February 12, 2026

Episode 161: Cross-Consumer Attacks & DTMF Tone Exfil

Listen Later

24 minutes

Episode 161: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gives us some quick hits regarding CSRF and Cross Consumer Attacks, and also touches on some breaking questions surrounding HackerOne

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

Critical Research Lab:

https://lab.ctbb.show/

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26

https://ztw.com/

====== This Week in Bug Bounty ======

AS Watson

https://app.intigriti.com/programs/aswatson/watsons/detail

YesWeHack 2026 Report

https://choose.yeswehack.com/bug-bounty-report-2026-trends-and-key-insights-yeswehack?utm_source=youtube&utm_medium=sponsor-critical-thinking&utm_campaign=yeswehack-report-2026

====== Resources ======

PhoneLeak: Data Exfiltration in Gemini via Phone Call

https://blog.starstrike.ai/posts/phoneleak-data-exfiltration-in-gemini-via-phone-call/

Max's Tweet about decreasing bounties

https://x.com/0xw2w/status/2020788164378427483

HackerOne General Terms and Conditions

https://www.hackerone.com/terms/general

Research Review #-2: RCE in Google's AI code editor Antigravity (sudi)

https://www.youtube.com/watch?v=JqvJSF2UMyY

====== Timestamps ======

(00:00:00) Introduction

(00:03:26) YesWeHack 2026 Report

(00:09:12) CSRF Realizations & Data Exfiltration in Gemini via Phone Call

(00:14:38) 7urb0's Youtube, HackerOne decreasing bounties and Section 3.1 controversy.

(00:19:06) Cross Consumer Attacks

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Critical Thinking - Bug Bounty Podcast

By Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme)

5

5353 ratings

February 12, 2026

Episode 161: Cross-Consumer Attacks & DTMF Tone Exfil

Listen Later

24 minutes

Episode 161: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gives us some quick hits regarding CSRF and Cross Consumer Attacks, and also touches on some breaking questions surrounding HackerOne

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

Critical Research Lab:

https://lab.ctbb.show/

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26

https://ztw.com/

====== This Week in Bug Bounty ======

AS Watson

https://app.intigriti.com/programs/aswatson/watsons/detail

YesWeHack 2026 Report

https://choose.yeswehack.com/bug-bounty-report-2026-trends-and-key-insights-yeswehack?utm_source=youtube&utm_medium=sponsor-critical-thinking&utm_campaign=yeswehack-report-2026

====== Resources ======

PhoneLeak: Data Exfiltration in Gemini via Phone Call

https://blog.starstrike.ai/posts/phoneleak-data-exfiltration-in-gemini-via-phone-call/

Max's Tweet about decreasing bounties

https://x.com/0xw2w/status/2020788164378427483

HackerOne General Terms and Conditions

https://www.hackerone.com/terms/general

Research Review #-2: RCE in Google's AI code editor Antigravity (sudi)

https://www.youtube.com/watch?v=JqvJSF2UMyY

====== Timestamps ======

(00:00:00) Introduction

(00:03:26) YesWeHack 2026 Report

(00:09:12) CSRF Realizations & Data Exfiltration in Gemini via Phone Call

(00:14:38) 7urb0's Youtube, HackerOne decreasing bounties and Section 3.1 controversy.

(00:19:06) Cross Consumer Attacks

...more

More shows like Critical Thinking - Bug Bounty Podcast

Radiolab by WNYC Studios

Radiolab

43,977 Listeners

StarTalk Radio by Neil deGrasse Tyson

StarTalk Radio

14,353 Listeners

Hacked by Hacked

Hacked

188 Listeners

Security Now (Audio) by TWiT

Security Now (Audio)

2,008 Listeners

The Vergecast by The Verge

The Vergecast

3,718 Listeners

Risky Business by Risky Business Media

Risky Business

373 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,026 Listeners

Click Here by Recorded Future News

Click Here

417 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

8,093 Listeners

The Indicator from Planet Money by NPR

The Indicator from Planet Money

9,561 Listeners

The Jordan Harbinger Show by Jordan Harbinger

The Jordan Harbinger Show

11,990 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

177 Listeners

My First Million by Hubspot Media

My First Million

2,667 Listeners

Cybersecurity Headlines by CISO Series

Cybersecurity Headlines

139 Listeners

The Ezra Klein Show by New York Times Opinion

The Ezra Klein Show

16,447 Listeners