Mastodawn

$148,337 #BugBounty paid by Google to a researcher (@brutecat) who found debug endpoints on Google Cloud allowing to configure privileged workflows leading to full #RCE in Google Cloud production (CVE-2026-2031)
#CloudSecurity #BugBountyTips
👇
https://brutecat.com/articles/google-cloud-rce/

StubZero: $148,337 RCE in Google Cloud Production

A chance Discord message, two missing pieces, and one hour before the window closed: From info leak to RCE on Google Cloud. Three months later, it happened again.

Marduk_James

Apr 22

DOM XSS isn’t always in the HTML.

Sometimes your input never appears in the Source because JavaScript is building the page.
Source → Sink → Execution in real-world DOM flows.

https://medium.com/@marduk.i.am/url-based-xss-c41d94090e6e

#infosec #cybersecurity #bugbountytips #websecurity #OWASP

URL-Based XSS

When JavaScript Hides the Vulnerability

Medium

Ruyynn | OSINT & Pentesting Mar 24

Lately I’ve been thinking about what tool I should build next.

Earlier today while scrolling Facebook, I saw someone asking for help because they were confused about how to write a proper bug bounty report. They had already found the vulnerability, but didn’t know how to structure the report or present it clearly.

That got me thinking.

In bug bounty, finding the bug is one challenge — but **writing a clear and well-structured report is another skill entirely**.

So I started considering building a small **Bug Report Generator** to help researchers quickly create structured reports with sections like summary, steps to reproduce, PoC, impact, and clean markdown output for platforms like HackerOne or Bugcrowd.

Before I start building anything, I’m curious how other bug hunters approach reporting.

What does your ideal bug report template look like?
What sections do triagers appreciate the most?
Do you prefer minimal reports or very structured ones?

If you're a bug hunter, I'd love to hear how you write your reports.
Good reports deserve better tooling.

#infosec #bugbounty #security #bugbountytips

kingthorin_rm Feb 17

I wrote a Blog post about combining ZAP with CyberChef.

#AppSec #WebAppSec #BugBountyTips

https://www.zaproxy.org/blog/2026-02-17-encoder-cyberchef-via-scripts/

Using ZAP's Encode/Decode/Hash Add-on with CyberChef via Encode/Decode Scripts

Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow.

ZAP

kingthorin_rm Feb 11

@zaproxy Released add-ons today:

GraphQL ➡️ Fixes the optional integration with the Tech Detection add-on which had been failing.

OpenAPI ➡️ Re-enables Swagger Secret Detector Script Scan Rule, the JS Engine memory leak has been addressed.

#AppSec #DevSecOps #WebAppSec #BugBountyTips

Sam Stepanyan

🐘Feb 9

#Antgravity - an AI code editor from Google that has access to your entire codebase and terminal had a Remote Code Execution (#RCE) vulnerability - a great find and write-up by @HacktronAI earning them $10k #BugBounty!
#BugBountyTips
👇

https://www.hacktron.ai/blog/hacking-google-antigravity

When Your VPN Opens Your Private Network to the Public

How AI-assisted reverse engineering of stripped PAN-OS binaries led to finding a JWT algorithm confusion vulnerability in GlobalProtect's Cloud Authentication Service, enabling full VPN auth bypass with just a username.

Hacktron AI