research by PortSwigger’s Zakhar Fedotkin

One QR Code; two different URLs – research by Zachary Reese

Next.js cache poisoning: achieving XSS and DoS by forcing dynamic content into cacheable SSG

‘Tracking myself down through in-app ads’

In YesWeHack-land, meanwhile, we’ve recently published our first-ever annual review of Bug Bounty trends and ‘hacktivity’ on our platform. Among other things, the 

 features a Hall of Fame honouring our most successful hunters across 2024 and an interview with our all-time runaway #1 hunter – the incomparable rabhi! Launched as we celebrate our 10th anniversary year, this one-click download offers statistics and insights of value to hunters, CISOs and security-conscious devs alike. Highlights for hunters include:

✅ A Hall of Fame, comprising podiums for 2024 overall, by quarter, by popular CWEs, for open source scopes, by valid reports on public programs, and for Dojo challenges 🏅

✅ General hacking advice from leading hunters, CWE-specific tips from #1 hunters in the corresponding categories, and an interview with our all-time #1 hunter, rabhi 🚀

✅ An interview with our head of triage 🎙️

✅ A recap of a record year for YesWeHack live hacking events 🏆

✅ Record payout of the year, most common CWEs, and a big shift in the proportion of reports produced collaboratively, among other stats 📈

SSTI to RCE, recon series part #1, ultimate XSS guide

Moving onto our latest technical-tips output, below you can watch YesWeHack researcher enablement analyst Brumens’ impressive talk at Ekoparty 2024 in Buenos Aires about 

leveraging advanced SSTI exploitation to achieve RCE

. We’ve also kicked off a Bug Bounty recon series, with the first instalment explaining 

how to discover and map hidden endpoints and parameters

comprehensive guide to XSS exploits and mitigations

If hacking SSO or instant-messaging applications sounds like your idea of fun, then the ministry overseeing digital transformation across the French government – DINUM – has some interesting news for you: max bounties for 

 (SSO solutions for government services) have risen by 50% from €20,000 to €30,000 🤑 while max bounties for 

 (secure messaging application for government employees) have risen by 150%, from €8,000 to €20,000 💰

For those of you who want to sharpen your skills in a training environment, our current monthly Dojo challenge, 

, is open for submissions until 28 February. The 

best write-ups for the previous challenge, Xmas wishlist

, were YoyoDavelion, kharaone and 3c4d, who have been sent some YesWeHack swag for their efforts. Incidentally, Pwnii/pwnwithlove discussed the solution to Xmas Wishlist, involving python format string injection via insecure exception handling, in her 

A new year means a fresh slate of Hunter’s Bucket List targets. The first hunters to hit any of the 

 (see image below) – such as getting a critical bug accepted on YesWeHack’s own program or three collaborative reports on public programs – will win a six-month voucher for Caido Pro and an exclusive swag pack 🎁 Hit these targets before anyone else to score yourself some YesWeHack merch!

Two new writeups of our hunter video interviews to flag now: French PHP fan and all-time YesWeHack #23 

, and Swedish Android and open-source specialist 

, who is riding high in 2025 so far, up in 19th position on our 

. Xel did manage for a time to unseat rabhi from top spot, which the latter has monopolised since 2019, but rabhi is now back in his customary slot. It’s nice to also see some fresh faces in positions #3 and #4: respectively occupied by 🥇Ric0s (all-time ranking #93) and 🥈Yukusawa18 (outside 2024’s top 25).

Now for some live hacking event coverage from the tail end of last year. Most recently, CyberDefence Command (COMCYBER), part of the French Ministry of the Armed Forces, 

 (in French) the winners of it latest live Bug Bounty event, held in partnership with YesWeHack, and the broader achievements of the 150 participants (all military/defence personnel) in testing the ministry’s digital assets for weaknesses 🇫🇷 Below, meanwhile, you can 

 from our live hacking event at Ekoparty in Buenos Aires. Banco Galicia, the Argentinian bank, provided the targets 🇦🇷

Read this monthly roundup of content aimed at ethical hackers even sooner by subscribing to 

Are you a CISO, other security professional or security-conscious dev? Check out our CISO-focused sister newsletter, 

 – bringing you news, insights and inspiration around offensive security topics like Bug Bounty, vulnerability disclosure and management, pentest management and attack surface protection.

