Welcome to Disclosed.
(Note: This was written a few days ago at the airport, but I wasn’t able to publish this until now. Figured better late than never!)
Hey there!
I’m writing this from the airport as I head to Stockholm for H1-468 (HackerOne Live Hacking Event). From there, I’ll be flying straight to Singapore for another event before heading back home. It’s going to be a whirlwind two weeks.
And as if that wasn’t enough excitement, I have some big news: After three incredible years leading the pentest community at HackerOne, I’m stepping into a new role running the technical delivery of Live Hacking Events! I’m thrilled for the challenge, the travel, and the chance to connect with some of the brightest minds in the hacking world.
If you’ll be at either of these upcoming events, please come say hello!
Enough about me. Let’s dive in.
In This Issue
BSides Ahmedabad 2025 Wraps Up [🔗 Tweet]
by Romilpatel1988
The tweet summarizes experiences from the BSides Ahmedabad 2025, particularly focusing on the bug bounty competition.
Read the full thread →
What an epic ride at BSides Ahmedabad 2025! 🚀 Two days of mind-blowing session and bug bounty competition.
@BarracksArmy @GodfatherOrwa @bsidesahmedabad @r3v3Ncl4W
— #Romil Patel (#@Romilpatel1988)
3:55 PM • Sep 14, 2025
Upcoming Live Hacking Event in Stockholm [🔗 Tweet]
by Hacker0x01
The tweet announces a live hacking event in Stockholm, urging followers to stay tuned for further information.
Read the full thread →
Our next live hacking event is coming to Stockholm next week. 🇸🇪 Stay tuned for more details as we prepare for another epic collaboration. #H1468 #TogetherWeHitHarder
— #HackerOne (#@Hacker0x01)
4:37 PM • Sep 15, 2025
Bugcrowd Closes Applications for Hacker Showdown: Mind Cathedral [🔗 Tweet]
by Bugcrowd
Bugcrowd announced the close of applications for their “Hacker Showdown: Mind Cathedral” event, which featured $30K in prizes and exclusive swag. Registration ended on September 19 at 5pm PT.
Read the full thread →
Have something you want to Spotlight? Tell me.
EZVIZ opens full smart-home lineup for testing (up to US$5,000) [🔗 Tweet]
by YesWeHack
YesWeHack announced that EZVIZ has opened its entire smart-device ecosystem security cameras, doorbells, vacuums, and more for testing. All devices are in-scope for the next two months, and valid reports can earn up to US$5,000; hunters can also review EZVIZ’s Trust Center for details on their ongoing security practices.
Read the full thread →
🔐 Can you put smart home security to the test?
@EZVIZ_Global has opened its full range of smart products, from security cameras to doorbells and vacuums for testing: all devices are in scope. 💰 For the next 2 months, valid reports can earn up to US$5,000!
👉 A complete IoT
— #YesWeHack ⠵ (#@yeswehack)
8:11 AM • Sep 16, 2025
Registration Opens for #GlassFirewall2025 [🔗 Tweet]
by Hacker0x01
Hacker0x01 announces that registration is now live for GlassFirewall 2025. The event promises real conversations on inclusion in cybersecurity, featuring diverse voices and fresh perspectives under the theme “Breaking bytes + barriers.”
Read the full thread →
🚨 Registration is LIVE for #GlassFirewall2025!
💥 Breaking bytes + barriers.
🧠 Real talk on inclusion in cybersecurity.
🎤 Voices that need to be heard.Join the conversation 👉 bit.ly/4nDvqdM
#Cybersecurity #GlassFirewall
— #HackerOne (#@Hacker0x01)
12:59 PM • Sep 19, 2025
BSides Ahmedabad Event Photos [🔗 Tweet]
by bsidesahmedabad
BSides Ahmedabad shared that photos from this year’s 0x06 edition are now available online. The collection captures highlights, community moments, and memories from the event.
Read the full thread →
✨ The wait is finally over! 🎉
All the amazing memories from BSides Ahmedabad 0x06 are now live — check out the pictures here ⬇️
drive.google.com/drive/folders/…The link’s hot, the server’s sweating… no exploits , only memories 😉🔥
#BSidesAhmedabad #BSides0x06 #CommunityLove
— #Security BSides Ahmedabad (#@bsidesahmedabad)
5:30 AM • Sep 19, 2025
Did I miss an important update? Tell me.
Introducing Cero: A Tool for Subdomain Enumeration [🔗 Tweet]
by intigriti
This tweet introduces Cero, an open-source tool that employs SSL certificate scraping for subdomain enumeration.
Read the full thread →
There are countless ways to gather a list of subdomains... Cero, an open-source, Go-based subdomain enumeration tool, scrapes a list of subdomains from SSL certificates.😎
Try it out!
