Securitycipher
@securitycipher.bsky.social
📃 Write-ups and Resources 🚀 related to Bug Bounty💲 #bugbounty #bugbountytips
$1,000 Bounty: How a Logout Parameter Turned Into a Phishing Redirect Machine
https://meetcyber.net/1-000-bounty-how-a-logout-parameter-turned-into-a-phishing-redirect-machine-4b42fffa9900?source=rss------bug_bounty-5
https://meetcyber.net/1-000-bounty-how-a-logout-parameter-turned-into-a-phishing-redirect-machine-4b42fffa9900?source=rss------bug_bounty-5
December 20, 2025 at 12:16 PM
$1,000 Bounty: How a Logout Parameter Turned Into a Phishing Redirect Machine
https://meetcyber.net/1-000-bounty-how-a-logout-parameter-turned-into-a-phishing-redirect-machine-4b42fffa9900?source=rss------bug_bounty-5
https://meetcyber.net/1-000-bounty-how-a-logout-parameter-turned-into-a-phishing-redirect-machine-4b42fffa9900?source=rss------bug_bounty-5
How a single backslash got me £1000 bounty from a bug bounty program
https://medium.com/@sairajthorat077/how-a-single-backslash-got-me-1000-bounty-from-a-bug-bounty-program-39239e8fc017?source=rss------bug_bounty-5
https://medium.com/@sairajthorat077/how-a-single-backslash-got-me-1000-bounty-from-a-bug-bounty-program-39239e8fc017?source=rss------bug_bounty-5
December 20, 2025 at 9:09 AM
How a single backslash got me £1000 bounty from a bug bounty program
https://medium.com/@sairajthorat077/how-a-single-backslash-got-me-1000-bounty-from-a-bug-bounty-program-39239e8fc017?source=rss------bug_bounty-5
https://medium.com/@sairajthorat077/how-a-single-backslash-got-me-1000-bounty-from-a-bug-bounty-program-39239e8fc017?source=rss------bug_bounty-5
From Prompt to Payout: How a ChatGPT Prompt Led Me to a Bounty
https://errorsec.medium.com/from-prompt-to-payout-how-a-chatgpt-prompt-led-me-to-a-bug-bounty-7b2893d846d4?source=rss------bug_bounty-5
https://errorsec.medium.com/from-prompt-to-payout-how-a-chatgpt-prompt-led-me-to-a-bug-bounty-7b2893d846d4?source=rss------bug_bounty-5
December 20, 2025 at 8:12 AM
From Prompt to Payout: How a ChatGPT Prompt Led Me to a Bounty
https://errorsec.medium.com/from-prompt-to-payout-how-a-chatgpt-prompt-led-me-to-a-bug-bounty-7b2893d846d4?source=rss------bug_bounty-5
https://errorsec.medium.com/from-prompt-to-payout-how-a-chatgpt-prompt-led-me-to-a-bug-bounty-7b2893d846d4?source=rss------bug_bounty-5
GraphQL Hacking Toolkit 2025: 20 Commands & Payloads Every Pentester Should Master
https://medium.com/@verylazytech/graphql-hacking-toolkit-2025-20-commands-payloads-every-pentester-should-master-336db9499b30?source=rss------bug_bounty-5
https://medium.com/@verylazytech/graphql-hacking-toolkit-2025-20-commands-payloads-every-pentester-should-master-336db9499b30?source=rss------bug_bounty-5
December 20, 2025 at 7:08 AM
GraphQL Hacking Toolkit 2025: 20 Commands & Payloads Every Pentester Should Master
https://medium.com/@verylazytech/graphql-hacking-toolkit-2025-20-commands-payloads-every-pentester-should-master-336db9499b30?source=rss------bug_bounty-5
https://medium.com/@verylazytech/graphql-hacking-toolkit-2025-20-commands-payloads-every-pentester-should-master-336db9499b30?source=rss------bug_bounty-5
From Curiosity to Cash: How I Bypassed 2FA and Earned $300!