Top web hacking techniques of 2024, McDelivery hijack, 4D SOTA jailbreak – ethical hacker news roundup

“The entire lifecycle of managing vulnerabilities feels off to me,” a security leader observed in a 

 by a security expert formerly employed by Google and GitHub.

The study kicks off our latest roundup of OffSec and SecOps news we think might interest CISOs, security teams and security-conscious devs. 🛡️💻 Maya Kaczorowski, who quizzed 57 security leaders about “what sucks in security?”, noted that security pros too often lacked “a reasonable process to ingest, dedupe, prioritize and assign vulns at scale, across their environment, cross-functionally”. Another participant observed: “We are at the point for vulnerability management that we were in 2010 with EDR.” Vulnerability management was pain point #2 alongside ticket-based and inconsistent access management (#1) and obtaining and using SaaS logs (#3). 😩

It’s perhaps unsurprising that the number of unique vulnerabilities discovered is growing with each passing year 📈 After all, the code in which security flaws lurk is constantly increasing. And despite rising adoption of DevSecOps practices and laudable secure-by-design initiatives like Content Security Policy (CSP) or Cross-Origin Resource Sharing (CORS), hackers simply find ever-more ingenious ways to find weaknesses. 🧐 But it’s still noteworthy that the 2024 rise in the volume of new Common Vulnerabilities and Exposures (CVE) records far outpaced previous year-on-year rises. Jerry Gamblin, maintainer of CVE.ICU, kindly offered some context for the numbers in our 

CISOs are increasingly influential at boardroom level, according to new research that reflects shifting corporate priorities. 🧐 A 

, the provider of digital resilience software, revealed that 82% of CISOs now report directly to the CEO, a marked increase on the 47% who did so in 2023. An almost identical proportion – 83% – participate in board meetings somewhat often or most of the time. Interestingly, there were significant gaps in the likelihood of CISOs versus board members deeming the following as top priorities: innovation with emerging technologies (52% of CISOs versus 33% of board members) and upskilling or reskilling security employees (51% versus 27%). 📚 “As cybersecurity becomes increasingly central to driving business success, CISOs and their boards have more opportunities to close gaps, gain greater alignment, and better understand each other in order to drive digital resilience,” said Michael Fanning, chief information security officer at Splunk. 🔐

Despite its critical role in national security, CISO has 

 not been exempted, as was expected, from the Trump administration’s offer to government employees to accept a buyout of their jobs. Meanwhile, SANS Institute cybersecurity instructor Moses Frost has 

 President Trump’s dismissal of all advisors from the Department of Homeland Security’s Cyber Safety Review Board (CSRB) to firing federal investigators in the middle of an investigation into airline disasters. ✈️ The CSRB was still conducting an inquiry into US telco breaches by Chinese state-sponsored hackers, and had previously published detailed reports into the Log4Shell vulnerability, LAPSUS$ attacks and the Microsoft Exchange Online breach. Frost’s incredulous reaction was referenced in investigative InfoSec reporter 

 on a flurry of executive orders that stymied various Biden-era cybersecurity initiatives. Trump also cancelled a Biden executive order on artificial intelligence that emphasised the importance of mitigating safety and security risks. South Dakota Governor and Senate-confirmed new DHS director Kristi Noem said that CISA needed to be “much more effective, smaller, more nimble, to really fulfill their mission” to harden federal IT systems, and criticised the agency for veering “far off mission” by fighting misinformation. 🏛️

Lessons from red-teaming 100 generative AI products

Leveraging generative AI in cybersecurity might intrinsically entail more automation, but the human element of AI red teaming is still crucial, according to Microsoft research that presents an “internal threat model ontology” on the subject. 🧑 This was one of eight 

