Welcome to Disclosed.
Writing to you from Singapore as we’re running back-to-back LHEs. My time is limited this week, so let’s dive in.
In This Issue
H1-468 Live Hacking Event in Stockholm [🔗 Tweet]
by HackerOne
HackerOne’s Live Hacking Event in Stockholm kicked off last week. Winners and MVH announced soon.
Read the full announcement →
And we're live! #H1468 hacking day has officially begun in Stockholm. Researchers are focused, keyboards are clicking. Let the collaboration begin! 💻🔍
— #HackerOne (#@Hacker0x01)
1:54 PM • Sep 25, 2025
New Members Inducted into HackerOne H1-Elite [🔗 Tweet]
by Ariel Garcia
Congratulations to the newly inducted members of the Hacker0x01 H1-Elite group, recognizing their contributions and expertise in the community.
Read the full announcement →
Congratulations to the new @Hacker0x01 H1-Elite members, @niemand_sec, @ArchAngelDDay and @mallocsys. Well deserved. Some More to come soon! Stay tuned!
— #Ariel Garcia (#@Arl_rose)
10:48 AM • Sep 26, 2025
HackAICon Wraps Up [🔗 Tweet]
by @_Euzebius
HackAICon 2025, held in Lisbon on September 25, was the first conference dedicated to the intersection of AI and ethical hacking, featuring researchers, hackers, and security leaders exploring how AI can be leveraged for cybersecurity. The sold-out event delivered talks, roundtables, and hands-on challenges with a focus on knowledge-sharing and practical defense strategies rather than sales pitches.
Very nice HackAICon yesterday in the beautiful city of Lisboa!
Amazing setting, great talks and speakers including (but not limited to) @0xacb , @InsiderPhD, @monkehack and @0xLupin.Already looking forward to next one!
Many thanks to @ethiack and sponsors for this!— #Euz | Matthieu 🐙 (#@_Euzebius)
6:30 AM • Sep 26, 2025
H1-65 Live Hacking Event in Singapore
by HackerOne
HackerOne is running back to back LHEs, with the Singapore event happening THIS WEEK. More to come soon.
Have something you want to Spotlight? Tell me.
Cloud Security CTF Challenge [🔗 Tweet]
by Wiz
This tweet announces an exciting new Capture The Flag (CTF) challenge that integrates advanced bug bounty techniques, inviting security professionals to compete and enhance their skills.
Read more →
Dojo Launches New Challenges and Training Features for Hackers [🔗 Tweet]
by YesWeHack
The Dojo platform now features new challenges and learning modules designed to help security hunters refine their skills and boost their chances of qualifying for private program invitations.
Read more →
New look. Same Dojo.
With Dojo, you can:
🧠 Tackle monthly challenges & boost your chances of private program invites as a new hunter
🤝 Design your own CTF challenge
⚔️ Train with learning modules inspired by real findingsReady? 👉 dojo-yeswehack.com
#YesWeRHackers
— #YesWeHack ⠵ (#@yeswehack)
12:27 PM • Sep 22, 2025
YesWeHack Becomes Official CVE Numbering Authority [🔗 Tweet]
by YesWeHack
YesWeHack has officially become a CVE Numbering Authority, enabling the assignment of CVE IDs and publication of CVE records, which will significantly impact vulnerability management practices.
Read more →
Did I miss an important update? Tell me.
Caido Now Available in Kali Linux 2025.3 for Easy Installation [🔗 Tweet]
by Caido
Caido can now be installed seamlessly in Kali Linux 2025.3, providing both a desktop application and CLI with just a single command.
Read more →
Caido is now available in Kali Linux 2025.3!
You can now install the desktop app or the CLI, each with a single command.
