Securitycipher
@securitycipher.bsky.social
📃 Write-ups and Resources 🚀 related to Bug Bounty💲 #bugbounty #bugbountytips
The “TMI” Endpoint: Why Unauthenticated Health Checks Are a Hacker’s Best Friend (And Why I Got 0…
https://zer0figure.medium.com/the-tmi-endpoint-why-unauthenticated-health-checks-are-a-hackers-best-friend-and-why-i-got-0-2945d21ea08f?source=rss------bug_bounty-5
https://zer0figure.medium.com/the-tmi-endpoint-why-unauthenticated-health-checks-are-a-hackers-best-friend-and-why-i-got-0-2945d21ea08f?source=rss------bug_bounty-5
January 28, 2026 at 5:18 AM
The “TMI” Endpoint: Why Unauthenticated Health Checks Are a Hacker’s Best Friend (And Why I Got 0…
https://zer0figure.medium.com/the-tmi-endpoint-why-unauthenticated-health-checks-are-a-hackers-best-friend-and-why-i-got-0-2945d21ea08f?source=rss------bug_bounty-5
https://zer0figure.medium.com/the-tmi-endpoint-why-unauthenticated-health-checks-are-a-hackers-best-friend-and-why-i-got-0-2945d21ea08f?source=rss------bug_bounty-5
How to Build a Cybersecurity Career in 2026 — Courses, Skills & Tools
https://cyberbruharmy.medium.com/how-to-build-a-cybersecurity-career-in-2026-courses-skills-tools-9b51d4f02362?source=rss------bug_bounty-5
https://cyberbruharmy.medium.com/how-to-build-a-cybersecurity-career-in-2026-courses-skills-tools-9b51d4f02362?source=rss------bug_bounty-5
January 28, 2026 at 4:01 AM
How to Build a Cybersecurity Career in 2026 — Courses, Skills & Tools
https://cyberbruharmy.medium.com/how-to-build-a-cybersecurity-career-in-2026-courses-skills-tools-9b51d4f02362?source=rss------bug_bounty-5
https://cyberbruharmy.medium.com/how-to-build-a-cybersecurity-career-in-2026-courses-skills-tools-9b51d4f02362?source=rss------bug_bounty-5
Hashcat Guide: Password Recovery and Security Auditing
https://medium.com/@jpablo13/hashcat-guide-password-recovery-and-security-auditing-8e48f63ea27f?source=rss------bug_bounty-5
https://medium.com/@jpablo13/hashcat-guide-password-recovery-and-security-auditing-8e48f63ea27f?source=rss------bug_bounty-5
January 28, 2026 at 12:51 AM
Hashcat Guide: Password Recovery and Security Auditing
https://medium.com/@jpablo13/hashcat-guide-password-recovery-and-security-auditing-8e48f63ea27f?source=rss------bug_bounty-5
https://medium.com/@jpablo13/hashcat-guide-password-recovery-and-security-auditing-8e48f63ea27f?source=rss------bug_bounty-5
One-Click Workspace Takeover: Exploiting XSS and CSRF + WAF Bypass (F*ck HttpOnly)
https://medium.com/@ph4nt0mbyt3/one-click-workspace-takeover-exploiting-xss-and-csrf-waf-bypass-f-ck-httponly-e4e9fbbaed75?source=rss------bug_bounty-5
https://medium.com/@ph4nt0mbyt3/one-click-workspace-takeover-exploiting-xss-and-csrf-waf-bypass-f-ck-httponly-e4e9fbbaed75?source=rss------bug_bounty-5
January 27, 2026 at 11:10 PM
One-Click Workspace Takeover: Exploiting XSS and CSRF + WAF Bypass (F*ck HttpOnly)
https://medium.com/@ph4nt0mbyt3/one-click-workspace-takeover-exploiting-xss-and-csrf-waf-bypass-f-ck-httponly-e4e9fbbaed75?source=rss------bug_bounty-5
https://medium.com/@ph4nt0mbyt3/one-click-workspace-takeover-exploiting-xss-and-csrf-waf-bypass-f-ck-httponly-e4e9fbbaed75?source=rss------bug_bounty-5
HTTP Requests, Responses, Headers & Methods for Beginners
https://medium.com/@anshkamra00/http-requests-responses-headers-methods-for-beginners-d00c790a78fe?source=rss------bug_bounty-5
https://medium.com/@anshkamra00/http-requests-responses-headers-methods-for-beginners-d00c790a78fe?source=rss------bug_bounty-5
January 27, 2026 at 9:08 PM