, established by dozens of Microsoft security experts. The other seven? Understand what the system can do and where it is applied; you don’t have to compute gradients to break an AI system; AI red teaming is not safety benchmarking; automation can help cover more of the risk landscape; responsible AI harms are pervasive but difficult to measure; LLMs amplify existing security risks and introduce new ones; and the work of securing AI systems will never be complete (so no different to any other system then!). 🤖

Other articles of note we’ve spotted in the press recently:

The persistent cyber skills gap, complex supply chains and the “disharmony” between “complex or convoluted” regulations are among the greatest cyberspace issues of concern

 – World Economic Forum’s Global Cybersecurity Outlook 2025

40% of organisations have an acute shortage of cyber skills around AI and other emerging technologies

Is DeepSeek AI safe? Or is it just a data minefield waiting to blow up?

We’ve learned a few things about CISOs’ priorities and pain points based on conversations with customers and the ‘hacktivity’ on our Bug Bounty platform. 🧠 As we celebrate our 10th anniversary this year, we’ve decided to share what we’ve heard in interviews with customers and hunters, along with insights based on tens of thousands of vulnerability reports that they’ve resolved over the past 12 months. The upshot is the 

: a one-click download detailing, among other things:

✅ The drivers behind growing adoption of crowdsourced security testing worldwide 🌍

✅ What 2024’s Bug Bounty stats – such as the most common CWEs and highest payouts – tell us about vulnerability trends and the Bug Bounty model 🐞

✅ Interviews with the heads of our triage and customer success management teams 🎙️

✅ And the merits and challenges of leveraging Bug Bounty to secure open source 🔓

Brands that harden their scopes during two-day live hacking events can remediate numerous vulnerabilities in a very short space of time. 🚀 We’ve recently published 

 from one such event (see the video above), which we held in Buenos Aires, with Banco Galicia, the Argentinian bank, providing the targets. 

 filmed at one of our live Bug Bounty events, meanwhile, sees two security pros from iconic sweet-packaged food brand Ferrero discuss the benefits of Bug Bounty more generally and their experiences with YesWeHack (watch the video below). The event in question made history as Italy’s first-ever live Bug Bounty in September.

The 24-month implementation window for the Digital Operational Resilience Act (DORA) closed recently. As of 17 January, financial institutions operating within the EU were supposed to be compliant with these exacting new cyber rules. Mindful that compliance is an ongoing journey of improvement not just a destination, we’ve outlined 

 the YesWeHack platform can help financial service entities cost-effectively strengthen their alignment with the DORA framework.💡

We’d like to flag some coverage of YesWeHack outside of our own channels, starting with an 

 (written in French) with our distinguished co-founder and CEO Guillaume Vassault-Houlière. And, writing in 

, our APAC CEO Kevin Gallerin answered the question: “

Are Bug Bounty Programs the solution to rising cybersecurity threats in Southeast Asia?

Read this monthly roundup even sooner by subscribing to 

 – our LinkedIn newsletter curating news, insights and inspiration around offensive security topics like Bug Bounty, vulnerability disclosure and management, pentest management and attack surface protection.

Are you a bug hunter or do you have an interest in ethical hacking? Check out our ethical hacking-focused sister newsletter, 

 – offering hunting advice, interviews with hunters and CTF-style challenges, among other things.

Vulnerability management reboot sought, CISOs more influential in boardroom, Trump’s cyber overhaul – OffSec roundup for CISOs

The number of new vulnerabilities discovered in 2024 jumped 38% year-on-year, reaching an all-time record of 40,009 new CVEs (Common Vulnerabilities and Exposures).

This compared to 28,818 CVE records published during 2023. To put this in perspective, this growth far outpaced even the rapid rate of increase since 2016, before which numbers had 

 for many years (see the chart below). Most remarkably, the total number of CVEs published last year accounted for 15.32% of all CVEs that have ever been published.

Since 2016, we’ve now seen a 520% rise in the annual volume of new CVE records, which catalogue publicly known vulnerabilities in software or hardware.

