Welcome to Disclosed.
Hey there! Insane things happening at work, BIG news to share soon.
I’ve been getting ready for some international travel as we kick off new Live Hacking Events at HackerOne and I’m excited to be visiting both Europe and Asia later this month. Because of this, posts may be a tad inconsistent this month but I’ll do my best to get stuff out to you.
I’ve also been spending a little time hacking on some AI-related scope for the first time and I’m really enjoying it. Found a few bugs already, and some pretty sweet Account Takeovers. Anybody interested in write-ups from me on those?
Anyway, let’s dive in.
In This Issue
Rankings at TeamViewer Live Hacking Event [🔗 Tweet]
by YesWeHack
Nullcon Berlin 2025 Live Bug Bounty concluded with 39 reported bugs, including critical issues like path traversal, access control flaws, business logic errors, and LLM prompt injection. The top three winners were Aituglo (@aituglo) in 1st place, yassine_eal (@yassine_eal) in 2nd, and CMD - Constantin (@CMD_0_0) in 3rd.
Read the full tweet →
That’s a wrap on our #LiveHackingEvent with @TeamViewer at #NullconBerlin2025! 🎉
Congrats to all the amazing bug hunters who participated – and a special shoutout to our winners:
🥇 @aituglo
🥈 @CMD_0_0
🥉 @yassine_eal
🩸 First Blood: @XelBounty & @Noam_Hamnich
💥 Biggest— #YesWeHack ⠵ (#@yeswehack)
3:51 PM • Sep 5, 2025
Bugcrowd Launches Hacker Showdown: The Mind Cathedral [🔗 Blog]
by Bugcrowd
Bugcrowd has kicked off its 2nd annual Hacker Showdown, themed The Mind Cathedral, where teams of 2–3 hackers compete across two rounds for a $30K grand prize and exclusive swag. Points are earned through valid, non-duplicate submissions (P1–P3), with the top 8 teams advancing after the first round, and applications closing on September 19, 2025.
Read more →
Prompt. Scan. Exploit - Ai's Journey Through Zero-Days And A Thousand Bugs [🎥 Video]
by @BugBountyDEFCON
Two security researchers, Joel Noguera and Diego Jurado, recap how their AI-driven hacking system evolved from solving CTF-style labs to real-world bug bounties—achieving top HackerOne rankings in 2025, reporting ~1,600 vulnerabilities, and earning $150k with notable finds like XSS/XXE/RCE in major platforms. They detail the shift from DockerHub CVE hunting to black-box bounty targets, using an agent manager, strict scope/validation controls, target scoring and deduplication, and “alloy” (multi-model) LLMs—plus cost and scan-tuning lessons—to help others integrate AI into practical security workflows.
Watch video →
Exploiting ChatGPT to Access Private Email Data [🔗 Tweet]
by Eito Miyamura
This tweet exposes a method to leverage ChatGPT's new features to access and leak private email data using a victim's email address, highlighting significant concerns regarding user data security.
Read the full thread →
We got ChatGPT to leak your private email data 💀💀
All you need? The victim's email address. ⛓️💥🚩📧
On Wednesday, @OpenAI added full support for MCP (Model Context Protocol) tools in ChatGPT. Allowing ChatGPT to connect and read your Gmail, Calendar, Sharepoint, Notion,
— #Eito Miyamura | 🇯🇵🇬🇧 (#@Eito_Miyamura)
4:35 PM • Sep 12, 2025
Have something you want to Spotlight? Tell me.
PortSwigger Partners with HackerOne for Milestone Rewards [🔗 Blog]
by PortSwigger x HackerOne
PortSwigger announces their collaboration with HackerOne to introduce the Hacker Milestone Rewards Program, incentivizing contributions to bug bounty programs.
Read the full blog →
Caido Launches Discounted Pricing for Indian Hackers [🔗 Tweet]
by Caido
Caido has reduced pricing for individual plans in India, making it more accessible for local hackers to participate in bug bounty activities.
Read the full thread →
We’re expanding localized pricing to India! 🇮🇳
Individual plan prices drop by nearly 65%:
💸 Monthly: ~1,750 INR → 625 INR
💸 Yearly: ~17,500 INR → 6,250 INRKnow a hacker in India who’s been waiting? Tag them. 👇
— #Caido (#@CaidoIO)
2:00 AM • Sep 9, 2025
Glass Firewall Conference for Women in Cybersecurity Returns [🔗 Tweet]
by HackerOne
The Glass Firewall Conference, a complimentary event for women in cybersecurity, is set to return on October 20, 2025, featuring hands-on workshops and panel discussions.