— #Caido (#@CaidoIO)
2:10 PM • Sep 24, 2025
GitHub - RenwaX23/XSSTRON: Electron JS Browser To Find XSS Vulnerabilities Automatically [📁 Tool]
by RenwaX23
XSSTRON is an Electron JS-based browser tool designed to automate the detection of XSS vulnerabilities as users browse the web. It conducts background vulnerability checks and supports GET/POST scenarios.
View the tool →
GitHub - xitmakes/jsberg: Efficient URL Scraper [📁 Tool]
by xitmakes
JSBerg is a powerful Python-based URL scraper that extracts various web resources, including links and JavaScript files, from a list of websites, complete with features for multithreading and inline URL extraction.
View the tool →
Have a favorite tool? Tell me.
Local File Inclusion via XSS in Prince PDF Generator [📓 Blog]
by Virendra
This detailed write-up examines a local file inclusion vulnerability identified in the Prince PDF generator via an XSS attack, illustrating the exploitation process and potential risks involved.
Read more →
Regex XSS Exploitation Techniques [🔗 Tweet]
by Mat Rollings
This discussion showcases how overly-greedy regex replacements can lead to serious XSS vulnerabilities, featuring a live demo for practical exploitation.
Read the full thread →
REGEXSS: How .* Turned Into over $6k in Bounties
Overly-greedy regex replacements can break HTML sanitisation & lead to XSS. Includes a live demo you can try exploiting it yourself!
#BugBounty #BugBountyTips #XSS #AppSec
— #Mat Rollings (#@stealthcopter)
7:48 AM • Sep 24, 2025
Did I miss an important update? Tell me.
Mastering DOM XSS for Bug Bounties Video Release [🎥 Video]
by Medusa
A newly released video focuses on advanced DOM XSS techniques, emphasizing their significance within the context of Bug Bounty reports.
Watch video →
New Video Out! 🤠
Mastering DOM XSS for Bug Bounties: DOM Invader & Bug Bounty Reports!
youtu.be/okEmVk8MtEA?si…
— #Medusa (#@medusa_0xf)
1:52 PM • Sep 21, 2025
PortSwigger BurpAI Found These Exploits [🎥 Video]
by NahamSec
A newly released video demos Burp AI scanning and exploiting vulnerabilities (IDOR, XXE, SQLi, XSS), showing how AI speeds discovery and builds PoCs while underscoring the need for human validation and context-aware testing.
Watch video →
Google Docs 0-day & React Exploits with Nick Copi [🎥 Video]
by Critical Thinking – Bug Bounty Podcast
An in-depth chat on client-side hacking: a Google Docs 0-day (client-side DoS), React.createElement-based XSS chains, CSPT/CSS data exfil tricks, and real-world escalation/triage tactics with guest 7urb0.
Watch video →
Did I miss something? Tell me.
Exploiting Race Condition Bugs in Modern Architectures [🔗 Tweet]
by YesWeHack
This tweet introduces a guide focused on exploiting and mitigating race condition bugs, emphasizing their relevance in microservices and distributed queues for bug bounty hunters.
Read the full thread →
Understanding Client-Side Path Traversal Vulnerabilities [📓 Blog]
by Behi_Sec
Emphasizing the importance of recognizing client-side path traversal vulnerabilities, this resource offers a comprehensive exploration of the issue.
Read the full thread →
Client Side Path Traversal is an underrated bug...
But it can lead to critical bugs.
Here's everything you need to know about it 🧵👇
— #Behi (#@Behi_Sec)
4:46 PM • Sep 25, 2025
Find Misconfigurations First [🔗 Tweet]
by bugcrowd
This blog highlights the critical importance of identifying misconfigurations within security testing, which can often go unnoticed yet yield substantial rewards.
Read more →
Chasing bugs while ignoring misconfigs is leaving cash on the table.
They’re easy to find, high impact, and everywhere.