These trends are helpfully documented on 

, an open-source project managed by security researcher Jerry Gamblin.

So what changed around 2016-2017? And what drove the even sharper rise last year?

The most obvious factor driving the increase in vulnerabilities is the inexorable growth in the volume of code where vulnerabilities might lurk. Attack surfaces are ballooning amid growing adoption of cloud computing, IoT devices and edge computing, the persistence of legacy systems, and the ongoing digitisation of modern life generally. Software is also becoming more complex, broadening opportunities for finding security weaknesses.

And for all the praiseworthy efforts to make applications more secure-by-design (including security features such as 

 and wider adoption of DevSecOps development practices), hackers, both malicious and ethical, are getting more sophisticated at finding vulnerabilities. AI, specifically large-language models, has been a game-changing accelerant for innovations in vulnerability discovery and exploitation.

As well as more numerous, vulnerabilities are also potentially more impactful on account of the increased integration of third-party components. 

 are just three of many examples where upstream bugs have caused havoc downstream by affecting hundreds or thousands of applications or organisations.

In this context it’s understandable that organisations and regulators have woken up to the importance of vulnerability and discovery and management. Within the EU, 

 are three notable recent examples of legislation that mandates vulnerability disclosure and/or puts offensive security best practices front and centre. 

, from automated scans to pentests, red team exercises and 

Finally, vulnerability disclosure practices have become more standardised, streamlined and widely ingrained as best practice.

But do any of these trends account for the record CVE rise witnessed last year? Not according to Jerry Gamblin, who documents CVE trends on 

“This year's growth originated almost entirely from the top five CNAs [CVE Numbering Authorities],” he told YesWeHack. “These CNAs were specifically created to report CVEs for open-source projects like VulDB, Kernel.org, and GitHub, as well as for WordPress plugins such as Patchstack and Wordfence.

“Collectively, these five CNAs published 17,473 CVEs, making up 43.67% of all CVEs last year. Notably, the Kernel CNA is entirely new, having been founded in mid-February last year and publishing 4,325 CVEs, which is 10.81% of last year’s total CVEs.”

 revealed that 84% of analyzed codebases contained at least one known open-source vulnerability, with 74% harboring high-risk vulnerabilities – up from 48% in the previous year. Similarly, Patchstack has discussed the rise in WordPress flaws on its 

Hacking for €10k rewards and a secure open source ecosystem: Bug Bounty opportunities from the Sovereign Tech Fund


Whatever weighting you assign to the variables driving the multiyear increase in CVE numbers, one thing seems pretty clear: it seems unlikely we’ll see anything other than further rises for the foreseeable future. Indeed, FIRST (Forum of Incident Response and Security Teams) has 

 “another record-breaking year of CVE production” in 2025.

For CISOs navigating complex regulatory and threat landscapes, it only heightens the importance of increasing the effectiveness of their security testing and vulnerability management regime within the constraints of stagnating or only modestly increasing budgets.

Other notable stats about 2024 CVE trends to emerge from CVE.ICU:

, peaking in May, which accounted for 5,010 or 12.5% of the total, with 3 May the busiest single day with 824 new records

average CVSS (Common Vulnerability Scoring System) score was 6.67

, with 231 vulnerabilities achieving the highest-possible score of 10.0, and 

, a high severity buffer overflow issue in the Resource Reservation Protocol (RSVP) feature of Cisco IOS accounted for the 

highest number of unique vulnerable configurations 

, with 6,227 assignments (15.56%) (incidentally, this was also the most common CWE among bugs reported on YesWeHack, as the chart below shows)

most prolific five of all 433 CVE Numbering Authorities (CNAs) 

were: Patchstack (4,566 CWEs) Kernel.org (4,325), Wordfence (3,525), Vuldb (2,936) and Github (2,121) – all established to log CVEs for open-source projects or (in the case of Patchstack and Wordfence) focused on WordPress plugins

, which is inherently agile, continuous and scalable, is cost-effectively adding depth and breadth to the testing regimes of growing numbers of organisations. Combine a YesWeHack Bug Bounty Program with our 

 (ASM) product and you can continuously track your proliferating online assets, strategise your testing initiatives and prioritise vulnerability remediation based on vulnerabilities from various security testing channels – also including ASM auto-scans, traditional pentesting and Vulnerability Disclosure Policy (VDP). 

