Episode 124: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph cover some news from around the community, hitting on Joseph’s Anthropic safety testing, Justin’s guest appearance on For Crying Out Cloud, and several fascinating tweets. Then they have a quick Full-time Bug Bounty check-in.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor - ThreatLocker Web Control

https://www.criticalthinkingpodcast.io/tl-webcontrol

====== This Week in Bug Bounty ======

Louis Vuitton Public Bug Bounty Program

CVE-2025-47934 was discovered on one of our Bug Bounty program : OpenPGP.js

Stored XSS in File Upload Leads to Privilege Escalation and Full Workspace Takeover

====== Resources ======

Jorian tweet

Clipjacking: Hacked by copying text - Clickjacking but better

Crying out Cloud Appearance

Wiz Research takes 1st place in Pwn2Own AI category

New XSS vector with image tag

====== Timestamps ======

(00:00:00) Introduction

(00:10:50) Supabase

(00:13:47) Tweet-research from Jorian and Wyatt Walls.

(00:20:24) Anthropic safety testing challenge & Wiz Podcast guest appearance

(00:27:44) New XSS vector, Google i/o, and coding agents

(00:35:48) Full Time Bug Bounty