Bug bounty newsletter

If you're into bug bounty (or want to start), this newsletter curates and summarises disclosed writeups from HackerOne, Bugcrowd and Intigriti. Daily: one highlighted writeup — bug class, technique, concrete payload, program, payout, and the lesson you can apply on your next target. We cover IDOR, SSRF, auth bypass, account takeover, RCE in production, creative chains, and overlooked in-scope bugs. The idea: spend 3 minutes a day, keep levelling up as a hacker, without manually trawling every platform. Curated by Gorka (creator of 0xGorka), free, no spam.

Subscribe free Browse all articles

Latest Bug Bounty articles

Bug Bounty26 may 2026

Repo jacking on bundler.io: open supply chain attack

Repo jacking on bundler.io let an attacker claim Bundler's orphaned GitHub repo and inject malicious code into any Ruby project referencing it.

Leer artículo

Bug Bounty26 may 2026

Jacob Butler arrested for running Kimwolf botnet

Canadian Jacob Butler, 23, arrested for running the Kimwolf botnet; US seeks extradition on federal hacking charges.

Leer artículo

Bug Bounty24 may 2026

KimWolf botnet admin charged: 2M devices, US-Canada joint op

US and Canadian authorities charged a Canadian national for running KimWolf, a DDoS botnet that infected nearly two million devices worldwide.

Leer artículo