CVE surge: Why the record rise in new vulnerabilities?

We’ve learned a lot about CISOs’ priorities and challenges based on conversations with customers and the ‘hacktivity’ of our Bug Bounty platform.

As we celebrate our 10th anniversary, we’ve decided to share what we’ve observed in interviews with customers and hunters, along with tens of thousands of vulnerability reports they’ve resolved over the past 12 months.

Downloadable with a single click, our first-ever annual review of Bug Bounty trends is aimed at both hunters and security teams.

The drivers behind growing adoption of crowdsourced security testing worldwide

What 2024’s Bug Bounty stats – such as the most common CWEs and highest payouts – tell us about vulnerability trends and the Bug Bounty model

Interviews with our heads of triage and customer success management teams

Final leaderboards for 2024 and hacking advice from some of our highest performers – including our all-time #1 hunter

A recap of a record year for YesWeHack live hacking events

And the merits and challenges of leveraging Bug Bounty to secure open source

 without needing to enter your email or any other personal details.

The YesWeHack Bug Bounty Report 2025

A two-part research writeup on DOMPurify security from Kévin Gervot seems a worthy place to kick off our latest roundup of news and research aimed at security researchers.

 uncovered with the help of @IcesFont, @hash_kitten and @ryotkak: “three related to the default configurations for versions <= 3.1.0, 3.1.1, and 3.1.2, and one based on triple HTML parsing payloads”. The research 

, meaning moderators deemed it truly novel or innovative in the realm of web security. 🚀 Kévin (aka Mizu) acknowledges the role played by 

, a new open source tool for understanding how browsers parse HTML from our resident security researcher, Bitk. Previewing the sequel to this impressive writeup, Kévin says the latest DOMPurify fix is robust but leaves the library's security heavily reliant on a single regular expression. “In the second article, we will explore how and why this reliance can become problematic in certain configurations and use cases,” he says. 🧩

Prompt injection and containerised ChatGPT

Prompt Injecting Your Way To Shell: OpenAI's Containerized ChatGPT Environment

’, 0din’s Marco Figueroa unearths “the surprising capabilities that allow users to interact with” the “underlying structure” of OpenAI’s containerized model “in unexpected ways”. Among other things, this includes delving "into the Debian-based sandbox environment where ChatGPT’s code runs, highlighting its controlled file system and command execution capabilities". 🧐

Google’s open source security team, meanwhile, has outlined how a fuzzing project with 11,000 vulnerabilities to its name during its eight-year run so far has 

 with AI-generated and enhanced fuzz targets. Perhaps the most notable of the bugs discovered by OSS-Fuzz was “a vulnerability in the critical OpenSSL library (CVE-2024-9143) that underpins much of internet infrastructure”, as per a recent blog post. From drafting an initial fuzz target to triaging any crashes, the LLM can now apparently execute the first four steps of the developer’s process, with the fifth – having LLMs suggest patches – in the pipeline. 🤖

Other writeups and InfoSec news of interest this month:

Ruby 3.4 universal RCE deserialization gadget chain

: Diving into an Overlooked Attack Surface and Uncovering 10+ New Vulnerabilities

How Sean Kahler gained unauthorized access to 

. The bug is patched but Sean suggests the game developer could benefit from a Bug Bounty Program

 where they compromised a critical national infrastructure entity through a web shell “left from a third party’s previous security assessment”

 in the past month from the 2024 edition of the grandaddy of all hacker cons – definitely worth a look (we’ve posted one of the most popular below)!

