Intigriti Bug Bytes #230 - November 2025 π
https://www.intigriti.com/researchers/blog/bug-bytes/intigriti-bug-bytes-230-november-2025
https://www.intigriti.com/researchers/blog/bug-bytes/intigriti-bug-bytes-230-november-2025
Intigriti
Intigriti Bug Bytes #230 - November 2025 π
Hi hackers, Welcome to the latest edition of Bug Bytes! In this monthβs issue, weβll be featuring: Finding an RCE using AI in GitHub CORS exploitation cheat sheet Scanning codebases with AI Bypass...
β€8
Sonar honored in Fast Company
https://www.sonarsource.com/blog/sonar-honored-in-fast-company-next-big-things-in-tech/
https://www.sonarsource.com/blog/sonar-honored-in-fast-company-next-big-things-in-tech/
Sonarsource
Sonar honored in Fast Company's Next Big Things in Tech β Bringing trust to AI-driven development
Weβre excited to announce that Sonar has been named a Fast Company Next Big Things in Tech honoree for Applied AI! This prestigious award honors technology breakthroughs poised to define the future of their industries.
β€3
Announcing SonarSweep: Improving training data quality for coding LLMs
https://www.sonarsource.com/blog/announcing-sonarsweep-improving-training-data-quality-for-coding-llms/
https://www.sonarsource.com/blog/announcing-sonarsweep-improving-training-data-quality-for-coding-llms/
Sonarsource
Announcing SonarSweep: Improving training data quality for coding LLMs
The promise of AI-assisted coding is immense, but it rests on a simple, fundamental reality: the quality and security of the code generated by a Large Language Model (LLM) depends on the quality of the data that it was trained on.
β€4π1
Understanding signal-to-noise for vulnerability management success
https://www.intigriti.com/blog/business-insights/understanding-signal-to-noise-for-vulnerability-management-success
https://www.intigriti.com/blog/business-insights/understanding-signal-to-noise-for-vulnerability-management-success
Intigriti
Understanding signal-to-noise for vulnerability management success
Turn your signal-to-noise ratio into a key metric, learn how to score it, and identify challenges regarding scope, policy, staff, rewards, researchers, and processes.
β€1π1
Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)
https://labs.watchtowr.com/stop-putting-your-passwords-into-random-websites-yes-seriously-you-are-the-problem/
https://labs.watchtowr.com/stop-putting-your-passwords-into-random-websites-yes-seriously-you-are-the-problem/
watchTowr Labs
Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)
Welcome to watchTowr vs the Internet, part 68.
That feeling youβre experiencing? Dread. You should be used to it by now.
As is fast becoming an unofficial and, apparently, frowned upon tradition - we identified incredible amounts of publicly exposed passwordsβ¦
That feeling youβre experiencing? Dread. You should be used to it by now.
As is fast becoming an unofficial and, apparently, frowned upon tradition - we identified incredible amounts of publicly exposed passwordsβ¦
β€1π1
Constant-time support lands in LLVM: Protecting cryptographic code at the compiler level
https://blog.trailofbits.com/2025/11/25/constant-time-support-lands-in-llvm-protecting-cryptographic-code-at-the-compiler-level/
https://blog.trailofbits.com/2025/11/25/constant-time-support-lands-in-llvm-protecting-cryptographic-code-at-the-compiler-level/
β€1
π₯ Intigriti Challenge 1125βββJWT Confusion to SSTI β RCE (My Fastest CTF Solve Ever)
https://savi0r.medium.com/intigriti-challenge-1125-jwt-confusion-to-ssti-rce-my-fastest-ctf-solve-ever-43d43df4182c
https://savi0r.medium.com/intigriti-challenge-1125-jwt-confusion-to-ssti-rce-my-fastest-ctf-solve-ever-43d43df4182c
Medium
π₯ Intigriti Challenge 1125 β JWT Confusion to SSTI β RCE (My Fastest CTF Solve Ever)
By: savi0r Date: November 2025 Duration: ~3 hours Result: Full Solve (JWT Admin Takeover β SSTI β RCE β Flag) Status: β
Completed
π₯5β€1
An Evening with Claude (Code) - SpecterOps
https://specterops.io/blog/2025/11/21/an-evening-with-claude-code/
https://specterops.io/blog/2025/11/21/an-evening-with-claude-code/
SpecterOps
An Evening with Claude (Code) - SpecterOps
This blog post explores a bug, (CVE-2025-64755), I found while trying to find a command execution primitive within Claude Code to demonstrate the risks of web-hosted MCP to a client.