🔗 github.com/glebarez/cero— #Intigriti (#@intigriti)
9:11 AM • Sep 20, 2025
Chrome Extension for Automated HTML Keyword Searching [📁 Tool]
by dirtycoder0124
A new Chrome extension automates the crawling and scanning of web pages for specified keywords, providing notifications and logging findings, making it an essential tool for bug hunters.
View the tool →
Introducing Ax Framework: Distributed Scanning for All [📁 Tool]
by AttackSurge
The Ax Framework is an open-source tool designed for efficient distributed scanning across cloud providers, optimizing processes for bug hunters and security experts.
View the tool →
GitHub - MayankPandey01/Jira-Lens: Fast and customizable vulnerability scanner For JIRA written in Python [📁 Tool]
by Mayank Pandey
This repository presents Jira-Lens, a customizable vulnerability scanner for JIRA, built in Python. It offers over 25 checks for known vulnerabilities and detailed scan outputs, with installation guides for accessible use among both bug bounty hunters and security professionals.
View the tool →
GitHub - Suryesh/Algopwn: Interactive Tool for Auditing Algolia API Keys [📁 Tool]
by Suryesh
Algopwn is an interactive Python tool that assists researchers and bug bounty hunters in auditing Algolia API keys, detecting ACLs, and identifying permissions, with responsible usage strongly emphasized.
View the tool →
jxscout Pro Update: Real-Time Findings for Better UX [🔗 Tweet]
by fneves97
The latest update to jxscout Pro brings significant improvements in user experience, especially with real-time updates on findings, enhancing the overall usability for security experts.
Read the full thread →
🚀 New release of jxscout pro is out!
This release focused on UX improvements, mainly around showing updates of findings in realtime. I think this update will greatly improve the UX for jxscout
📝 Changelog: jxscout.app/changelog
— #Francisco Neves (#@fneves97)
2:54 PM • Sep 14, 2025
Introducing Ebka AI: A New Plugin for Caido Store [🔗 Tweet]
by CaidoIO
This tweet presents 'Ebka AI', a new tool aimed at analyzing requests to assist bug bounty tasks, including replay session management and scope organization.
Read the full thread →
🚀New plugin in the Caido Store!
Introducing "Ebka AI" by @slonser_
Ask Claude AI to analyze requests, manage Replay sessions, or review findings. You can also filter, organize scopes, and create M&R rules.
Check out more details: github.com/Slonser/Ebka-C…
— #Caido (#@CaidoIO)
12:00 PM • Sep 15, 2025
Have a favorite tool? Tell me.
Exploring WAF Failures from Query Parameters to Cookie Poisoning [📓 Blog]
by Sarthak Saxena
This research reveals how Web Application Firewalls (WAFs) can be bypassed through cookie poisoning via query parameters, introducing persistent DoS risks on affected sites. The author shares insights from their bug bounty journey, highlighting vulnerabilities across various platforms.
Read more →
Exploit XSS to RCE in Opera for $8,000 Bounty [🔗 Tweet]
by mqst_
This tweet highlights an opportunity to earn $8,000 by exploiting an XSS vulnerability leading to RCE in the Opera browser, providing crucial insights for participants.
Read the full thread →
🌐 $8,000 Bug Bounty Highlight: XSS to RCE in the Opera Browser
#1: blogs.opera.com/security/2021/…
#2: medium.com/@renwa/stored-…author: @RenwaX23
— #Muqsit 𝕏 (#@mqst_)
1:30 PM • Sep 19, 2025
Discovering the Origin IP to Bypass WAF and Exploit SQL Injection [📓 Blog]
by Malek Mesdour
This post discusses a bug bounty engagement with a SQL injection vulnerability concealed by Cloudflare's WAF. It details a strategy to bypass the WAF through origin IP discovery and DNS techniques, with methodology for recognizing the vulnerability using payloads. Emphasis is placed on collaboration and alternative strategies when facing obstacles.
Read more →
WAF Bypass + XSS + Business Logic Flaw = Account Takeover [📓 Blog]
by Ali Hussain
This post details a critical vulnerability chain in a SaaS e-commerce application, leading to account takeover. It combines a business logic flaw, XSS via HTML comments, and a WAF bypass technique, underscoring effective exploitation methods and immediate fixes to mitigate risks.
Read more →
Simple POC That Earned a $10,000 Bug Bounty [📓 Blog]
by Ibtissam hammadi
This article narrates the author's experience in discovering an arbitrary file read vulnerability through a POC during an assessment of GitLab's project import feature, highlighting ethical hacking's role in identifying significant flaws with substantial bug bounties.
Read more →
Did I miss an important update? Tell me.