HTTP Requests, Responses, Headers & Methods for Beginners
https://medium.com/@anshkamra00/http-requests-responses-headers-methods-for-beginners-d00c790a78fe?source=rss------bug_bounty-5
https://medium.com/@anshkamra00/http-requests-responses-headers-methods-for-beginners-d00c790a78fe?source=rss------bug_bounty-5
How your API might be exposing everything
https://0trccccc.medium.com/how-your-api-might-be-exposing-everything-b3a999439533?source=rss------bug_bounty-5
https://0trccccc.medium.com/how-your-api-might-be-exposing-everything-b3a999439533?source=rss------bug_bounty-5
January 27, 2026 at 8:11 PM
How your API might be exposing everything
https://0trccccc.medium.com/how-your-api-might-be-exposing-everything-b3a999439533?source=rss------bug_bounty-5
https://0trccccc.medium.com/how-your-api-might-be-exposing-everything-b3a999439533?source=rss------bug_bounty-5
How I Found a Clickable Link Injection Issue in a Verification Email (Beginner Friendly)
https://medium.com/@Sahal07/how-i-found-a-clickable-link-injection-issue-in-a-verification-email-beginner-friendly-14fda535a4bf?source=rss------bug_bounty-5
https://medium.com/@Sahal07/how-i-found-a-clickable-link-injection-issue-in-a-verification-email-beginner-friendly-14fda535a4bf?source=rss------bug_bounty-5
January 27, 2026 at 7:18 PM
How I Found a Clickable Link Injection Issue in a Verification Email (Beginner Friendly)
https://medium.com/@Sahal07/how-i-found-a-clickable-link-injection-issue-in-a-verification-email-beginner-friendly-14fda535a4bf?source=rss------bug_bounty-5
https://medium.com/@Sahal07/how-i-found-a-clickable-link-injection-issue-in-a-verification-email-beginner-friendly-14fda535a4bf?source=rss------bug_bounty-5
Exploit Lab: CVE-2026–24061 (telnetd)
https://medium.com/@josh.beck2006/exploit-lab-cve-2026-24061-telnetd-772306d3b0ba?source=rss------bug_bounty-5
https://medium.com/@josh.beck2006/exploit-lab-cve-2026-24061-telnetd-772306d3b0ba?source=rss------bug_bounty-5
January 27, 2026 at 6:20 PM
Exploit Lab: CVE-2026–24061 (telnetd)
https://medium.com/@josh.beck2006/exploit-lab-cve-2026-24061-telnetd-772306d3b0ba?source=rss------bug_bounty-5
https://medium.com/@josh.beck2006/exploit-lab-cve-2026-24061-telnetd-772306d3b0ba?source=rss------bug_bounty-5
When “Export CSV” Becomes a Data Breach: A Case Study of a IDOR in a Crypto Platform
https://mokhansec.medium.com/when-export-csv-becomes-a-data-breach-a-case-study-of-a-idor-in-a-crypto-platform-ba29149d7c4a?source=rss------bug_bounty-5
https://mokhansec.medium.com/when-export-csv-becomes-a-data-breach-a-case-study-of-a-idor-in-a-crypto-platform-ba29149d7c4a?source=rss------bug_bounty-5
January 27, 2026 at 1:37 PM
When “Export CSV” Becomes a Data Breach: A Case Study of a IDOR in a Crypto Platform
https://mokhansec.medium.com/when-export-csv-becomes-a-data-breach-a-case-study-of-a-idor-in-a-crypto-platform-ba29149d7c4a?source=rss------bug_bounty-5
https://mokhansec.medium.com/when-export-csv-becomes-a-data-breach-a-case-study-of-a-idor-in-a-crypto-platform-ba29149d7c4a?source=rss------bug_bounty-5
From $0 to Your First Bug Bounty: A Beginner’s 14-Day Roadmap (2026, No Paid Tools)
https://medium.com/@bughuntersjournal/from-0-to-your-first-bug-bounty-a-beginners-14-day-roadmap-2026-no-paid-tools-e6d0cc990c92?source=rss------bug_bounty-5
https://medium.com/@bughuntersjournal/from-0-to-your-first-bug-bounty-a-beginners-14-day-roadmap-2026-no-paid-tools-e6d0cc990c92?source=rss------bug_bounty-5
January 27, 2026 at 12:21 PM