π3β€2
November CTF Challenge: Exploiting JWT vulnerabilities to achieve RCE
https://www.intigriti.com/researchers/blog/hacking-tools/november-ctf-challenge-exploiting-jwt-vulnerabilities
https://www.intigriti.com/researchers/blog/hacking-tools/november-ctf-challenge-exploiting-jwt-vulnerabilities
Intigriti
November CTF Challenge: Exploiting JWT vulnerabilities to achieve RCE
At Intigriti, we host monthly web-based Capture The Flag (CTF) challenges as a way to engage with the security research community. This month, we've decided to take on a challenge ourselves as a way t...
β€1
Sonar launches integration program to unify code governance across the SDLC
https://www.sonarsource.com/blog/sonar-launches-integration-program/
https://www.sonarsource.com/blog/sonar-launches-integration-program/
Sonarsource
Sonar launches integration program to unify code governance across the SDLC
We are thrilled to announce the launch of the Sonar Integration Program. This strategic initiative formalizes and expands our partner ecosystem, unifying SonarQube's integrations with leading technology partners under a single, comprehensive program.
β€1
How to Research & Reverse Web Vulnerabilities 101 β ProjectDiscovery Blog
https://projectdiscovery.io/blog/how-to-research-web-vulnerabilities
https://projectdiscovery.io/blog/how-to-research-web-vulnerabilities
ProjectDiscovery
How to Research & Reverse Web Vulnerabilities 101 β ProjectDiscovery Blog
Introduction
This blog serves as a detailed methodology guide for analyzing, reversing, and researching web vulnerabilities, particularly those with CVEs assigned. The content outlines repeatable processes used to evaluate vague advisories, analyze vulnerableβ¦
This blog serves as a detailed methodology guide for analyzing, reversing, and researching web vulnerabilities, particularly those with CVEs assigned. The content outlines repeatable processes used to evaluate vague advisories, analyze vulnerableβ¦
β€6
Apple Developer Stored XSSβββ$5,000 Bounty | Writeup 2025
https://medium.com/@ZombieHack/apple-developer-stored-xss-5-000-bounty-writeup-2025-cc34a030a5bf
https://medium.com/@ZombieHack/apple-developer-stored-xss-5-000-bounty-writeup-2025-cc34a030a5bf
Medium
Apple Developer Stored XSSβββ$5,000 Bounty | Writeup 2025
Hello Security Researchers & Bug Bounty Community,
β€5π2
β³ Time is ticking! Black Friday is your chance to get πππΏπ½ ππΌππ»ππ π£πΏπΌ and πππΏπ½ ππΌππ»ππ ππΌ with 40% OFF!
π―Advanced customization, faster audits, and the power to detect vulnerabilities with less effort.
πDonβt wait! bountysecurity.ai
π―Advanced customization, faster audits, and the power to detect vulnerabilities with less effort.
πDonβt wait! bountysecurity.ai
π4β€3
Sonar launches integration program to unify code governance across the SDLC
https://www.sonarsource.com/blog/sonar-launches-integration-program/
https://www.sonarsource.com/blog/sonar-launches-integration-program/
Sonarsource
Sonar launches integration program to unify code governance across the SDLC
We are thrilled to announce the launch of the Sonar Integration Program. This strategic initiative formalizes and expands our partner ecosystem, unifying SonarQube's integrations with leading technology partners under a single, comprehensive program.
