Hello folks, it’s me again! When I started digging into mobile security a few months back, I kept reading about JSBridge vulnerabilities. Every article made them sound theoretical – like academic ...

Hey everyone! Hope you’re all having a great week. Today I want to share a fun find from a recent security audit on a platform. It’s a classic case of why you should never trust the client’s versi...

Hello folks, it’s me again! You know that feeling when you’re staring at a “Too Many Requests” error and you just know there’s a way around it? That happened to me recently while I was testing the...

Hello everyone! Glad to have you back. Today I’m diving into a classic cloud security fail: the misconfigured S3 bucket. We’ve all heard stories about massive data leaks from exposed buckets, but ...

Hi folks, it’s me again! When bug bounties get quiet, sometimes the best move is to step back and do some noob research–diving into 0-day and N-day territory, messing with tools we use every day, ...

Hello folks! I’m a bug hunter, and, well, I was bored… My HackerOne profile was looking kinda sad with no fresh bounties, so I thought, “Why not do some noob research and see what happens?” So her...

Hey everyone! Gather around, because I’ve got an exciting tale from my latest bug bounty adventure. It’s a story of discovery, persistence, and a bit of clever trickery as I stumbled upon a boolea...

Hey hunters, hope you’re all doing well. Today I want to share my story about how I discovered a Stored XSS vulnerability that allowed full account takeover (ATO) on a Web3 website. It was one of ...

Hello folks! While exploring Salesforce deployments during a focused research session, I uncovered a significant misconfiguration that allowed unauthenticated access to internal Salesforce data th...

Hey everyone! So, let me take you on a little journey of discovery. It all started with a curious mind and a knack for uncovering the unseen. During one of my recent bug hunts, I stumbled upon a v...