Read the full thread →
Breaking barriers. Building connections. Elevating future leaders.
The Glass Firewall Conference returns Oct 20, 2025 🎉
🚀 Free event for women in cybersecurity
🔐 Hands-on workshops + panels
🌐 Hosted by Capital One, GitHub, Salesforce & HackerOneJoin us 👉
— #HackerOne (#@Hacker0x01)
5:32 PM • Sep 9, 2025
New Scope on Zoom’s Bug Bounty Program [🔗 Tweet]
by Roy Davis
An updated list of features available for testing in the Zoom bug bounty program has been shared, encouraging researchers to engage with the initiative.
Read the full thread →
Hey @Zoom #BugBounty researchers! Want an updated list of new stuff to test? Take a look at
— #Roy Davis (#@Hack_All_Things)
12:38 AM • Sep 9, 2025
YesWeHack Acquires French Cybersecurity Specialist Sekost [🔗 Tweet]
by YesWeHack
YesWeHack has completed its first-ever acquisition, purchasing French cybersecurity audit specialist Sekost, marking a strategic move to expand offerings for SMEs and strengthen its international reach.
🚀 Big news: we’re making our first acquisition! Welcome Sekost 🤝
Together, we’ll protect organisations of all sizes in an ever-changing digital world! We can’t wait to start this new chapter together!
👉 Read the full press release here: yeswehack.com/news/yeswehack…
— #YesWeHack ⠵ (#@yeswehack)
6:00 AM • Sep 9, 2025
New Public Bug Bounty: Sportradar’s VAIX API [🔗 Tweet]
by Bugcrowd
Bugcrowd has announced a new public program for Sportradar’s VAIX API, which powers AI-driven wagers and bets in the iGaming industry. Hackers are invited to test this unique attack surface, uncover vulnerabilities, and help secure the platform.
Read the full thread →
📢 PSA: there’s a brand-new target with your name on it!
@Sportradar's VAIX bug bounty just went public. Their AI powers wagers and bets in iGaming, creating a unique surface for you to explore. This is your chance to dig into the VAIX API and find vulnerabilities.
Hackers,
— #bugcrowd (#@Bugcrowd)
1:14 PM • Sep 10, 2025
Did I miss an important update? Tell me.
Nuclei Template for CVE-2024-46982 Next.js Web Cache Poisoning [🔗 Tweet]
by Nuclei by ProjectDiscovery
This tweet announces a new bug bounty issue for CVE-2024-46982, concerning a web cache poisoning vulnerability in Next.js and provides a link to the details.
Read the full thread →
🚨 New Templates Bounty Issue 💰
CVE-2024-46982 - Next.js - Web Cache Poisoning 💰 👾
Issue:
#bugbounty #NucleiTemplates #cve #opensource
— #Nuclei by ProjectDiscovery (#@pdnuclei)
2:00 AM • Sep 11, 2025
Automated WHOIS Search Tool for Attack Surface Expansion [🔗 Tweet]
by Profundis.io
A new WHOIS search tool enables users to search across over 100 million domains, streamlining the discovery of related assets and connections without manual effort.
Read the full thread →
New WHOIS search is live! 🔍
Search across 100M+ domains to uncover hidden connections and related assets. Perfect for expanding your attack surface on large programs.
No more manual WHOIS lookups - let the data come to you.
Premium plans only: profundis.io— #Profundis.io (#@profundisio)
6:33 PM • Sep 9, 2025
jxscout Enhances Next.js Support with New Features [🔗 Tweet]
by Francisco Neves
The latest release of jxscout automates detection of build manifests and lazy-loaded chunks for Next.js, alongside usability improvements in VSCode.
Read the full thread →
🚀 New release of jxscout is out
jxscout will now automatically find _buildManifest.js and discover lazy loaded chunks for Next.js applications (thanks @bebiksior for the help and suggestion)
improved UX with realtime updates in VSCode
📝Changelog: jxscout.app/changelog#cli-…
— #Francisco Neves (#@fneves97)
10:56 AM • Aug 31, 2025
ParamSpider: Mining URLs from dark corners of Web Archives [📁 Tool]
by devanshbatham
ParamSpider extracts URLs from the Wayback Machine archives, filtering out less relevant results to focus on more significant links. It’s essential for bug hunting, enabling exploration of hidden or forgotten URLs that may pose vulnerabilities. The repository includes installation instructions and usage examples to aid penetration testing.
