Disclosed. July 27, 2025. Google’s $30K Bug, Panels on Triage with Platforms, Hacker Hangouts, Christmas in July, YesWeHack's Next Live Hacking Event and more.

Each week, 3 readers will win a 1-month PentesterLab Pro license, completely free. Refer a friend to the newsletter to enter.

Shout out to this week’s winners (I will email you):

ibnsalamah2005
hsart
earthywh11

PentesterLab is one of the best hands-on platforms for learning web security, with real-world vulnerabilities, private labs, and practical exercises trusted by professionals and bug bounty hunters worldwide.

Huge thanks to PentesterLab for sponsoring this giveaway and supporting the Disclosed. community. ❤️

Bug Bounty Village Hacker Hangout at DEF CON 33 [🔗 Tweet]
by Bug Bounty Village DEFCON

The Hacker Hangout at DEF CON 33, hosted by TikTok, HackerOne, and Bug Bounty Village, will be held on August 7, 2025, from 6:00 to 9:00 PM PT at Flight Club Las Vegas. The event includes food, drinks, darts, and networking for hackers and cybersecurity professionals.
Read more →

Bypassing Google Cloud Build Comment Control for $30K [📓 Blog]
by Adnan Khan

Adnan Khan discovered a Time-of-Check-Time-of-Use (TOCTOU) vulnerability in Google Cloud Build’s GitHub integration that allowed pull request tests to run without proper maintainer review. By exploiting a race condition in the “comment-control” feature, an attacker could replace benign code with malicious commits just after a maintainer commented /gcbrun, triggering builds with elevated privileges—earning Khan a $30,000 bug bounty from Google.
Read more →

Searchlight Cyber to Unwrap Critical Vulnerabilities in “Christmas in July” Webinar Series
by SLCyberSec

On July 29, 2025, Searchlight Cyber will host a live session revealing several high-impact vulnerabilities—including pre-auth RCEs and persistent XSS—in popular enterprise platforms like Adobe Experience Manager, DotNetNuke, and ETQ Reliance. Led by SVP Shubham Shah, the 45-minute talk will cover how these bugs were discovered, disclosed, and mitigated.
Read more →

Have something you want to Spotlight? Tell me.

Skillset Matching for More Relevant Program Recommendations
by Intigriti

Intigriti has launched a new 'Required Skills' feature that allows companies to tag program assets with specific skillsets needed for testing. This update helps researchers find better-matched programs and receive more relevant recommendations based on their expertise.
Read more →

Upcoming Platform Panel on Vulnerability Triage [🔗 Tweet]
by Bug Bounty Village DEFCON

A panel featuring experts from HackerOne, Bugcrowd, Intigriti, Synack, and YesWeHack will discuss the complexities of triage in bug bounty programs at 3:00 PM inside the Bug Bounty Village on August 9th. The 90-minute session will cover workflow design, team training, dispute resolution, and the future of triage operations across leading platforms.
Read more →

Upcoming Live Hacking Event at Nullcon Berlin 2025  [📓 Blog]
by YesWeHack ⠵

YesWeHack will be at Nullcon Berlin 2025 on September 4–5, where they’ll host a live hacking event open to all conference attendees. The challenge will take place onsite at the Courtyard by Marriott Berlin City Center, with the target and scope revealed at the event’s start.

Read more →

New Filter for Recently Paid Bug Bounty Programs [🔗 Tweet]
by Mitchell Amador

A newly introduced filter enables researchers to efficiently find and view recently paid bug bounty programs.
Read more →

HackerOne Launches AI-Powered Triage [📓 Blog]
by HackerOne

HackerOne has introduced Hai Triage, an AI-assisted system for managing vulnerability reports. It filters out duplicates and low-quality submissions, validates and reproduces findings, and delivers structured, prioritized reports to help security teams address real threats more efficiently.
Read more →

Did I miss an important update? Tell me.