From $0 to Your First Bug Bounty: A Beginner’s 14-Day Roadmap (2026, No Paid Tools)
https://medium.com/@bughuntersjournal/from-0-to-your-first-bug-bounty-a-beginners-14-day-roadmap-2026-no-paid-tools-e6d0cc990c92?source=rss------bug_bounty-5
https://medium.com/@bughuntersjournal/from-0-to-your-first-bug-bounty-a-beginners-14-day-roadmap-2026-no-paid-tools-e6d0cc990c92?source=rss------bug_bounty-5
I Reported an IDOR, Made $25,000, and Learned More About Bug Bounties Than I Expected
https://medium.com/@justas_b_2/i-reported-an-idor-made-25-000-and-learned-more-about-bug-bounties-than-i-expected-8354e68e1ffe?source=rss------bug_bounty-5
https://medium.com/@justas_b_2/i-reported-an-idor-made-25-000-and-learned-more-about-bug-bounties-than-i-expected-8354e68e1ffe?source=rss------bug_bounty-5
January 27, 2026 at 11:13 AM
I Reported an IDOR, Made $25,000, and Learned More About Bug Bounties Than I Expected
https://medium.com/@justas_b_2/i-reported-an-idor-made-25-000-and-learned-more-about-bug-bounties-than-i-expected-8354e68e1ffe?source=rss------bug_bounty-5
https://medium.com/@justas_b_2/i-reported-an-idor-made-25-000-and-learned-more-about-bug-bounties-than-i-expected-8354e68e1ffe?source=rss------bug_bounty-5
Windows PrivEsc 2025: 20 New Tools & Techniques to Master Privilege Escalation
https://medium.com/@verylazytech/windows-privesc-2025-20-new-tools-techniques-to-master-privilege-escalation-b74a5db5f6be?source=rss------bug_bounty-5
https://medium.com/@verylazytech/windows-privesc-2025-20-new-tools-techniques-to-master-privilege-escalation-b74a5db5f6be?source=rss------bug_bounty-5
January 27, 2026 at 9:20 AM
Windows PrivEsc 2025: 20 New Tools & Techniques to Master Privilege Escalation
https://medium.com/@verylazytech/windows-privesc-2025-20-new-tools-techniques-to-master-privilege-escalation-b74a5db5f6be?source=rss------bug_bounty-5
https://medium.com/@verylazytech/windows-privesc-2025-20-new-tools-techniques-to-master-privilege-escalation-b74a5db5f6be?source=rss------bug_bounty-5
Breaking the Web (Part 9): Business Logic Vulnerabilities — When the App Works as Designed… but…
https://medium.com/@cybercom0101/breaking-the-web-part-9-business-logic-vulnerabilities-when-the-app-works-as-designed-but-9acb9a89c345?source=rss------bug_bounty-5
https://medium.com/@cybercom0101/breaking-the-web-part-9-business-logic-vulnerabilities-when-the-app-works-as-designed-but-9acb9a89c345?source=rss------bug_bounty-5
January 27, 2026 at 8:16 AM
Breaking the Web (Part 9): Business Logic Vulnerabilities — When the App Works as Designed… but…
https://medium.com/@cybercom0101/breaking-the-web-part-9-business-logic-vulnerabilities-when-the-app-works-as-designed-but-9acb9a89c345?source=rss------bug_bounty-5
https://medium.com/@cybercom0101/breaking-the-web-part-9-business-logic-vulnerabilities-when-the-app-works-as-designed-but-9acb9a89c345?source=rss------bug_bounty-5
IDOR Vulnerability in WEB3 Bug Bounty Platform Exposing User Sensitive PII
https://meetcyber.net/idor-vulnerability-in-web3-bug-bounty-platform-exposing-user-sensitive-pii-27bb5348db58?source=rss------bug_bounty-5
https://meetcyber.net/idor-vulnerability-in-web3-bug-bounty-platform-exposing-user-sensitive-pii-27bb5348db58?source=rss------bug_bounty-5
January 27, 2026 at 4:06 AM
IDOR Vulnerability in WEB3 Bug Bounty Platform Exposing User Sensitive PII
https://meetcyber.net/idor-vulnerability-in-web3-bug-bounty-platform-exposing-user-sensitive-pii-27bb5348db58?source=rss------bug_bounty-5
