Name: Balancing Bug Bounty Freedom with Hacking Time (Ep. 124)
Uploaded: 2025-05-29T10:00:21+00:00
Description: Episode 124: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph cover some news from around the community, hitting on Joseph’s Anthropic sa…

Episode 124: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph cover some news from around the community, hitting on Joseph’s Anthropic safety testing, Justin’s guest appearance on For Crying Out Cloud, and several fascinating tweets. Then they have a quick Full-time Bug Bounty check-in.

Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to https://twitter.com/realytcracker for the awesome intro music!

====== Links ======
Follow your hosts Rhynorater and Rez0 on Twitter:
https://x.com/Rhynorater
https://x.com/rez0__

====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor - ThreatLocker Web Control
https://www.criticalthinkingpodcast.io/tl-webcontrol

====== This Week in Bug Bounty ======

Louis Vuitton Public Bug Bounty Program
https://yeswehack.com/programs/louis-vuitton-malletier-public-bug-bounty-program

CVE-2025-47934 was discovered on one of our Bug Bounty program : OpenPGP.js
https://nvd.nist.gov/vuln/detail/CVE-2025-47934

Stored XSS in File Upload Leads to Privilege Escalation and Full Workspace Takeover
https://hackerone.com/reports/3115705

====== Resources ======

Jorian tweet
https://x.com/J0R1AN/status/1925164620886536703/photo/1

Clipjacking: Hacked by copying text - Clickjacking but better
https://blog.jaisal.dev/articles/cwazy-clipboardz

Crying out Cloud Appearance
https://www.youtube.com/watch?v=eW6kk-5Jn6k

Wiz Research takes 1st place in Pwn2Own AI category
https://x.com/wiz_io/status/1924463892111020363

New XSS vector with image tag
https://x.com/garethheyes/status/1922029698986455338

====== Timestamps ======
(00:00:00) Introduction
(00:10:50) Supabase
(00:13:47) Tweet-research from Jorian and Wyatt Walls.
(00:20:24) Anthropic safety testing challenge & Wiz Podcast guest appearance
(00:27:44) New XSS vector, Google i/o, and coding agents
(00:35:48) Full Time Bug Bounty

====== HackerNotes Sponsor Message ======

ThreatLocker Web Control: https://www.criticalthinkingpodcast.io/tl-webcontrol

Mentions:
(00:04:03) https://x.com/sshell_
(00:07:05) https://x.com/J0R1AN
(00:11:49) https://x.com/lefthanddraft
(00:21:00) https://x.com/garethheyes
(00:21:00) https://x.com/zcorpan
(00:20:12) https://x.com/I_Am_Jakoby
(00:33:05) https://x.com/JR0ch17

Balancing Bug Bounty Freedom with Hacking Time (Ep. 124)

Listen On

Recent Episodes