Cyberspace Search Engine [📁 Tool]
by ZoomEye

BugBounty Radar now monitors 54,710 assets, identifying 271 new assets and 39,586 changes in the past week. The platform highlights top technologies in use—including WordPress, Apache httpd, and ExpressJS—helping researchers stay current on evolving attack surfaces.
Read more →

GitHub - MuhammadWaseem29/BackupFinder [📁 Tool]
by MuhammadWaseem29

BackupFinder facilitates locating backup files on web servers, enhancing efficiency in penetration testing and bug bounty investigations.
Read more →

Caido Plugin ‘Drop’ Enables Encrypted Collaboration Between Users [📁 Tool]
by caido-community

The Drop plugin for Caido facilitates secure collaboration by allowing users to share tabs, scopes, rules, and more over end-to-end encrypted (E2EE) PGP channels. Messages are stored on a server (hosted or self-hosted) for up to 7 days, with no plaintext data ever written to the database.
Read more →

Git Dork Helper [📁 Tool]
by Verry__D

The GitHub Dork Helper by vsec7 streamlines the process of generating targeted GitHub code search links using predefined dorks. Users can input a target, fetch dorks from a public list, and instantly generate reconnaissance-ready search URLs.
Read more →

GitHub - projectdiscovery/cvemap [📁 Tool]
by projectdiscovery

CVEMAP is a CLI tool by ProjectDiscovery that simplifies vulnerability research by mapping CVEs to EPSS, KEV, CPEs, public PoCs, Nuclei templates, and more. With powerful filters and support for JSON output, it helps researchers quickly query and analyze the CVE landscape.
Read more →

Have a favorite tool? Tell me.

Quick-Skoping through Netskope SWG Tenants - CVE-2024-7401 [📓 Blog]
by QuickSkope

Learn how to exploit a vulnerability in Netskope's software that allows user impersonation by acquiring configuration files.
Read more →

Turning Frontend Clues into Backend Compromise: Insecure Routing to RCE [📓 Blog]
by Synack

This post explains an RCE vulnerability exploited through insecure routing mechanisms, outlining methods for exploitation and attacker techniques.
Read more →

ETQ Reliance RCE Discovered Through Trailing Space Login Bypass [📓 Blog]
by Assetnote

Researchers from Assetnote uncovered multiple vulnerabilities in ETQ Reliance, including a pre-authentication remote code execution bug. By appending a space to the username "SYSTEM" during login, they bypassed authentication and accessed internal system functions, ultimately executing code through Jython-based customization features.
Read more →

Remitly | Report #2831902 - 0-Click Account Takeover via Password Reset [📓 Report Write-up]
by db3wy

Documenting a vulnerability in Remitly’s password reset function, this report showcases a complete exploitation walkthrough and potential impact.
Read more →

Zero-Click Account Takeover: The Power of JavaScript Analysis [📓 Blog]
by Ali Saadi

The article discusses a zero-click account takeover vulnerability discovered through local storage manipulation in a malfunctioning password reset mechanism.
Read more →

A Deep Dive into a Access Control Vuln in Clockwork [📓 Blog]
by 0vulns 🇸🇩

A vulnerability in the PHP debugging tool Clockwork allowed attackers to bypass localhost checks by spoofing the Host header, exposing sensitive debugging data. Exploitation in Patchstack’s staging environment enabled session hijacking and access to internal tools like Laravel Telescope.
Read more →

Did I miss an important update? Tell me.