View the tool →
Have a favorite tool? Tell me.
Meta’s $111,750 Bug: Chaining Path Traversal to RCE [📝 Writeup]
by Abhishek meena
The blog details a critical vulnerability in Facebook Messenger for Windows, highlighting the exploitation of both path traversal and DLL hijacking to achieve remote code execution. Key insights stress the need for robust client-side validation.
Read more →
WAF Bypass SSRF: A Unique Way of Reading Internal Files. [📝 Writeup]
by Basavaraj Banakar
This blog outlines a novel approach for exploiting SSRF vulnerabilities while bypassing WAF, including a real-world scenario to access sensitive internal files. Emphasizing proactive security assessments, it calls for a focus on the risks posed by SSRF vulnerabilities.
Read more →
How two dollars and one zip file let me read the server files - Bergee's Stories on Bug Hunting [📝 Writeup]
by @_bergee_
This blog recounts the discovery of an arbitrary file read vulnerability via a zip symlink attack, yielding content from the server’s /etc/passwd file. The author discusses investment in features that facilitate deeper testing and reflects on the importance of prompt reporting.
Read more →
$1,000 Critical Bug: Unauthorized Access Leading to Support Admin Panel Takeover [📝 Writeup]
by V3D
This write-up details a critical vulnerability discovered in a private bug bounty program, highlighting a method for unauthorized access to sensitive support documentation. The author shares steps for reproducing the exploit and discusses the payout process, underscoring the importance of proper communication with bug bounty programs.
Read more →
How a Weak State Parameter Led to Full Integration Hijack [📝 Writeup]
by @yassenAlsayed1
The write-up focuses on an OAuth misconfiguration that allowed account hijacking through a predictable state parameter. The author covers specific exploitation steps and the broader implications for developers and managers, calling attention to the need for secure integration practices.
Read more →
How I Discovered a PII Leak in a Developer Platform [📝 Writeup]
by Medusa
This post shares the author’s experience in identifying an Excessive Data Exposure vulnerability in a developer platform's API. It provides practical methods for utilizing tools like Burp Suite for data leak assessments.
Read more →
Did I miss an important update? Tell me.
The Desync Endgame with James Kettle [🎙️ Podcast]
by Critical Thinking Bug Bounty Podcast
This episode features James Kettle of PortSwigger, exploring his groundbreaking research on request smuggling, cache poisoning, and desync vulnerabilities. He shares insights on methodology, avoiding burnout, and how AI and curiosity fuel long-term security research.
Watch video →
AWS S3 Bucket Hacking Explained (Bug Bounty Hunters Must Watch) [🎥 Video]
by Medusa
This video covers AWS S3 bucket misconfigurations, demonstrating how ethical hackers can identify vulnerabilities through precise commands and best practices.
Watch video →
Why Do We Reject Some Vulnerability Submissions? (Bug Bounty Basics) [🎥 Video]
by Wordfence
This video explains the common reasons behind vulnerability submission rejections in bug bounty programs, offering insights for researchers.
Watch video →
El Mago x YesWeHack #3: Live Recon on ATG Bug Bounty Program [🎥 Video]
by YesWeHack
In this episode of Hacking Nights, El Mago returns for a collaboration with YesWeHack, exploring live reconnaissance strategies (in Spanish).
Watch video →
Exploiting CVE-2025-4123: Grafana SSRF and Account Takeover Explained [🎥 Video]
by Alvaro Balada
This video provides a detailed explanation of exploiting CVE-2025-4123, a complex open redirect leading to SSRF and account takeover.
Watch Video →
Five Essential Linux Commands for Bug Bounty Recon [🎥 Video]
by Ben Sadeghipour (Nahamsec)
This video walks through five powerful Linux commands—like curl, xargs, grep, and jq—that streamline recon and exploitation for bug bounty hunting. It shows how combining these basics into custom workflows can filter data, manipulate requests, and save hours during recon.
Watch video →
Did I miss something? Tell me.
The Bug Bounty guide to exploiting CSRF vulnerabilities [📝 Writeup]
by YesWeHack
This guide explores Cross-Site Request Forgery (CSRF) vulnerabilities and methods of exploitation, detailing effective prevention strategies and practical examples for bug bounty hunters.
