Year: 2025

HackerOne Bug Bounty Disclosure: stored-xss-on-tiktok-s-backend-leads-to-the-leakage-of-highly-sensitive-administrator-data-cookies-api-keys-internal-paths-emails-phone-numbers-ahmed-xyz

September 11, 2025

Company Name: TikTok Company HackerOne URL: https://hackerone.com/tiktok Submitted By:ahmed_xyzLink to Submitters Profile:https://hackerone.com/ahmed_xyz Report Title:Stored XSS on TikTok's backend leads to...

HackerOne Bug Bounty Disclosure: toctou-race-condition-in-http-connection-reuse-leads-to-certificate-validation-bypass–xrey

September 11, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:0xreyLink to Submitters Profile:https://hackerone.com/0xrey Report Title:TOCTOU Race Condition in HTTP/2 Connection Reuse...

HackerOne Bug Bounty Disclosure: chained-broken-access-control-in-tiktok-live-backstage-enables-full-control-of-public-leaderboard-activities-eneri

September 11, 2025

Company Name: TikTok Company HackerOne URL: https://hackerone.com/tiktok Submitted By:eneriLink to Submitters Profile:https://hackerone.com/eneri Report Title:Chained Broken Access Control in TikTok Live...

Year: 2025

HackerOne Bug Bounty Disclosure: stored-xss-on-tiktok-s-backend-leads-to-the-leakage-of-highly-sensitive-administrator-data-cookies-api-keys-internal-paths-emails-phone-numbers-ahmed-xyz

HackerOne Bug Bounty Disclosure: toctou-race-condition-in-http-connection-reuse-leads-to-certificate-validation-bypass–xrey

HackerOne Bug Bounty Disclosure: chained-broken-access-control-in-tiktok-live-backstage-enables-full-control-of-public-leaderboard-activities-eneri

CVE Alert: CVE-2025-9018 – germanpearls – Time Tracker

CVE Alert: CVE-2025-9874 – webcodingplace – Ultimate Classified Listings

CVE Alert: CVE-2025-8417 – idiatech – Catalog Importer, Scraper & Crawler

CVE Alert: CVE-2025-9693 – khaledsaikat – User Meta – User Profile Builder and User management plugin

CVE Alert: CVE-2025-8422 – fassionstorage – Propovoice: All-in-One Client Management System

CVE Alert: CVE-2025-9073 – maheshmthorat – All in one Minifier

CVE Alert: CVE-2025-8425 – mythemeshop – My WP Translate

Anthropic’s Claude Code Runs Code To Test If It Is Safe – Which Might Be A Bigmistake

Nokia Successor Hmd Spawns Secure Device Biz With Euro Made Smartphone

Jaguar Land Rover U Turns To Confirm ‘some Data’ Affected After Cyber Prang

Cybercrooks Ripped The Wheels Off At Jaguar Land Rover. Here’s How Not To Gettaken For A Ride

Atlassian’s Move To Cloud Only Means Customers Face Integration Issues And More

Cobalt Strike Beacon Detected – 8[.]140[.]239[.]162:80

Cobalt Strike Beacon Detected – 1[.]15[.]34[.]67:7777

Cobalt Strike Beacon Detected – 101[.]43[.]91[.]156:18081

Cobalt Strike Beacon Detected – 119[.]29[.]254[.]242:9898

Cobalt Strike Beacon Detected – 117[.]72[.]159[.]96:8085

Cobalt Strike Beacon Detected – 101[.]132[.]173[.]62:4444

Cobalt Strike Beacon Detected – 47[.]243[.]175[.]24:8444

Cobalt Strike Beacon Detected – 47[.]120[.]32[.]72:8069

Cobalt Strike Beacon Detected – 1[.]15[.]25[.]148:9080

[QILIN] – Ransomware Victim: Habib Bank AG Zurich

[QILIN] – Ransomware Victim: Durvet

[QILIN] – Ransomware Victim: Habib Bank

Brute Ratel C4 Detected – 3[.]115[.]56[.]24:80

CVE Alert: CVE-2025-12384 – bplugins – Document Embedder – Embed PDFs, Word, Excel, and Other Files

You may have missed