https://medium.com/@an.anonymous.school/from-curiosity-to-cash-how-i-bypassed-2fa-and-earned-300-b81ef4c01000?source=rss------bug_bounty-5
https://medium.com/@an.anonymous.school/from-curiosity-to-cash-how-i-bypassed-2fa-and-earned-300-b81ef4c01000?source=rss------bug_bounty-5
December 20, 2025 at 5:09 AM
From Curiosity to Cash: How I Bypassed 2FA and Earned $300!
https://medium.com/@an.anonymous.school/from-curiosity-to-cash-how-i-bypassed-2fa-and-earned-300-b81ef4c01000?source=rss------bug_bounty-5
https://medium.com/@an.anonymous.school/from-curiosity-to-cash-how-i-bypassed-2fa-and-earned-300-b81ef4c01000?source=rss------bug_bounty-5
Improper SVG Handling in AI Generated Output
https://medium.com/@Mohamed_khattab/improper-svg-handling-in-ai-generated-output-b434b5d0da8c?source=rss------bug_bounty-5
https://medium.com/@Mohamed_khattab/improper-svg-handling-in-ai-generated-output-b434b5d0da8c?source=rss------bug_bounty-5
December 20, 2025 at 4:15 AM
Improper SVG Handling in AI Generated Output
https://medium.com/@Mohamed_khattab/improper-svg-handling-in-ai-generated-output-b434b5d0da8c?source=rss------bug_bounty-5
https://medium.com/@Mohamed_khattab/improper-svg-handling-in-ai-generated-output-b434b5d0da8c?source=rss------bug_bounty-5
Analysis of Sensitive Information Vulnerability in Public XML Files
https://medium.com/@albertstive1010/analysis-of-sensitive-information-vulnerability-in-public-xml-files-840ef304e88a?source=rss------bug_bounty-5
https://medium.com/@albertstive1010/analysis-of-sensitive-information-vulnerability-in-public-xml-files-840ef304e88a?source=rss------bug_bounty-5
December 20, 2025 at 2:26 AM
Analysis of Sensitive Information Vulnerability in Public XML Files
https://medium.com/@albertstive1010/analysis-of-sensitive-information-vulnerability-in-public-xml-files-840ef304e88a?source=rss------bug_bounty-5
https://medium.com/@albertstive1010/analysis-of-sensitive-information-vulnerability-in-public-xml-files-840ef304e88a?source=rss------bug_bounty-5
Missing AES-GCM Authentication Tag Validation and Improper Deprecation Handling
https://hackerone.com/reports/3463949
https://hackerone.com/reports/3463949
December 19, 2025 at 10:14 PM
Missing AES-GCM Authentication Tag Validation and Improper Deprecation Handling
https://hackerone.com/reports/3463949
https://hackerone.com/reports/3463949
Unauthorized access to any presentation at Dropbox
https://medium.com/@0xRaccoon/unauthorized-access-to-any-presentation-at-dropbox-604af454547d?source=rss------bug_bounty-5
https://medium.com/@0xRaccoon/unauthorized-access-to-any-presentation-at-dropbox-604af454547d?source=rss------bug_bounty-5
December 19, 2025 at 10:09 PM
Unauthorized access to any presentation at Dropbox
https://medium.com/@0xRaccoon/unauthorized-access-to-any-presentation-at-dropbox-604af454547d?source=rss------bug_bounty-5
https://medium.com/@0xRaccoon/unauthorized-access-to-any-presentation-at-dropbox-604af454547d?source=rss------bug_bounty-5
How I Found an Unauthenticated XXE That Allowed Arbitrary File Read in NASA
https://medium.com/@thomscoder/how-i-found-an-unauthenticated-xxe-that-allowed-arbitrary-file-read-in-nasa-bfffe24dc24e?source=rss------bug_bounty-5
https://medium.com/@thomscoder/how-i-found-an-unauthenticated-xxe-that-allowed-arbitrary-file-read-in-nasa-bfffe24dc24e?source=rss------bug_bounty-5