Read more →
Exploring Prompt Injection Vulnerabilities in AI Systems [🔗 Tweet]
by Mike Takahashi
This tweet outlines various avenues for prompt injection attacks within AI systems, shedding light on the critical nature of understanding AI vulnerabilities.
Read the full thread →
Prompt Injection Paths 🔀
for Bug Bounty, AI Red Team, AI SecurityInputs 🟢 → Attacks ⚪ → Impacts 🔴
— #Mike Takahashi (#@TakSec)
4:15 PM • Sep 9, 2025
Clever Payload Splitting Techniques to Bypass WAFs [🔗 Tweet]
by André Baptista (0xacb)
This tweet presents techniques for using clever payload splitting to bypass Web Application Firewalls, highlighting evolving challenges in evasion tactics.
Read the full thread →
Bypassing WAFs with traditional payloads is getting harder.
Here's how clever payload splitting can bypass them 👇
— #André Baptista (#@0xacb)
8:07 AM • Sep 8, 2025
Finding and Exploiting Blind XSS Vulnerabilities [🔗 Tweet]
by Intigriti
This tweet shares a technical article detailing methodologies for identifying blind XSS vulnerabilities and provides sample payloads for practical testing.
Read the full thread →
🔁 Blind XSS: The invisible injection point and delayed execution make them an easily overlooked vulnerability... 🧐
Yet, they still have a severe impact on any organisation! 🤠
In our technical article, we documented our methodology for finding blind XSS vulnerabilities,
— #Intigriti (#@intigriti)
9:09 AM • Sep 3, 2025
Top 5 Archived Bug Bounty Write-Ups to Learn From [🔗 Tweet]
by Intigriti
This tweet links to five archived bug bounty write-ups that remain relevant, likely offering insights from experienced hackers for learning.
Read the full thread →
We just dove into our shelf of archived bug bounty write-ups from the most notable hackers! 🤠
In this issue, we selected 5 compelling articles (that are still relevant today) to share with you, from which you can learn something new! 😎
🧵 👇
— #Intigriti (#@intigriti)
9:05 AM • Sep 5, 2025
how I made 6 figures in my first year in bug bounty: my experiences [📝 Writeup]
by furkan
Furkan recounts his journey to earning six figures in his first year of bug bounty hunting, sharing strategies for focusing on individual programs and learning from feedback to improve skills.
Read more →
Did I miss something? Tell me.
Essential Life Lessons for Bug Bounty Hunters [🔗 Tweet]
by Stealthy
This tweet emphasizes the need for maintaining mental and physical health, alongside effective targeting strategies in bug bounty hunting.
Read the full thread →
Still learning things in the bug bounty space. Here are a few.
1 - Your health is more important than work. Mental and physical.
2 - Sticking to one high ROI target all year works best.
3 - Keep your body in a normal rhythm and have faith in the one who created us.— #Stealthy (#@stealthybugs)
10:35 PM • Sep 9, 2025
Understanding Application Flows for Effective Bug Bounty Hunting [🔗 Tweet]
by Behi
This tweet highlights the importance of viewing applications as interaction flows, indicating vulnerability points at each step.
Read the full thread →
Bug Bounty Lesson:
Don’t treat a target as pages.
Treat it as a collection of flows.
Login → reset password → change email → delete account.
Each step has params. Each param is a chance for bugs.
Flows reveal more than single endpoints.
— #Behi (#@Behi_Sec)
4:16 PM • Sep 9, 2025
Discovering Regex Bugs Leads to $4k in Bounties [🔗 Tweet]
by Mat Rollings
The author shares two regex-based unauthenticated XSS vulnerabilities discovered, resulting in $4k in bounties, advocating the learning of regex for bug bounty hunting.
Read the full thread →
Last week I found two regex bugs using regex → unauth XSS → 2× $2k = $4k in bounties 🥳 If you’ve been putting it off, learn regex. Seriously. /regex\+xss/\$4k/ #BugBounty #BugBountyTips
— #Mat Rollings (#@stealthcopter)
7:46 AM • Sep 11, 2025
Extract URL Components Using Unfurl Tool [🔗 Tweet]
by bugcrowd
This tweet showcases the 'unfurl' tool by @tomnomnom for extracting URL components, useful in security analysis.
