François ProulxinboostsecurityOpening the Pandora’s box — Supply Chain Insider Threats in Open Source projectsGiving repo “Write” in OSS project is risk. We look at insider threats in the context of a responsible disclosure for AWS Karpenter.Mar 15
Prajit SindhkarApple Hall Of Fame for a Small Misconfiguration || Unauth Cache PurgingHello guys👋👋 ,Prajit here from the BUG XS Team , recently I got acknowledgement for reporting a valid issue on Apple Program. So that…Jul 26, 20215
François ProulxinboostsecurityThe tale of a Supply Chain near-miss incidentWe disclosed to Chainguard in December 2023 that a GitHub Actions workflow we discovered was vulnerable to a “pwn request”, potentially…Feb 131Feb 131
Jonathan BoumanLaravel debug mode left on at Zouikwatzeggen.nlCoordinated vulnerability disclosure of a bug in an application used to submit reports of improper behaviour.Jun 30, 2023Jun 30, 2023
Harm van den BrinkHow a Charge Point Operator accidentally leaked authentication information of all its potential…In october 2023 I found a massive leak in the cloud platform (via an application programming interface) of one of the bigger charge point…Nov 30, 20231Nov 30, 20231
François ProulxinboostsecurityOpening the Pandora’s box — Supply Chain Insider Threats in Open Source projectsGiving repo “Write” in OSS project is risk. We look at insider threats in the context of a responsible disclosure for AWS Karpenter.Mar 15
Prajit SindhkarApple Hall Of Fame for a Small Misconfiguration || Unauth Cache PurgingHello guys👋👋 ,Prajit here from the BUG XS Team , recently I got acknowledgement for reporting a valid issue on Apple Program. So that…Jul 26, 20215
François ProulxinboostsecurityThe tale of a Supply Chain near-miss incidentWe disclosed to Chainguard in December 2023 that a GitHub Actions workflow we discovered was vulnerable to a “pwn request”, potentially…Feb 131
Jonathan BoumanLaravel debug mode left on at Zouikwatzeggen.nlCoordinated vulnerability disclosure of a bug in an application used to submit reports of improper behaviour.Jun 30, 2023
Harm van den BrinkHow a Charge Point Operator accidentally leaked authentication information of all its potential…In october 2023 I found a massive leak in the cloud platform (via an application programming interface) of one of the bigger charge point…Nov 30, 20231
Japz DivinoinPinoy White HatBypass HackerOne 2FA requirement and reporter blacklistSeverity: Medium (5.0) — High (7.1) Weakness: Improper Authorization Bounty: $10,000 Summary:Oct 31, 20186
Rj07CVE-2023–35078 Unveiled: Ethical Vulnerability Discovery and Reporting By Me and My Hunting Buddy…Introduction: In our regular vulnerability hunt,themalwarebug and I set on several services, narrowing down to a few select IP addresses…Nov 18, 2023
Ankur BhargavaHow I could have changed your WIFI Name & Password from anywhere in the worldIt all started with getting a new Broadband connection in Bangalore.Sep 12, 20202