December 19, 2025 at 9:08 PM
How I Found an Unauthenticated XXE That Allowed Arbitrary File Read in NASA
https://medium.com/@thomscoder/how-i-found-an-unauthenticated-xxe-that-allowed-arbitrary-file-read-in-nasa-bfffe24dc24e?source=rss------bug_bounty-5
https://medium.com/@thomscoder/how-i-found-an-unauthenticated-xxe-that-allowed-arbitrary-file-read-in-nasa-bfffe24dc24e?source=rss------bug_bounty-5
Information disclosure, but not in the way you might expect
https://medium.com/@rajveer_0101/information-disclosure-but-not-in-the-way-you-might-expect-a914479e06cc?source=rss------bug_bounty-5
https://medium.com/@rajveer_0101/information-disclosure-but-not-in-the-way-you-might-expect-a914479e06cc?source=rss------bug_bounty-5
December 19, 2025 at 7:08 PM
Information disclosure, but not in the way you might expect
https://medium.com/@rajveer_0101/information-disclosure-but-not-in-the-way-you-might-expect-a914479e06cc?source=rss------bug_bounty-5
https://medium.com/@rajveer_0101/information-disclosure-but-not-in-the-way-you-might-expect-a914479e06cc?source=rss------bug_bounty-5
CVE-2025–67418: When Default Credentials Become a Remote Root Button
https://medium.com/@arpit03sharma2003/cve-2025-67418-when-default-credentials-become-a-remote-root-button-03be5ee4b927?source=rss------bug_bounty-5
https://medium.com/@arpit03sharma2003/cve-2025-67418-when-default-credentials-become-a-remote-root-button-03be5ee4b927?source=rss------bug_bounty-5
December 19, 2025 at 6:14 PM
CVE-2025–67418: When Default Credentials Become a Remote Root Button
https://medium.com/@arpit03sharma2003/cve-2025-67418-when-default-credentials-become-a-remote-root-button-03be5ee4b927?source=rss------bug_bounty-5
https://medium.com/@arpit03sharma2003/cve-2025-67418-when-default-credentials-become-a-remote-root-button-03be5ee4b927?source=rss------bug_bounty-5
Recon Fatigue Is Real — Until This One URL Paid My Rent
https://infosecwriteups.com/recon-fatigue-is-real-until-this-one-url-paid-my-rent-8768a51dc50e?source=rss------bug_bounty-5
https://infosecwriteups.com/recon-fatigue-is-real-until-this-one-url-paid-my-rent-8768a51dc50e?source=rss------bug_bounty-5
December 19, 2025 at 5:10 PM
Recon Fatigue Is Real — Until This One URL Paid My Rent
https://infosecwriteups.com/recon-fatigue-is-real-until-this-one-url-paid-my-rent-8768a51dc50e?source=rss------bug_bounty-5
https://infosecwriteups.com/recon-fatigue-is-real-until-this-one-url-paid-my-rent-8768a51dc50e?source=rss------bug_bounty-5
Outlawed / Banned from the Fraudulent Bug Bounty World: The Story of Cyber Kalki
https://medium.com/@elelyonmusk/outlawed-banned-from-the-fraudulent-bug-bounty-world-the-story-of-cyber-kalki-a73028b0959d?source=rss------bug_bounty-5
https://medium.com/@elelyonmusk/outlawed-banned-from-the-fraudulent-bug-bounty-world-the-story-of-cyber-kalki-a73028b0959d?source=rss------bug_bounty-5
December 19, 2025 at 4:11 PM
Outlawed / Banned from the Fraudulent Bug Bounty World: The Story of Cyber Kalki
https://medium.com/@elelyonmusk/outlawed-banned-from-the-fraudulent-bug-bounty-world-the-story-of-cyber-kalki-a73028b0959d?source=rss------bug_bounty-5
https://medium.com/@elelyonmusk/outlawed-banned-from-the-fraudulent-bug-bounty-world-the-story-of-cyber-kalki-a73028b0959d?source=rss------bug_bounty-5