Read the full thread →
how to extract specific components from URLs with @TomNomNom's unfurl 👇
— #bugcrowd (#@Bugcrowd)
5:02 PM • Sep 11, 2025
Bypassing Email Verification with HTTP Request Manipulation [🔗 Tweet]
by khan mamun
The tweet outlays a method for bypassing email verification through HTTP request manipulation, highlighting a potential security flaw.
Read the full thread →
Email verification bypass
1. Take url: target.*/signup
2. Enter email now need 6 digits otp and enter random otp
3. Intercept request>Do Intercept>response to this request
change : 400 to 200 OK
"CodeNotFound" to "codeverified"
"Incorrect Code" to "verified OTP code"#bugbounty
— #khan mamun (#@mamunwhh)
4:50 PM • Sep 12, 2025
Critical Adobe Commerce Update Patches RCE and ATO Vulnerabilities [🔗 Tweet]
by Blaklis
This tweet announces a patch for RCE and ATO vulnerabilities in Adobe Commerce and Magento, urging immediate updates to mitigate risks.
Read the full thread →
Release is out :
helpx.adobe.com/security/produ…
This patches a pre-auth RCE and a customer ATO that I found a few days ago on Adobe Commerce and Magento.
If you're using it, patch asap! This wouldn't be surprising to see TA using them in a few hours or days, at most.
#magento
— #Blaklis (#@Blaklis_)
1:46 PM • Sep 9, 2025
Chaining Small Bugs into Big Exploits in Bug Bounty Hunting [🔗 Tweet]
by bugcrowd
This tweet discusses the strategy of chaining small vulnerabilities, referred to as gadgets, for impact in exploits, underlining the importance of knowledge about the target.
Read the full thread →
How do hackers break into hardened, well-defended apps?
By chaining tiny bugs (gadgets) into big exploits.
This is how you do it👇
1️⃣ How to find bugs?
Finding bugs on secure apps requires deep knowledge of the target.
Top hackers usually take a manual, thorough approach.
— #bugcrowd (#@Bugcrowd)
3:39 PM • Sep 1, 2025
Maximize Earnings by Exploiting Race Conditions [🔗 Tweet]
by Sir. Zeus
The tweet discusses exploiting race conditions using parallel requests, particularly on creation endpoints for vulnerability discovery.
Read the full thread →
Easy bounty tip: Race conditions are gold!
Send the same request in parallel & Turbo Intruder→ app logic breaks → $$$
Always test creation endpoints (users, groups, payments).
#BugBounty #bugbountytips #appsec— #Sir. Zeus (#@Eyhuss1)
3:07 PM • Sep 1, 2025
Identify Web Technologies Using 404 Error Page Insights [🔗 Tweet]
by ReconOne
This tweet shares a resource for identifying web technologies based on analyzing 404 error pages, aiding reconnaissance during bug bounty hunting.
Read the full thread →
Did you know? This website allows you to identify the technologies behind web applications based on 404 errors
👇🔗
#BugBounty #enumeration #recon #recontips #pentest
— #ReconOne (#@ReconOne_bk)
11:20 AM • Sep 1, 2025
Open Source Software Tactics for Bug Bounty Hunters [🔗 Tweet]
by Behi
The tweet suggests that bug bounty hunters should verify whether unfamiliar software is open source and check GitHub issues for potential underlying vulnerabilities.
Read the full thread →
Bug Bounty Trick:
When you come across unfamiliar software on a domain, always verify if it's open source.
If it is, review GitHub issues.
Often, you’ll find vulnerabilities that were already reported or patched.
If your target hasn’t patched, that’s your lead.
— #Behi (#@Behi_Sec)
12:07 PM • Sep 2, 2025
Testing Outdated Swagger Instances for XSS Vulnerabilities [🔗 Tweet]
by VIEH Group
This tweet advises researchers to test outdated Swagger instances for XSS vulnerabilities, sharing payload ideas for quicker bounties.
Read the full thread →
Quick Wins: If you come across an outdated Swagger instance, always remember to test for XSS vulnerabilities. Try these payloads and earn some quick bounties!
Threads 🧵
#BugBounty #SecurityTips #Cybersecurity— #VIEH Group (#@viehgroup)
5:00 AM • Sep 4, 2025
Did I miss something? Tell me.
Because Disclosure Matters: This newsletter was produced with the assistance of AI. While I strive for accuracy and quality, not all content has been independently vetted or fact-checked. Please allow for a reasonable margin of error. The views expressed are my own and do not reflect those of my employer.