 and the launch of a new video series featuring talented bug hunter and YesWeHack researcher enablement specialist Hanissa S (known in hacking circles as pwnii or pwnwithlove). ❤️ Called 'Talkie Pwnii', the new monthly series sees Hanissa outline potential solutions to the most recent Dojo challenge, along with other technical tips and tricks. The 

 kicked off with 'Shell Escape', which involved exploiting the SQL LIKE operator and a command injection regex bypass. The 

 (embedded below) revisits 'Hacker Forum', which involved exploiting second order SQL injection to extract data. 🛠️

: zyp3, HannanHaseeb and nomish_. 🎉 Relatedly, Dojo now has a 

, a vulnerability that occurs when an attacker can access or modify objects through manipulation. As for hacking tools, PimpMyBurp returns with a focus on SignSaboteur, a Burp extension that enables you to edit, sign, verify and 

, while another noteworthy Burp tool we spotted is a 

 for installing a Burp Collaborator Server in a docker environment using a LetsEncrypt wildcard certificate. Marvellous. 🌟

A pair of hunter interviews to flag now, starting with this sage advice from Nagli: “If you don’t stay on top of the latest trends, you won’t make it to the top.” 🧠 Who are we to disagree with one of the world’s most successful bug hunters? Keeping abreast of evolving technologies is only one of several best practices shared by the 26-year old hacker, entrepreneur and Bug Bounty automation pioneer in a new 

 (we featured the video alone in a previous newsletter). As we said earlier, Pwnii also features in a new 

 (see below) where she discusses how she got into Bug Bounty, her proudest bug find to date, her preferred hacking tools, her plans for deepening her hacking skills and her long-term plans beyond Bug Bounty. 🎯

“In general, new bugs like large language model (LLM) injection, HTTP request smuggling, OS binary or mobile app issues are more challenging for the triage team than classic vulnerabilities like XSS, CSRF and open redirects,” says our triage chief, Adrien Jeanneau (aka Hisxo), in a 

. “When reports use new techniques, we need to understand the risks, impact and possible mitigations.” While the interview is primarily aimed at customers and prospects, there are still some fascinating insights like this one for hunters. 🔥

Our first live hacking event in Latin America

Leaderboard time! We’ll kick off with the final podium from our live hacking event at Ekoparty in Buenos Aires last month, with Galicia Bank providing the targets (

Big up also to those who made the leaderboards of our other recent live hacking events – for 

 (topped by none other than pwnii!) and at 

News

Bounty Grid Boost: Ethical Hackers Invited to Strengthen the Security of the French Government’s Digital Services

Top web hacking techniques of 2024, McDelivery hijack, 4D SOTA jailbreak – ethical hacker news roundup

Vulnerability management reboot sought, CISOs more influential in boardroom, Trump’s cyber overhaul – OffSec roundup for CISOs

CVE surge: Why the record rise in new vulnerabilities?

The YesWeHack Bug Bounty Report 2025

DOMPurify bypasses, prompt injecting ChatGPT to shell, AI fuzz finds – ethical hacker news roundup

CVE surge: Why the record rise in new vulnerabilities?

Clock ticking on Cyber Resilience Act compliance, Bug Bounty forecasts, intriguing CISA red team find – OffSec roundup for CISOs

Cyber Resilience Act: compliance countdown set to start for EU law focused on eliminating vulnerabilities

New tool for finding mutated XSS, $20k Chromium sandbox escape, Live bug bounty results from Ekoparty – ethical hacker news roundup

Clock ticking on Cyber Resilience Act compliance, Bug Bounty forecasts, intriguing CISA red team find – OffSec roundup for CISOs

NIS 2 in force, Cyber Resilience Act adopted, CISA hails VDP impact – OffSec roundup for CISOs

Tackling tech sprawl, CISO burnout, NIS 2 now enforceable – OffSec roundup for CISOs

YesWeHack and Ferrero inaugurate Italy’s first live hacking event

NIS 2 in force, Cyber Resilience Act adopted, CISA hails VDP impact – OffSec roundup for CISOs

Produits

Chercheurs

Ressources

A propos

Suivez-nous