May 14, 2026

Episode 174: Saving Bug Bounty Programs + AMPScript, tessl & GPT-5.5

Episode 174: Saving Bug Bounty Programs + AMPScript, tessl & GPT-5.5
Episode 174: Saving Bug Bounty Programs + AMPScript, tessl & GPT-5.5
Critical Thinking - Bug Bounty Podcast
Episode 174: Saving Bug Bounty Programs + AMPScript, tessl & GPT-5.5
Apple Podcasts podcast player badge
Spotify podcast player badge
Castro podcast player badge
RSS Feed podcast player badge
YouTube podcast player badge
Apple Podcasts podcast player iconSpotify podcast player iconCastro podcast player iconRSS Feed podcast player iconYouTube podcast player icon
Season 1

Episode 174: In this episode of Critical Thinking - Bug Bounty Podcast we follow up from last episode with some advice for BB platforms, as well as cover a slew of writeups from Searchlight Cyber, watchTowr, and Starstrike.


Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!


====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme


Critical Research Lab:

https://lab.ctbb.show/


====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!


We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


You can also find some hacker swag at https://ctbb.show/merch!


Need a Pentest? We just launched CTBB Pentests!

https://pentest.ctbb.show/


Hack full time? Check out the Full-Time Hunter’s Guild!

https://ctbb.show/fthg


====== This Week in Bug Bounty ======

COST, AI frontier models and more: A measured take on the future of security testing

https://www.yeswehack.com/security-best-practices/cost-mythos-future-security-testing


Common AI misconceptions debugged!

https://www.intigriti.com/blog/business-insights/common-misconceptions-debugged#trend-3-validity-ratios-remain-constant-ai-slop-isnt-rising-as-a-proportion


BountySync + Social

https://luma.com/bountysync_social


====== Resources ======

Ghosts of Encryption Past

https://slcyber.io/research-center/ghosts-of-encryption-past-salesforce-exacttarget/


tessl Skill Optimizer

https://tessl.io/registry/tessl/skill-optimizer/0.8.0


The Internet Is Falling Down, Falling Down, Falling Down

https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/


High Fidelity Check for the cPanel Authentication Bypass

https://slcyber.io/research-center/high-fidelity-check-for-the-cpanel-authentication-bypass-cve-2026-41940/


Achieving Deterministic Prompt Injection Through Client-Side Feedback Loops

https://blog.starstrike.ai/posts/achieving-deterministic-prompt-injection-through-client-side-feedback-loops/


GPT-5.5: Mythos-Like Hacking, Open To All

https://xbow.com/blog/mythos-like-hacking-open-to-all


Remote Command Execution in Google Cloud with Single Directory Deletion

https://flatt.tech/research/posts/remote-command-execution-in-google-cloud-with-single-directory-deletion/?utm_source=bugbountydaily.com&utm_medium=referral


====== Timestamps ======

(00:00:00) Introduction

(00:09:20) AMPScript

(00:25:10) Tessl Skill Optimizer

(00:33:07) cPanel & WHM Authentication Bypass

(00:40:46) Advice for Bug Bounty Programs

(00:50:07) Prompt Injection Through Client-Side Feedback Loops

(00:54:37) GPT 5.5

(01:01:00) Remote Command Execution in Google Cloud