Crit Research Lab Update & Client-Side Tricks Galore (Ep. 140) [🎥 Video]
by Critical Thinking - Bug Bounty Podcast
In Episode 140, hosts Justin and Joseph provide an update from The Crit Research Lab while discussing various client-side tricks beneficial for bug bounty hunters.
Watch video →
Mastering Waymore for Bug Bounty & Recon [🎥 Video]
by XNL -н4cĸ3r
Covering Waymore: pulling archived endpoints from Wayback Machine, Common Crawl, AlienVault OTX, URLScan, VirusTotal and Intelligence X, plus downloading full archived responses. The speaker also demonstrates post-processing techniques used to uncover extra endpoints, potential secrets, and parameters
Watch video →
Fastest Way to Discover Vulnerabilities on Any Bug Bounty Program [🎥 Video]
by Lostsec
This video highlights practical recon steps, ethical hacking techniques, and real-world approaches to speed up your hunting process.
Watch video →
4 Recon Sources That Always Get Me Results [🎥 Video]
by NahamSec
Ben outlines four high-value recon sources and demonstrates how to use them to go wide (mass subdomain discovery) or go narrow (deep JS + docs digging). Covers Project Discovery Chaos, C99 (API + subdomain/Cloudflare resolver), Waymore for archived endpoints, and practical tips for stitching results together and post-processing to find parameters and secrets.
Watch video →
Mastering DOM XSS for Bug Bounties: DOM Invader & Real Reports [🎥 Video]
by Medusa
This video breaks down how the DOM works and shows practical DOM XSS exploitation using Burp’s DOM Invader extension, with live demos and real bug bounty reports. The video explains payload flow in the browser, why DOM XSS becomes critical, and how to turn findings into solid reports ideal for anyone wanting to sharpen web-hacking skills for bug bounties.
Watch Video →
Did I miss something? Tell me.
Latest Bug Bytes: Essential Bug Bounty Techniques and Tips [🔗 Tweet]
by Intigriti
The latest Bug Bytes issue covers crucial bug bounty techniques, including an SSRF attack vector in Next.js Middleware and payload exploitation in malicious PDFs, alongside platform updates.
Read the full thread →
A Guide To Subdomain Takeovers 2.0 | HackerOne [📓 Blog]
by Hackerone
This blog post updates readers on subdomain takeovers, providing guidance on identifying vulnerable services, automating detection with tools like Nuclei, and ethical disclosure practices. Significant insights into exploiting vulnerabilities in cookies, CORS, OAuth, and CSPs are included.
Read more →
Understanding Supply Chain Attacks on MCP Servers [🔗 Tweet]
by 0x0SojalSec
This tweet discusses vulnerabilities like prompt injection and credential exposure on MCP servers, highlighting their potential as targets for supply chain attacks.
Read the full thread →
Every MCP server is a potential supply chain attack. And most teams aren’t treating it that way. and
1/ Prompt Injection
2/ Credentials Exposure
3/ Unverified Third-Party Tools
-paloaltonetworks.com/blog/cloud-sec…
#infosec #BugBounty #CyberSecurity
— #Md Ismail Šojal 🕷️ (#@0x0SojalSec)
6:44 PM • Sep 14, 2025
Caido 101: Practical Guide to Features & Plugins [📓 Blog]
by Aituglo
This guide introduces Caido as a modern, lightweight alternative to Burp with both desktop and CLI clients. It walks through key features like Replay, Automate, Match & Replace, and HTTPQL filters, plus recommended plugins such as EvenBetter and Ebka AI. Perfect for bug hunters looking to level up their workflow.
Read more →
A Playbook For Integration Servers [📓 Blog]
by roll4combat
A researcher shares their experience delivering a first DEF CON talk at Recon Village. From nerves to preparation to the payoff of presenting, this piece gives encouragement to anyone considering public speaking in the security space.
Read more →
Hacking Plugin Ecosystems: Risks & Exploitation [📓 Blog]
by blackbird-eu
This article explores how plugin marketplaces expand attack surfaces. It covers seven common vulnerabilities, including sandboxing flaws, supply-chain risks, and overly-permissive APIs, with practical tips for adapting tests to platforms like GitHub Marketplace and Atlassian.
Read more →
Bug Bounty Blueprint: Rabhi’s Approach [📓 Blog]
by YesWeHack
Rabhi, a top hunter, shares his structured bug-hunting workflow. From recon strategies to time management and triage mindset, this blueprint mixes high-level thinking with practical tips for scaling results.
Read more →
Did I miss something? Tell me.
Tech-Aware Fuzzing [🔗 Thread]
by e11i0t_4lders0n
This tweet advocates for employing tech-aware fuzzing instead of blind fuzzing to uncover critical vulnerabilities such as P1s effectively.