https://meetcyber.net/idor-vulnerability-in-web3-bug-bounty-platform-exposing-user-sensitive-pii-27bb5348db58?source=rss------bug_bounty-5
Guía de Hashcat: Recuperación de Contraseñas y Auditoría de Seguridad
https://medium.com/@jpablo13/gu%C3%ADa-de-hashcat-recuperaci%C3%B3n-de-contrase%C3%B1as-y-auditor%C3%ADa-de-seguridad-868181eaff8a?source=rss------bug_bounty-5
https://medium.com/@jpablo13/gu%C3%ADa-de-hashcat-recuperaci%C3%B3n-de-contrase%C3%B1as-y-auditor%C3%ADa-de-seguridad-868181eaff8a?source=rss------bug_bounty-5
January 27, 2026 at 12:53 AM
Guía de Hashcat: Recuperación de Contraseñas y Auditoría de Seguridad
https://medium.com/@jpablo13/gu%C3%ADa-de-hashcat-recuperaci%C3%B3n-de-contrase%C3%B1as-y-auditor%C3%ADa-de-seguridad-868181eaff8a?source=rss------bug_bounty-5
https://medium.com/@jpablo13/gu%C3%ADa-de-hashcat-recuperaci%C3%B3n-de-contrase%C3%B1as-y-auditor%C3%ADa-de-seguridad-868181eaff8a?source=rss------bug_bounty-5
Email Body Truncation via Null Byte Injection
https://medium.com/@0xcyborg/email-body-truncation-via-null-byte-injection-21f753bf2c64?source=rss------bug_bounty-5
https://medium.com/@0xcyborg/email-body-truncation-via-null-byte-injection-21f753bf2c64?source=rss------bug_bounty-5
January 26, 2026 at 11:10 PM
Email Body Truncation via Null Byte Injection
https://medium.com/@0xcyborg/email-body-truncation-via-null-byte-injection-21f753bf2c64?source=rss------bug_bounty-5
https://medium.com/@0xcyborg/email-body-truncation-via-null-byte-injection-21f753bf2c64?source=rss------bug_bounty-5
Bug Bounty in 2026: How to Find Your First Vulnerability (Without Losing Your Sanity)
https://medium.com/h7w/bug-bounty-in-2026-how-to-find-your-first-vulnerability-without-losing-your-sanity-f89d4c6b7ba2?source=rss------bug_bounty-5
https://medium.com/h7w/bug-bounty-in-2026-how-to-find-your-first-vulnerability-without-losing-your-sanity-f89d4c6b7ba2?source=rss------bug_bounty-5
January 26, 2026 at 9:12 PM
Bug Bounty in 2026: How to Find Your First Vulnerability (Without Losing Your Sanity)
https://medium.com/h7w/bug-bounty-in-2026-how-to-find-your-first-vulnerability-without-losing-your-sanity-f89d4c6b7ba2?source=rss------bug_bounty-5
https://medium.com/h7w/bug-bounty-in-2026-how-to-find-your-first-vulnerability-without-losing-your-sanity-f89d4c6b7ba2?source=rss------bug_bounty-5
January 26, 2026 at 8:18 PM
Broken Object Level Authorization (BOLA)
https://medium.com/@emmanuelnnebedum704/broken-object-level-authorization-bola-1db36dadd9c1?source=rss------bug_bounty-5
https://medium.com/@emmanuelnnebedum704/broken-object-level-authorization-bola-1db36dadd9c1?source=rss------bug_bounty-5
January 26, 2026 at 7:15 PM
Broken Object Level Authorization (BOLA)
https://medium.com/@emmanuelnnebedum704/broken-object-level-authorization-bola-1db36dadd9c1?source=rss------bug_bounty-5
https://medium.com/@emmanuelnnebedum704/broken-object-level-authorization-bola-1db36dadd9c1?source=rss------bug_bounty-5
This Mobile App Trusted My Phone More Than It Should Have ⚠️
https://infosecwriteups.com/this-mobile-app-trusted-my-phone-more-than-it-should-have-%EF%B8%8F-821befd8c879?source=rss------bug_bounty-5
https://infosecwriteups.com/this-mobile-app-trusted-my-phone-more-than-it-should-have-%EF%B8%8F-821befd8c879?source=rss------bug_bounty-5
January 26, 2026 at 6:18 PM
This Mobile App Trusted My Phone More Than It Should Have ⚠️
https://infosecwriteups.com/this-mobile-app-trusted-my-phone-more-than-it-should-have-%EF%B8%8F-821befd8c879?source=rss------bug_bounty-5