β€3
How I Hacked an AI Chatbot to Expose Thousands of Customer Records (IDOR + Prompt Injection)
https://medium.com/@sumitshahorg/how-i-hacked-an-ai-chatbot-to-expose-thousands-of-customer-records-idor-prompt-injection-760092ed99a4
https://medium.com/@sumitshahorg/how-i-hacked-an-ai-chatbot-to-expose-thousands-of-customer-records-idor-prompt-injection-760092ed99a4
Medium
How I Hacked an AI Chatbot to Expose Thousands of Customer Records (IDOR + Prompt Injection)
Hey there, security enthusiasts and fellow hackers! πββοΈ
β€12
Introducing audit logs in SonarQube Cloud: Enhancing compliance and security
https://www.sonarsource.com/blog/introducing-audit-logs-in-sonarqube-cloud-enhancing-compliance-and-security/
https://www.sonarsource.com/blog/introducing-audit-logs-in-sonarqube-cloud-enhancing-compliance-and-security/
Sonarsource
Introducing audit logs in SonarQube Cloud: Enhancing compliance and security
Enhance compliance and security with the new audit logs for SonarQube Cloud Enterprise plan. Get a chronological record of key IAM events, accessible via API to integrate with your SIEM tools.
π€2β€1
Cache Poisoning: $100K+ Case Studies Part 1 | Herish Blog
https://herish.me/blog/cache-poisoning-case-studies-part-1-foundational-attacks/
https://herish.me/blog/cache-poisoning-case-studies-part-1-foundational-attacks/
herish.me
Cache Poisoning: $100K+ Case Studies Part 1 | Herish Blog
Dive into $100K+ cache poisoning vulnerabilities. Part 1 covers real-world attacks on HackerOne, GitHub, and Shopify. Read the analysis!
β€6
Nuclei Templates - November 2025 β ProjectDiscovery Blog
https://projectdiscovery.io/blog/nuclei-templates-november-2025
https://projectdiscovery.io/blog/nuclei-templates-november-2025
ProjectDiscovery
Nuclei Templates - November 2025 β ProjectDiscovery Blog
Summary of Releases v10.3.2 & v10.3.4
This month, we had two releases of Nuclei Templates, introducing numerous improvements and new templates for Nuclei users.
π November Stats
Release
New Templates Added
CVEs Added
First-time Contributors
Bountiesβ¦
This month, we had two releases of Nuclei Templates, introducing numerous improvements and new templates for Nuclei users.
π November Stats
Release
New Templates Added
CVEs Added
First-time Contributors
Bountiesβ¦
π₯5β€4
CSP Bypasses: Advanced Exploitation Guide
https://www.intigriti.com/researchers/blog/hacking-tools/content-security-policy-csp-bypasses
https://www.intigriti.com/researchers/blog/hacking-tools/content-security-policy-csp-bypasses
Intigriti
CSP Bypasses: Advanced Exploitation Guide
Learn how to identify and hunt for Content Security Policy (CSP) bypasses using multiple testing methods. Read the article now!
β€3π₯2
PortSwigger x TryHackMe: Supporting Advent of Cyber
https://portswigger.net/blog/portswigger-x-tryhackme-supporting-advent-of-cyber
https://portswigger.net/blog/portswigger-x-tryhackme-supporting-advent-of-cyber
PortSwigger Blog
PortSwigger x TryHackMe: Supporting Advent of Cyber
Every December, TryHackMeβs Advent of Cyber brings the security community together around a simple idea: learn something new by getting hands-on. Each day during the festive season reveals a beginner-
π5β€4
SonarQube Compare Community vs Developer vs Enterprise vs Data Center
https://www.sonarsource.com/blog/sonarqube-compare-editions/
https://www.sonarsource.com/blog/sonarqube-compare-editions/
Sonarsource
SonarQube Compare Community vs Developer vs Enterprise vs Data Center
SonarQube has emerged as a leading automated code review platform that empowers development teams to achieve a high level of code quality and code security.
π3β€1