Read the full thread →
Want more P1s with less noise? Stop blind fuzzing. Use tech-aware fuzzing to find backup files, configs & hidden endpoints developers leave behind
Read this thread 🧵
#bugbounty #bugbountytip #bugbountytips
— #Tushar Verma 🇮🇳 (#@e11i0t_4lders0n)
4:56 PM • Sep 19, 2025
NoSQL Vulnerability Causing Org-Wide UI Crash [🔗 Tweet]
by Masonhck3571
The tweet describes a NoSQL vulnerability resulting in a denial of service from sending unintended objects instead of strings, causing a crash for all users in the organization
Read the full thread →
A fun NoSQL vuln that caused DOS: I sent a PUT request of {"field":"last_name","value":{"$ne":null}} which persisted and crashed the Teams/Admin UI for all users within the organization LOL #bugbounty #infosec
Normal request body was:
{"field":"last_name","value":"mason"}
— #Masonhck357 (#@Masonhck3571)
11:54 PM • Sep 20, 2025
Exploiting IDOR to Access Driver PII in Transportation Company [🔗 Thread]
by _ismailu
This tweet outlines a method for exploiting an IDOR vulnerability to access sensitive driver information within a transportation company, stressing the need for robust access control.
Read the full thread →
How I hacked a famous transportation company and accessed every driver's PII.
The Bug: IDOR/Improper Access Control.
The injection point is in the header after using a 'CURL' request.
🧵 Thread
#bugbountytip #bugbountytips #hackerone #infosec #bugcrowd— #ismail (#@_ismailu)
7:11 AM • Sep 18, 2025
SQL Injection Found in API Authentication Header [🔗 Tweet]
by mase289
This tweet highlights a SQL injection vulnerability discovered in an API authentication header, emphasizing the critical need for header auditing during security assessments.
Read the full thread →
Headers are attack surface too. I found SQL injection in an API header used for auth — visible only in requests, not forms. Don’t ignore headers during audits. #bugbountytip #bugbounty short 🧵
— #Jadek Mark (#@mase289)
4:20 PM • Sep 18, 2025
Critical Account Takeover via Password Reset Injection [🔗 Tweet]
by GodSpeed000123
The tweet discusses a severe vulnerability identified through password reset flow poisoning, leading to potential account takeover and recommends using the FakeIP extension for link poisoning checks.
Read the full thread →
Found a critical vulnerability by poisoning the password-reset flow by injecting Collaborator into headers using Burp FakeIP, resulting in account takeover. Scored $4,000
Tip: Use the FakeIP extension to check for link poisoning.
#BugBounty #bugbountytips #CyberSecurity— #Vipul 🇮🇳 (#@GodSpeed000123)
9:20 PM • Sep 14, 2025
Using Google Dorks to Discover Associated Domains [🔗 Tweet]
by Bugcrowd
This tweet shares a Google dork query to uncover new associated domains linked to specific companies, enhancing reconnaissance techniques.
Read the full thread →
Find new associated domains with this simple Google dork:
"© <COMPANY>. all rights reserved." -".<COMPANY>.com"
Check this out 👇
— #bugcrowd (#@Bugcrowd)
4:45 PM • Sep 15, 2025
Exploring API Versioning for Hidden Vulnerabilities [🔗 Tweet]
by Behi_Sec
A bug bounty tip emphasizing the necessity of testing older API versions, which may lack adequate authentication or validation, risking potential exposure of vulnerabilities.
Read the full thread →
Bug Bounty Tip:
If you see /api/v3/endpoint, do not assume that is the only version.
Try /api/v2/endpoint, /api/v1/endpoint, or drop the version to /api/endpoint.
Old versions often stay online with missing auth or validation.
That is where easy wins hide.
— #Behi (#@Behi_Sec)
2:51 PM • Sep 16, 2025
Exploiting PuppetDB: Check /pdb/query/v4/resources [🔗 Tweet]
by GokTest
The tweet advises checking the PuppetDB endpoint /pdb/query/v4/resources for exploitable credentials, offering practical guidance for bug bounty hunters.
Read the full thread →
Seeing someone’s credentials are always a dopamine!
When you come across a puppetDB instance dont forget to check the endpoint /pdb/query/v4/resources
.
.#bugbounty #bugbountytips #hackerone #bugcrowd #hack #pentest #TogetherWeHitHarder
— #Gokul SK (#@GokTest)
6:32 AM • Sep 16, 2025
Did I miss something? Tell me.
Because Disclosure Matters: This newsletter was produced with the assistance of AI. While I strive for accuracy and quality, not all content has been independently vetted or fact-checked. Please allow for a reasonable margin of error. The views expressed are my own and do not reflect those of my employer.