https://infosecwriteups.com/this-mobile-app-trusted-my-phone-more-than-it-should-have-%EF%B8%8F-821befd8c879?source=rss------bug_bounty-5
Understanding SSRF and Detecting It With AI, Enter See-SURF
https://infosecwriteups.com/understanding-ssrf-and-detecting-it-with-ai-enter-see-surf-0277e0179a50?source=rss------bug_bounty-5
https://infosecwriteups.com/understanding-ssrf-and-detecting-it-with-ai-enter-see-surf-0277e0179a50?source=rss------bug_bounty-5
January 26, 2026 at 5:19 PM
Understanding SSRF and Detecting It With AI, Enter See-SURF
https://infosecwriteups.com/understanding-ssrf-and-detecting-it-with-ai-enter-see-surf-0277e0179a50?source=rss------bug_bounty-5
https://infosecwriteups.com/understanding-ssrf-and-detecting-it-with-ai-enter-see-surf-0277e0179a50?source=rss------bug_bounty-5
How I Turned a Boring Self-XSS into a Real-World Attack Using CSRF
https://medium.com/@mostafamhmoud378/how-i-turned-a-boring-self-xss-into-a-real-world-attack-using-csrf-37cf3a78e3da?source=rss------bug_bounty-5
https://medium.com/@mostafamhmoud378/how-i-turned-a-boring-self-xss-into-a-real-world-attack-using-csrf-37cf3a78e3da?source=rss------bug_bounty-5
January 26, 2026 at 3:17 PM
How I Turned a Boring Self-XSS into a Real-World Attack Using CSRF
https://medium.com/@mostafamhmoud378/how-i-turned-a-boring-self-xss-into-a-real-world-attack-using-csrf-37cf3a78e3da?source=rss------bug_bounty-5
https://medium.com/@mostafamhmoud378/how-i-turned-a-boring-self-xss-into-a-real-world-attack-using-csrf-37cf3a78e3da?source=rss------bug_bounty-5
Freezing the Autonomous Agent Layer: How I Found a Critical DoS in a Major DAG Platform
https://medium.com/@sumitshahorg/freezing-the-autonomous-agent-layer-how-i-found-a-critical-dos-in-a-major-dag-platform-b166bc238b69?source=rss------bug_bounty-5
https://medium.com/@sumitshahorg/freezing-the-autonomous-agent-layer-how-i-found-a-critical-dos-in-a-major-dag-platform-b166bc238b69?source=rss------bug_bounty-5
January 26, 2026 at 2:17 PM
Freezing the Autonomous Agent Layer: How I Found a Critical DoS in a Major DAG Platform
https://medium.com/@sumitshahorg/freezing-the-autonomous-agent-layer-how-i-found-a-critical-dos-in-a-major-dag-platform-b166bc238b69?source=rss------bug_bounty-5
https://medium.com/@sumitshahorg/freezing-the-autonomous-agent-layer-how-i-found-a-critical-dos-in-a-major-dag-platform-b166bc238b69?source=rss------bug_bounty-5
How I Identified a Session Management Flaw and Pushed for Change at an organisation serving 10M+…
https://medium.com/@shantanuguptasg_81/how-i-identified-a-session-management-flaw-and-pushed-for-change-at-an-organisation-serving-10m-a475f9920175?source=rss------bug_bounty-5
https://medium.com/@shantanuguptasg_81/how-i-identified-a-session-management-flaw-and-pushed-for-change-at-an-organisation-serving-10m-a475f9920175?source=rss------bug_bounty-5
January 26, 2026 at 1:36 PM
How I Identified a Session Management Flaw and Pushed for Change at an organisation serving 10M+…
https://medium.com/@shantanuguptasg_81/how-i-identified-a-session-management-flaw-and-pushed-for-change-at-an-organisation-serving-10m-a475f9920175?source=rss------bug_bounty-5
https://medium.com/@shantanuguptasg_81/how-i-identified-a-session-management-flaw-and-pushed-for-change-at-an-organisation-serving-10m-a475f9920175?source=rss------bug_bounty-5
eWPTXv3 Exam Review
https://medium.com/@halilkirazkaya/ewptxv3-exam-review-b10ea5b8541a?source=rss------bug_bounty-5
https://medium.com/@halilkirazkaya/ewptxv3-exam-review-b10ea5b8541a?source=rss------bug_bounty-5
January 26, 2026 at 12:21 PM