Episode 182: In this episode of Critical Thinking - Bug Bounty Podcast we talk about some recent bugs involving WPM, MCP, and a possible emerging bug class using Wayback. We also talk about some GraphQL Hackbot finds, and what AI’s #1 mission should be.

Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!

====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme

Critical Research Lab:
https://lab.ctbb.show/

Need a Pentest? We just launched CTBB Pentests!
https://pentest.ctbb.show/

Hack full time? Check out the Full-Time Hunter’s Guild!
https://ctbb.show/fthg

====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

====== This Week in Bug Bounty ======
LeHack 2026 Recap
https://event.yeswehack.com/events/lehack-2026

Don’t eat the ChocoPoCs! How vulnerability researchers were repeatedly targeted by trojanised exploits
https://www.yeswehack.com/fr/news/chocopocs-vulnerability-researchers-trojanised-exploits

Navigating the AI Wave: How We're Keeping Security Research Meaningful
https://www.hackerone.com/blog/ai-driven-report-volume-insights-and-actions

====== Resources ======
Caido Skills
https://github.com/caido/skills/pull/22

Hunting For AWS Cognito Security
Misconfigurations
https://www.yassineaboukir.com/talks/NahamConEU2022.pdf

X MCP
https://docs.x.com/tools/mcp

US South Summer Sessions: Hack the Heat
https://h1.community/events/details/hackerone-us-south-hackerone-club-presents-us-south-summer-sessions-hack-the-heat/

====== Timestamps ======
(00:00:00) Introduction
(00:08:31) WPM Bug & Wayback to Guest Bearer
(00:18:42) GraphQL Hackbot Finds, Fable Updates, & AI's #1 Mission
(00:29:45) MCP, US South H1 Event, & AI Sandbox Escapes