Today SonarSource is pleased to share a guest contribution to our Code Security blog series about learnings from a chain of serious vulnerabilities in MyBB.

Denoscription: This is the second and final part of How I hacked Facebook you can find part one here [ How I hacked Facebook: part one ].

##Summary

While testing badoo i have noticed that users can use SMAL (Google,MSN,VKontakte,Odnoklassniki,Yandex
Mail.Ru) to create and login to badoo accounts. Now there are two ways of...

GTA Online. Infamous for its slow loading times. Having picked up the game again to finish some of the newer heists I was shocked (/s) to discover that it still loads just as slow as the day it was re

Announcing SecurityTrails Bug Bounty Hunting month where you will boost your skills with expert content, special discounts and giveaways.

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comp...

HackerOne's second virtual live hacking event with event partners, PayPal to share experiences from the event.

Insecure internal communication in DuckDuckGo Privacy Essentials leaked some info across domains, and an XSS vulnerability was exploitable by its server.

Hello everyone, sharing with you my first bug bounty write-up on how I was able to brute force an OTP (One Time Password) mechanism where…

Code PoC can be found here: https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome

File System Access API - vulnerabilities found by Maciej Pulikowski ( pulik.io )
This is my first video on youtube 🤩 So sorry for the weak video edit 😊
Keep it safe!…

بسم الله الرحمن الرحيم

**Summary:** `
vpn.inverselink.com` points to `54.202.130.246`, which is currently serving a TLS certificate for `Workday, Inc`. This seems to indicate that the subdomain is no longer controlled by...

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comp...

Ah, Google research grants, how effective you are! It seems as if exactly in these times when my energy levels are low, and I just-can’t-get-motivated to sit down and do something, exactly then a new ‘research grant’ lands in my mailbox and kicks me into…

Intro The OAuth2 authorization protocol has been under fire for the past ten years. You've probably already heard about plenty of "return_uri" tricks, token leakages, CSRF-style attacks on clients, an

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comp...

Since the release of Browser powered scanning back in Burp Suite Professional 2020.8.1 we have had a lot of customers asking us about our motivation for choosing to integrate with Chromium and fo