A writeup of an exploit that leaked the email of any YouTube user has variously been described as “very inspiring”, “ well written” and “another example of why deprecated tools need to be disconnected or segregated to a sub platform with no sensitive data”. 💡 ‘Skull’, a Singapore-based hunter, netted a $10,000 Bug Bounty payout for his efforts. Also documented in a PoC video, the exploit chain was also praised by PortSwigger’s James Kettle, who loved “the use of a DoS flaw to make the attack stealthier!” 💀
The next writeup in our monthly research roundup – which is initially published as a LinkedIn newsletter – features a similarly large-scale target: a buffer over-read vulnerability in the Great Wall of China’s DNS injection subsystem. Documented by researchers from GFW Report, a censorship monitoring platform, the ‘Wallbleed’ bug “caused certain nation-wide censorship middleboxes to reveal up to 125 bytes of their memory when censoring a crafted DNS query”. The researchers used a novel side channel to monitor injector processes, reverse-engineered the injector’s parsing logic and assessed the leaked information’s impact on users, among other things. The research “afforded a rare insight into one of the Great Firewall’s well-known network attacks, namely DNS injection, in terms of its internal architecture and the censor’s operational behaviors,” wrote the research team. 🇨🇳
Superstitious readers might believe that important things happen in threes, so with that in mind we'll present a third security issue affecting a potentially colossal number of users, this time related to LTE/5G core infrastructure. Specifically, researchers from the Florida Institute for Cybersecurity Research discovered 119 vulnerabilities that could potentially have resulted in persistent denial of cell service to an entire metropolitan area or city. Moreover, asserted the researchers, some security flaws could have been abused to remotely compromise and access the cellular core. The researchers found vulnerabilities in all seven LTE implementations and all three 5G implementations that they tested. 📡
Hack-tips video roundup
The title ‘Burp Suite’s best feature – but no one uses it!’ is pure catnip to hackers given the popularity of Burp, but the strength of the content backs up the tantalising promise of the video title.Kicking off our inaugural roundup of advice videos from around the web (well, YouTube), this 15-minute tutorial demonstrates how to use this feature step-by-step on a target to accelerate your bug hunt. 🐛
In video #2, Ben ‘NahamSec’ Sadeghipour shares a “proven framework” for consistently finding high-impact bugs, one that is accumulating traffic and likes at a rapid clip. Among other insights, the legendary hacker and keynote speaker explains why relying on tools alone isn’t enough, how to choose targets wisely, and how to streamline your hacking workflow for maximum results. 💡
Finally, NahamSec also stars in this 17-minute tutorial by the UnixGuy channel, with host Ben R Truong turning to the hacker to help him outline a practical roadmap for aspiring bug bounty hunters in 2025. 🧐
“Brevity is the soul of wit,” said Polonius in Shakespeare’s Hamlet. This isn’t universally true, unfortunately, since we’ll conclude our roundup with a concise and humour-free bullet-point summary of other notable InfoSec content:
🔬Hacking high-profile Bug Bounty targets: deep dive into a client-side chain – research by Vitor Falcao
🔬Nginx/Apache path confusion to auth bypass in PAN-OS (CVE-2025-0108) – research by Adam Kues
🔬Hacking a software supply chain to achieve RCE on developers, pipelines and production servers for a $50k bounty – research by Roni ‘Lupin’ Carta and Snorlhax
🔬Shadow Repeater: AI-powered variation testing on Burp – Gareth Heyes unveils PortSwigger’s latest tool
🔬How to find more IDORs – bug-hunting advice from verylazytech
Hunter Q&A double header
As per usual, we’d humbly like to flag some of our content too. Bug Bounty hunters often alternate between feast and famine when it comes to unearthing vulnerabilities, says Italian hacker Leo in a new interview on our YouTube channel. Watch the video below to see Leo – hacker alias ‘Leorac’ – also reflect on the changes he’s witnessed in our digital ecosystem over the past 20 years, and offers some tips to up-and-coming hacking talents. 🇮🇹
It’s a double header for hunter interviews this month, with our second featured hacker, Gregxsunday, recounting his surprise about the impact of increasingly secure development practices on the number and discoverability of vulnerabilities out in the wild. For those unfamiliar with the Polish ethical hacker, he documents his impressive exploits on his hugely popular YouTube channel, Bug Bounty Reports Explained – it’s definitely work checking out. 🇵🇱
Like Gregxsunday, we try and do our bit to inspire and educate aspiring and inexperienced hunters. To this end, we’re publishing how-to guides to learning foundational hacking skills. Most recently this includes article #2 in our recon series, on subdomain enumeration, which explains various active and passive techniques, supported by examples performed on a real public Bug Bounty Program. We’ve also recently published an ultimate guide to cross-site scripting (XSS), which examines how to detect and exploit common variants of this pervasive bug type, from reflected to blind vulnerabilities. 🕵️
JSON CTF challenge
The current monthly Dojo CTF challenge, 'Hacker Profile', invites hunters to "use only JSON to build your hacker profile. The developer claims their application is fully secure. Prove them wrong by reading the flag.txt file on the server." The challenge is open for submissions until 17 April, with the three best writeups winning exclusive YesWeHack swag as usual.
In the fourth instalment of Talkie Pwnii, the eponymous Pwnii (aka pwnwithlove) revisits the previous monthly challenge, ‘Phishing’. She walks us through the solution, which involves mounting a homographic attack using punycode, as well as explaining why NodeJS’ VM module sandboxes aren’t as secure as they might seem. Kudos to the overall winners of the phishing challenge by the way: Sto, MerleSurLeToit and thepotata. Check out the best writeup here. 💪
The hunter community is making short work of our Hunter’s Bucket List targets, with only four items left to go. Congratulations to HakuPiku for unlocking the latest achievement, and winning himself a six-month voucher for Caido Pro and an exclusive swag pack, via an OS command injection report accepted on a public program. 🎁
Finally on the YesWeHack community front, congratulations to Xel for climbing into second place on our all-time leaderboard. The top two for 2025 so far precisely mirrors the all-time leaderboard (rabhi and Xel), while Xavoppa is a rising star in third (this hunter only joined YesWeHack in 2024), Noam is in fourth (all time #13) and Pocsir occupies fifth spot (al time #15). 🏆
Event horizon
Three upcoming events to highlight if you want to meet the YesWeHack team (and get some free swag!): InCyber Forum Europe (1-3 April; Lille, France); Black Hat Asia (3-4 April; Singapore) and RSA Conference 2025 ( 28 April and 1 May; San Francisco)
And that’s about it for this month… happy hacking! 👋
Read this monthly roundup of content aimed at ethical hackers even sooner by subscribing to Bug Bounty Bulletin.
Are you a CISO, other security professional or security-conscious dev? Check out our CISO-focused sister newsletter, CrowdSecWisdom – bringing you news, insights and inspiration around offensive security topics like Bug Bounty, vulnerability disclosure and management, pentest management and attack surface protection.