Latest Bug Bounty Articles
Five key takeaways from the UKβs new Cyber Security & Resilience Bill
The content of the Cyber Security & Resilience Bill (CSRB) recently introduced to Parliament contained few surprises. Having spent a significant amount of time working with European cyber-security frameworks, particularly NIS2, I see the Bill as both a continuation of the trend towards common approaches, and a...
BugQuest 2026: 31 Days of Broken Access Control
In March 2026, we ran BugQuest, a 31-day campaign covering everything you need to know about finding and exploiting broken access control vulnerabilities. From understanding the basics of authentication and authorization to spotting subtle authorization bypasses in real code, we broke down one of the most critical...
Intigriti Bug Bytes #234 - March 2026 π
Hello hackers, Welcome to the latest edition of Bug Bytes! In this monthβs issue, weβll be featuring: Earning $180K via SSRFs Free Burp Suite Pro licenses for top hackers Bypassing tricky file upload restrictions Injecting malicious code into AI coding assistants And so much more! Letβs dive in! New: PortSwigger...
Intigriti 0326 CTF Challenge: Chaining DOM clobbering and CSP bypasses for XSS
At Intigriti, we host monthly web-based Capture The Flag (CTF) challenges as a way to engage with the security researcher community. This month's challenge, brought forward by Kulindu, presented us with a Secure Search Portal that, on the surface, appeared to be well protected. A strict Content Security Policy and...
Vulnerability disclosure for AI safeguards. How open should programs be and what incentives are necessary?
What you will learn How vulnerability disclosure applies specifically to AI safeguards and systems. The pros and cons of making AI disclosure programs more open/restricted. The kinds of incentives that motivate researchers. Which disclosure program structures can help organizations improve their AI security. In a...