TVThuriaanandh Vinthuriaanandh-sec.hashnode.dev·Jun 13 · 6 min readPath Traversal: 6 Labs, 6 Times I Was Wrong Before I Was RightI just finished all six Path Traversal labs on PortSwigger's Web Security Academy, going from Apprentice to Practitioner level. Going in, I thought path traversal was simple — just throw ../../../etc/00
RRenganathaninblog.rprotocols.com·Jun 12 · 6 min readHow a Misconfigured API Exposed Founder, Investor, and Employee Data at a Leading Venture Capital FirmA globally leading early-stage venture capital firm, known for backing high-growth technology and AI startups, was found exposing sensitive internal and ecosystem data through a misconfigured Algolia 00
JWJustin Waltersinexegy.today·May 12 · 4 min readThe Silence of the Gatekeepers: Why Selective Security is a Risk to Critical InfrastructureIn the world of high-frequency trading and live stock exchange data, security isn't just a feature—it is the foundation of market integrity. Yet, as exegy.today continues its investigation into the vu00
MBMouhamed Ben Abdallahinerinmin-writeups.hashnode.dev·May 12 · 8 min readUnprotected Admin FunctionalityPlatform: PortSwigger Web Security Academy Category: Access Control / Vertical Privilege Escalation Difficulty: Apprentice Tool(s): Browser only Date: 12/05/2026 Overview This lab demonstrates a ver00
MEMr Eliteinsecurityelites.hashnode.dev·May 2 · 5 min read2026 LLM Jailbreak Landscape📰 Originally published on Securityelites — AI Red Team Education — the canonical, fully-updated version of this article. The 2026 LLM Jailbreak Landscape — A Working Pentester’s Synthesis of Public Research By Lokesh Singh (Mr Elite) — Founder, Se...00
Oosint78inshemkar.hashnode.dev·Apr 26 · 6 min readOne Extra JSON Key: How a Harmless Profile Endpoint Became an ATO CandidateThe harmless profile endpoint that taught me how real bugs work Early in my bug bounty journey, I found a bug that looked simple from the outside, but it changed the way I think about web security. At00
BLBugmith Legendinbugmithresearch.hashnode.dev·Apr 26 · 7 min readCI4MS Full-chain stored DOM XSS -> 50+ injection points -> full application compromiseINTRODUCTION This research presents a full 0day XSS discovery and exploitation walkthrough conducted on the CI4MS application. The focus of this study is not a single XSS instance, but how a recurring00
CC9labinc9lab.hashnode.dev·Apr 20 · 5 min readHow to Increase Bug Bounty Impact with Fuzzing techniquesThis model has proven effective in uncovering critical security gaps early. At the same time, bug bounty hunting has become increasingly competitive. Today, multiple researchers often test the same ap00
WWiz-Zeroinbugmithresearch.hashnode.dev·Apr 1 · 7 min readFrom android reverse engineering to identifying secrets, broken access control and API vulnerabilities:A Mobile APK Vulnerability Chain in a private program: Client: redacted Method: Static analysis Severity: High to critical Findings: 5 Executive Summary: This write-up details a multi-stage vulnerabil10
OOnryoinvibefix.hashnode.dev·Mar 27 · 4 min readWhy Vibe Coders Need Bug BountiesLast week a founder DMed me on Twitter. He'd spent the entire weekend building a SaaS with Lovable. Dashboard, auth, payments, the whole thing. By Sunday night he had something that actually worked. M00
