GatewayToHeaven: Finding a Cross-Tenant Vulnerability in GCP's Apigee

https://omeramiad.com/posts/gatewaytoheaven-gcp-cross-tenant-vulnerability/

Evaluating and mitigating the growing risk of LLM-discovered 0-days

https://red.anthropic.com/2026/zero-days/

Understanding and Experimenting with Apple's Pointer Authentication Codes (PAC) on iOS
https://blog.reversesociety.co/blog/2026/pointer-authentication-code-for-ios

TRUSTING CLAUDE WITH A KNIFE: UNAUTHORIZED PROMPT INJECTION TO RCE IN ANTHROPIC’S CLAUDE CODE ACTION

https://johnstawinski.com/2026/02/05/trusting-claude-with-a-knife-unauthorized-prompt-injection-to-rce-in-anthropics-claude-code-action/

RCE in Google's AI code editor Antigravity - $10000 Bounty

https://www.hacktron.ai/blog/hacking-google-antigravity

When Audits Fail Part 2: From Pre-Auth SSRF to RCE in TRUfusion Enterprise

https://www.rcesecurity.com/2026/02/when-audits-fail-from-pre-auth-ssrf-to-rce-in-trufusion-enterprise/

GraphQL Pentesting for Bug Bounty Hunters: From Endpoint Discovery to High-Impact Exploits…!

https://medium.com/@mpjani294/graphql-pentesting-for-bug-bounty-hunters-from-endpoint-discovery-to-high-impact-exploits-821f64a953b5

How I Cured My Bug Hunting AI's Goldfish Memory

https://labs.trace37.com/blog/mastermind-hooks-architecture/

New Burp Bounty Pro v3.0.0 release:
* Multi-Step Scanning: Chain Attacks That Single Requests Can't
* Time-Based Detection Engine: Catch What String Matching Misses
* Global Variables System: Write Profiles Once, Reuse Everywhere
* Per-Scan Performance Control: Different Settings for Different Targets
* True Pause & Resume: No More Lost Scan State
* UI Improvements: Faster Profile Workflow
* Tag-Based Passive Scan Launching

https://bountysecurity.ai/blogs/news/new-burp-bounty-pro-v3-0-0-release

How We Hacked McKinsey's AI Platform
https://codewall.ai/blog/how-we-hacked-mckinseys-ai-platform

Hacking Gemini Enterprise for a $15,000 bounty

https://x.com/behi_sec/status/2029219439028171210?s=46&t=RUHDSSKAhWrUfYiwLCvA2w

LeakyLooker: Hacking Google Cloud’s Data via Dangerous Looker Studio Vulnerabilities

https://www.tenable.com/blog/leakylooker-google-cloud-looker-studio-vulnerabilities

Needle in the haystack: LLMs for vulnerability research

https://devansh.bearblog.dev/needle-in-the-haystack/

ALMOST IMPOSSIBLE: JAVA DESERIALIZATION THROUGH BROKEN CRYPTO IN OPENTEXT DIRECTORY SERVICES

https://slcyber.io/research-center/almost-impossible-java-deserialization-through-broken-crypto-in-opentext-directory-services/

Analysis of RCE of Xiaomi C400 camera by exploiting Vulnerability #1 and #3 combined together. Vulnerabilities are not patched!
Vulnerability #1: Xiaomi - miIO Protocol Authentication Bypass
Vulnerability #2: Xiaomi - miIO client cryptographically weak PRNG
Vulnerability #3: miIO client heap buffer overflow
Analysis: https://labs.taszk.io/articles/post/nowyouseemi/
Exploits and jailbreak for Xiaomi Smart Cameras: https://github.com/TaszkSecLabs/xiaomi-c400-pwn

Pentesting a pentest agent - Here's what I've found in AWS Security Agent

https://blog.richardfan.xyz/2026/03/14/pentesting-a-pentest-agent-heres-what-ive-found-in-aws-security-agent.html

CVE-2026-22730: SQL Injection in Spring AI’s MariaDB Vector Store

https://blog.securelayer7.net/cve-2026-22730-sql-injection-spring-ai-mariadb/

Instagram Notes Audio Leakage via URL Extraction (Fixed & Rewarded)

https://github.com/i12gocaj/Instagram-Notes-Audio-Leakage-via-URL-Extraction-Fixed

How I Earned $76,000 From a Single Program on Bugcrowd

https://anonhunter.medium.com/how-i-earned-76-000-from-a-single-program-on-bugcrowd-adf2a0eeece0

Remote Command Execution in Google Cloud with Single Directory Deletion

https://flatt.tech/research/posts/remote-command-execution-in-google-cloud-with-single-directory-deletion/