This blog breaks down how to spot them before anyone else does 👇
bugcrowd.com/blog/short-ter…— #bugcrowd (#@Bugcrowd)
6:08 PM • Sep 21, 2025
OpenAI Red Teaming Kaggle Competition Submission [🔗 Tweet]
by Joseph Thacker
The author shares reflections on their participation in the OpenAI red teaming competition, urging others to review their submission for educational purposes.
Read more →
Unfortunately I didn’t win but the OpenAI red teaming Kaggle competition taught me a lot.
You should give my submission a read 😊
— #Joseph Thacker (#@rez0__)
4:21 PM • Sep 20, 2025
Did I miss something? Tell me.
Using mktemp for Organizing JavaScript Dumps [🔗 Thread]
by Vitor Falcão "busfactor
This tweet advocates the use of mktemp -d for creating temporary directories, facilitating better organization of JavaScript files and proof-of-concept scripts.
Read the full thread →
cd `mktemp -d`
use it all the time to dump JS files, PoCs, etc— #Vitor Falcão "busfactor" (#@busf4ctor)
10:25 PM • Sep 24, 2025
Learn to Use cd - for Effective Directory Navigation [🔗 Tweet]
by Justin Gardner
The simple cd - command allows users to quickly return to the previous directory in the command line, enhancing productivity.
Read the full thread →
Today I learned about `cd -` . It takes you to the previous directory you were in. 0.0
— #Justin Gardner (#@Rhynorater)
9:40 PM • Sep 24, 2025
Using Regex for Advanced Host Field Alerting [🔗 Tweet]
by Sicarius
This tweet details the application of regex in advanced alerting concerning specific domain patterns in the host field, with an emphasis on regex character limits.
Read the full thread →
Hey there,
Unlike the rest of the searches, alerting uses regex, so you could do something like this on the "host" field (use the advanced mode):
^.*(domain1|domain2)\.(com|de|fr)$
keep in mind that there is a char limit on the regex of 100 :)
— #Sicarius (#@ElS1carius)
3:24 PM • Sep 25, 2025
Google Dorking for XSS Vulnerabilities in Parameters [🔗 Tweet]
by VIEH Group
This tweet provides Google Dork queries aimed at identifying parameters vulnerable to XSS, along with an injection test for demonstration purposes.
Read the full thread →
Google Dork - XSS Prone Parameters 🔥
site:example[.]com inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:&Test for XSS in param value:
'"><img src=x onerror=alert()>Credit: @TakSec
#infosec #bugbounty #bugbountytips
— #VIEH Group (#@viehgroup)
3:40 PM • Sep 20, 2025
Exploring IDOR: Patterns and Related Vulnerabilities [🔗 Tweet]
by Behi
Highlighting the correlation between various vulnerabilities, this tweet emphasizes that discovering an IDOR often suggests the existence of additional issues, urging thorough endpoint testing.
Read the full thread →
Bug Bounty Lesson:
One bug is rarely alone.
Found an IDOR? Check upload endpoints, exports, and reports too.
Patterns repeat inside big apps.
— #Behi (#@Behi_Sec)
4:59 PM • Sep 21, 2025
Exploiting NoSQL Vulnerability to Achieve DOS Attack [🔗 Tweet]
by Masonhck357
This tweet describes a NoSQL vulnerability that allows a PUT request to persist a faulty data type, resulting in a denial-of-service condition for all users in an organization.
Read the full thread →
A fun NoSQL vuln that caused DOS: I sent a PUT request of {"field":"last_name","value":{"$ne":null}} which persisted and crashed the Teams/Admin UI for all users within the organization LOL #bugbounty #infosec
Normal request body was:
{"field":"last_name","value":"mason"}
— #Masonhck357 (#@Masonhck3571)
11:54 PM • Sep 20, 2025
Did I miss something? Tell me.
Because Disclosure Matters: This newsletter was produced with the assistance of AI. While I strive for accuracy and quality, not all content has been independently vetted or fact-checked. Please allow for a reasonable margin of error. The views expressed are my own and do not reflect those of my employer.