#bugbounty

5d ago · 6 min read · 4 months ago, I decided to become a hacker. 3 months later, I was writing reports for some of the biggest platforms out there. But the hardest part wasn't finding bugs. Hey, how are you? Six years ago

Join discussion

RRuyynnruyynn.hashnode.dev

0

🚀 I Built an OSINT Tool to Automate Recon Across 100+ Platforms

6d ago · 2 min read · Hey everyone 👋 Lately, I've been diving deeper into OSINT (Open Source Intelligence) and reconnaissance techniques — and one thing kept bothering me... Most tools are either: Too complicated Too fr

Join discussion

MBMokshan Basurumokshan.hashnode.dev

0

Bypassing safeMode: A Journey from JSONP to Stored XSS

Mar 26 · 4 min read · In modern web security, we often rely on client-side flags to toggle security features. But.... If attacker can reach into the global window object and flip those switches what happens? In this post,

Join discussion

SMSyarif Muhammad Sajjadbountyproofs.com

0

CVE-2025-14812: Zero-Click Address Bar Spoofing in Arc Browser iOS

Mar 25 · 4 min read · Assalamualaikum, my name is Syarif Muhammad Sajjad, also known as syarif07 on HackerOne. In this writeup, I’ll walk through one of my findings that was assigned CVE-2025-14812, a high-severity vulnera

Join discussion

SSSakshi Singhthinksecure.hashnode.dev

0

How Hackers Actually Find Vulnerabilities: Reconnaissance & Scanning

Mar 23 · 6 min read · In Part 1, I followed a packet from my browser to a server.In Part 2, I understood where networks become vulnerable. Everything started making sense. But one question kept bothering me: How do attacke

Join discussion

PPrincevrox.hashnode.dev

0

I built a programming language on Android. No laptop.

Mar 22 · 2 min read · Hey Coders & bug bounty hunters 👋🏻. A few months ago I started learning bug bounty hunting with nothing but an Android phone and Termux. While learning I got frustrated that Python needed too many i

Join discussion

Ttheblxckcicadablog.ovawatch.co.za

0

My First High-Severity Bug: Chaining Open Redirect and DOM XSS into Account Takeover

Mar 21 · 2 min read · This was my first ever valid bug bounty report through a VDP, and it got marked High severity. It was also not a duplicate, so for me this was a huge win. One thing I had heard a lot in bug bounty is

Join discussion

BDBolaji Daniel - D4N0thisisd4n0.hashnode.dev

0

Code4rena - First contest (olas)

Mar 18 · 5 min read · Code4rena – First Contest (OLAS) - The Olas contest on Code4rena was my first contest of the year. Introduction At the start of 2026, I set a clear goal for myself: to take Web3 security seriously and

Join discussion

AAnirudhblog.redtrib3.in

0

JWT misconfiguration leads to zero-click account takeover and PII exposure

Mar 9 · 5 min read · Recently I came across a relatively lesser known bug bounty platform and decided to hunt on it. While testing the program, I discovered that its JWT-based authentication could be manipulated to gain u

Join discussion

AAbolFazlmp7y0.hashnode.dev

0

From Client Regex to Server Bug: We Hunted CORS and CSRF

Feb 27 · 4 min read · Introduction CORS misconfigurations are everywhere. But spotting the real ones takes more than payloads — it takes understanding the trust model hidden beneath the surface. This is a short story of ho

Join discussion

Tag feed

Tag feed

#bugbounty

Trending tags this week

It Started with F12

🚀 I Built an OSINT Tool to Automate Recon Across 100+ Platforms

Bypassing safeMode: A Journey from JSONP to Stored XSS

CVE-2025-14812: Zero-Click Address Bar Spoofing in Arc Browser iOS

How Hackers Actually Find Vulnerabilities: Reconnaissance & Scanning

I built a programming language on Android. No laptop.

My First High-Severity Bug: Chaining Open Redirect and DOM XSS into Account Takeover

Code4rena - First contest (olas)

JWT misconfiguration leads to zero-click account takeover and PII exposure

From Client Regex to Server Bug: We Hunted CORS and CSRF

#bugbounty

Search Hashnode

#bugbounty

Trending tags this week

It Started with F12

🚀 I Built an OSINT Tool to Automate Recon Across 100+ Platforms

Bypassing safeMode: A Journey from JSONP to Stored XSS

CVE-2025-14812: Zero-Click Address Bar Spoofing in Arc Browser iOS

How Hackers Actually Find Vulnerabilities: Reconnaissance & Scanning

I built a programming language on Android. No laptop.

My First High-Severity Bug: Chaining Open Redirect and DOM XSS into Account Takeover

Code4rena - First contest (olas)

JWT misconfiguration leads to zero-click account takeover and PII exposure

From Client Regex to Server Bug: We Hunted CORS and CSRF