Episode 124: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph cover some news from around the community, hitting on Joseph’s Anthropic safety testing, Justin’s guest appearance on For Crying Out Cloud, and several fascinating tweets. Then they have a quick Full-time Bug Bounty check-in.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater and Rez0 on Twitter:
https://x.com/Rhynorater
https://x.com/rez0__
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Sponsor - ThreatLocker Web Control
https://www.criticalthinkingpodcast.io/tl-webcontrol
====== This Week in Bug Bounty ======
Louis Vuitton Public Bug Bounty Program
CVE-2025-47934 was discovered on one of our Bug Bounty program : OpenPGP.js
Stored XSS in File Upload Leads to Privilege Escalation and Full Workspace Takeover
====== Resources ======
Jorian tweet
Clipjacking: Hacked by copying text - Clickjacking but better
Crying out Cloud Appearance
Wiz Research takes 1st place in Pwn2Own AI category
New XSS vector with image tag
====== Timestamps ======
(00:00:00) Introduction
(00:10:50) Supabase
(00:13:47) Tweet-research from Jorian and Wyatt Walls.
(00:20:24) Anthropic safety testing challenge & Wiz Podcast guest appearance
(00:27:44) New XSS vector, Google i/o, and coding agents
(00:35:48) Full Time Bug Bounty