Archive Testing Methodology with Mathias Karlsson (Ep.132) [🎥 Video]
by Critical Thinking - Bug Bounty Podcast

Mathias Karlsson explores archive testing methodologies, covering vulnerabilities like path traversal and the creation of the Archive Alchemist tool.
Watch video →

How NahamSec Saved His First $100,000 From Bug Bounty [🎥 Video]
by Nahamsec

This video breaks down the "Profit First" system the author used to turn inconsistent bounty payouts into disciplined savings, ultimately helping him save his first $100,000.
Watch video →

‘I can hack through the night’: g4mb4 on Bug Bounty [🎥 Video]
by YesWeHack

In this interview, hacker g4mb4 shares insights from his transition from developer to bug bounty hunter, emphasizing patience and curiosity.
Read more →

Essential File Upload Vulnerability Techniques Explained [🎥 Video]
by PentesterLand

In this video, the author covers the methodology and various test cases for one of the most critical vulnerabilities in the OWASP Top 10 and bug bounty programs: File Uploads.
Read more →

Understanding Race Conditions in Bug Bounties [🎥 Video]
by Medusa

This video breaks down how Race Conditions work, how to test them using tools like Burp Suite and Turbo Intruder, and shares real-world bug bounty reports that demonstrate their impact.
Read more →

Did I miss something? Tell me.

Routing-Based SSRF — Host Header Injection Leads to Internal Access [📓 Blog]
by Bash Overflow

This article covers a Server-Side Request Forgery (SSRF) vulnerability exploited through Host header manipulation, outlining effective exploitation techniques.
Read more →

Top 10 Practical XSS Payloads for Real-World Exploitation [📓 Blog]
by Rodolfo Assis

Rodolfo Assis shares his top 10 most effective XSS payloads, selected based on their consistent success in real-world scenarios, not just theoretical or niche cases. The list emphasizes simplicity, broad applicability, and bypass potential against common filtering mechanisms.
Read more →

AWS: Abusing IAM Policy Version [📓 Blog]
by Raj Chandel

An in-depth examination of AWS IAM policy versioning vulnerabilities, illustrated with exploitation examples and mitigation best practices.
Read more →

40sp3l’s Journey Toward Going Full-Time [📓 Blog]
by 40sp3l

Bug bounty hunter 40sp3l began a 30-day vulnerability hunting challenge to build skills, understand triage decisions, and refine a sustainable workflow before going full-time. The focus is less on rewards and more on learning how to find impactful vulnerabilities and grow through consistent practice and rejection analysis.
Read more →

Did I miss something? Tell me.

Insights on Mobile Bug Bounty Programs from Alex [🔗 Tweet]
by TCM Security

Alex sheds light on the importance of mobile app security and encourages community involvement in mobile bug bounty programs.
Read more →

Essential Resources for Bug Bounty Beginners on Intigriti [🔗 Tweet]
by Intigriti

A thread providing key resources tailored for newcomers to bug bounty hunting on the Intigriti platform.
Read more →

8 Essential Tips for Landing Your First $1,000 Bounty [🔗 Tweet]
by HackingHub

Highlighting common pitfalls and practical tips to assist novice bug bounty hunters in securing their first payout.
Read more →

Finding Bugs on Vacation: A Bug Bounty Success Story [🔗 Tweet]
by Edra

A personal narrative showcasing the potential of bug bounty hunting, even after time away from the hunt.
Read more →

Leveraging Inactive XSS Vulnerabilities for Reports [🔗 Tweet]
by xploiterr

Advice for bug bounty hunters to revisit sites frequently, as updates may inadvertently reintroduce previously fixed vulnerabilities.
Read more →

Punycode Email Spoofing Bug with $500 Bounty Insight [🔗 Tweet]
by Archer

Describes a method for exploiting Punycode email spoofing to lock legitimate users out of their accounts.
Read more →

GraphQL Mutation Vulnerability Allows Token Generation Without Checks [🔗 Tweet]
by Bronx101

A high-privilege mutation vulnerability in a GraphQL API enables unauthorized token generation due to missing authorization checks.
Read more →

Did I miss something? Tell me.

Because Disclosure Matters: This newsletter was produced with the assistance of AI. While I strive for accuracy and quality, not all content has been independently vetted or fact-checked. Please allow for a reasonable margin of error. The views expressed are my own and do not reflect those of my employer.