Episode 124: Bug Bounty Lifestyle = Less Hacking Time?
Episode description
Episode 124: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph cover some news from around the community, hitting on Joseph’s Anthropic safety testing, Justin’s guest appearance on For Crying Out Cloud, and several fascinating tweets. Then they have a quick Full-time Bug Bounty check-in.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater and Rez0 on Twitter:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Sponsor - ThreatLocker Web Control
https://www.criticalthinkingpodcast.io/tl-webcontrol
====== This Week in Bug Bounty ======
Louis Vuitton Public Bug Bounty Program
CVE-2025-47934 was discovered on one of our Bug Bounty program : OpenPGP.js
Stored XSS in File Upload Leads to Privilege Escalation and Full Workspace Takeover
====== Resources ======
Clipjacking: Hacked by copying text - Clickjacking but better
Wiz Research takes 1st place in Pwn2Own AI category
====== Timestamps ======
(00:00:00) Introduction
(00:10:50) Supabase
(00:13:47) Tweet-research from Jorian and Wyatt Walls.
(00:20:24) Anthropic safety testing challenge & Wiz Podcast guest appearance
(00:27:44) New XSS vector, Google i/o, and coding agents
(00:35:48) Full Time Bug Bounty