How i Found Easy ₹5,000 IDOR | Bug Bounty Writeup | P3
https://medium.com/@rajankumarbarik143/how-i-found-easy-5-000-idor-bug-bounty-writeup-p3-27348656c4cd?source=rss------bug_bounty-5
https://medium.com/@rajankumarbarik143/how-i-found-easy-5-000-idor-bug-bounty-writeup-p3-27348656c4cd?source=rss------bug_bounty-5
December 19, 2025 at 2:10 PM
How i Found Easy ₹5,000 IDOR | Bug Bounty Writeup | P3
https://medium.com/@rajankumarbarik143/how-i-found-easy-5-000-idor-bug-bounty-writeup-p3-27348656c4cd?source=rss------bug_bounty-5
https://medium.com/@rajankumarbarik143/how-i-found-easy-5-000-idor-bug-bounty-writeup-p3-27348656c4cd?source=rss------bug_bounty-5
How I Found a $8,560 Password Reset Bug
https://medium.com/@codii/how-i-found-a-8-560-password-reset-bug-23a5845421c9?source=rss------bug_bounty-5
https://medium.com/@codii/how-i-found-a-8-560-password-reset-bug-23a5845421c9?source=rss------bug_bounty-5
December 19, 2025 at 1:25 PM
How I Found a $8,560 Password Reset Bug
https://medium.com/@codii/how-i-found-a-8-560-password-reset-bug-23a5845421c9?source=rss------bug_bounty-5
https://medium.com/@codii/how-i-found-a-8-560-password-reset-bug-23a5845421c9?source=rss------bug_bounty-5
CVE-2025–20393 (Cisco AsyncOS Zero-Day)
https://cyberleelawat.medium.com/cve-2025-20393-cisco-asyncos-zero-day-72b35798cdf9?source=rss------bug_bounty-5
https://cyberleelawat.medium.com/cve-2025-20393-cisco-asyncos-zero-day-72b35798cdf9?source=rss------bug_bounty-5
December 19, 2025 at 11:09 AM
CVE-2025–20393 (Cisco AsyncOS Zero-Day)
https://cyberleelawat.medium.com/cve-2025-20393-cisco-asyncos-zero-day-72b35798cdf9?source=rss------bug_bounty-5
https://cyberleelawat.medium.com/cve-2025-20393-cisco-asyncos-zero-day-72b35798cdf9?source=rss------bug_bounty-5
The Open Redirect That Could Turn a Trusted URL Into a Weapon — A Bug Hunting Story
https://medium.com/@anshubind89/the-open-redirect-that-could-turn-a-trusted-url-into-a-weapon-a-bug-hunting-story-c01e47e5ab3a?source=rss------bug_bounty-5
https://medium.com/@anshubind89/the-open-redirect-that-could-turn-a-trusted-url-into-a-weapon-a-bug-hunting-story-c01e47e5ab3a?source=rss------bug_bounty-5
December 19, 2025 at 9:13 AM
The Open Redirect That Could Turn a Trusted URL Into a Weapon — A Bug Hunting Story
https://medium.com/@anshubind89/the-open-redirect-that-could-turn-a-trusted-url-into-a-weapon-a-bug-hunting-story-c01e47e5ab3a?source=rss------bug_bounty-5
https://medium.com/@anshubind89/the-open-redirect-that-could-turn-a-trusted-url-into-a-weapon-a-bug-hunting-story-c01e47e5ab3a?source=rss------bug_bounty-5
Top 10 Subdomain Discovery Tools That Beat Amass: Level Up Your Recon Game
https://medium.com/@verylazytech/top-10-subdomain-discovery-tools-that-beat-amass-level-up-your-recon-game-eea86f3b284d?source=rss------bug_bounty-5
https://medium.com/@verylazytech/top-10-subdomain-discovery-tools-that-beat-amass-level-up-your-recon-game-eea86f3b284d?source=rss------bug_bounty-5
December 19, 2025 at 7:12 AM
Top 10 Subdomain Discovery Tools That Beat Amass: Level Up Your Recon Game
https://medium.com/@verylazytech/top-10-subdomain-discovery-tools-that-beat-amass-level-up-your-recon-game-eea86f3b284d?source=rss------bug_bounty-5
https://medium.com/@verylazytech/top-10-subdomain-discovery-tools-that-beat-amass-level-up-your-recon-game-eea86f3b284d?source=rss------bug_bounty-5
How 4 Months of Sleepless Nights Led Me to My First NASA Letter of Recognition
https://medium.com/@ninadgowda777/how-4-months-of-sleepless-nights-led-me-to-my-first-nasa-letter-of-recognition-c6a8174356c4?source=rss------bug_bounty-5
https://medium.com/@ninadgowda777/how-4-months-of-sleepless-nights-led-me-to-my-first-nasa-letter-of-recognition-c6a8174356c4?source=rss------bug_bounty-5
December 19, 2025 at 6:15 AM
How 4 Months of Sleepless Nights Led Me to My First NASA Letter of Recognition
https://medium.com/@ninadgowda777/how-4-months-of-sleepless-nights-led-me-to-my-first-nasa-letter-of-recognition-c6a8174356c4?source=rss------bug_bounty-5
https://medium.com/@ninadgowda777/how-4-months-of-sleepless-nights-led-me-to-my-first-nasa-letter-of-recognition-c6a8174356c4?source=rss------bug_bounty-5
Understanding React2Shell: A Critical Vulnerability in React Server Components (CVE-2025–55182)
https://osintteam.blog/understanding-react2shell-a-critical-vulnerability-in-react-server-components-cve-2025-55182-9a834711c0ee?source=rss------bug_bounty-5
https://osintteam.blog/understanding-react2shell-a-critical-vulnerability-in-react-server-components-cve-2025-55182-9a834711c0ee?source=rss------bug_bounty-5
December 19, 2025 at 3:51 AM
Understanding React2Shell: A Critical Vulnerability in React Server Components (CVE-2025–55182)
https://osintteam.blog/understanding-react2shell-a-critical-vulnerability-in-react-server-components-cve-2025-55182-9a834711c0ee?source=rss------bug_bounty-5
https://osintteam.blog/understanding-react2shell-a-critical-vulnerability-in-react-server-components-cve-2025-55182-9a834711c0ee?source=rss------bug_bounty-5
The Password Alchemist: How a Simple Parameter Swap Led to Full Account Takeover
https://osintteam.blog/the-password-alchemist-how-a-simple-parameter-swap-led-to-full-account-takeover-d3436b226889?source=rss------bug_bounty-5
https://osintteam.blog/the-password-alchemist-how-a-simple-parameter-swap-led-to-full-account-takeover-d3436b226889?source=rss------bug_bounty-5
December 19, 2025 at 2:45 AM
The Password Alchemist: How a Simple Parameter Swap Led to Full Account Takeover
https://osintteam.blog/the-password-alchemist-how-a-simple-parameter-swap-led-to-full-account-takeover-d3436b226889?source=rss------bug_bounty-5
https://osintteam.blog/the-password-alchemist-how-a-simple-parameter-swap-led-to-full-account-takeover-d3436b226889?source=rss------bug_bounty-5
Why AI-Driven Vibe Hacking Demands a New DevSecOps Mindset
https://medium.com/@Cyber-AppSec/why-ai-driven-vibe-hacking-demands-a-new-devsecops-mindset-790c0383ca38?source=rss------bug_bounty-5
https://medium.com/@Cyber-AppSec/why-ai-driven-vibe-hacking-demands-a-new-devsecops-mindset-790c0383ca38?source=rss------bug_bounty-5
December 18, 2025 at 11:09 PM
Why AI-Driven Vibe Hacking Demands a New DevSecOps Mindset
https://medium.com/@Cyber-AppSec/why-ai-driven-vibe-hacking-demands-a-new-devsecops-mindset-790c0383ca38?source=rss------bug_bounty-5
https://medium.com/@Cyber-AppSec/why-ai-driven-vibe-hacking-demands-a-new-devsecops-mindset-790c0383ca38?source=rss------bug_bounty-5
December 18, 2025 at 10:13 PM