- JWT `jku` Header Injection
- OAuth Authorization Code Redirect Hijacking
- SSRF to Cloud Instance Metadata Service
- AI's Impact on Bug Bounty Workflows
JWT `jku` Header Injection
WhatAttackers can specify a malicious JWKS URL in the JWT `jku` header to bypass signature validation and forge tokens. Example payload: `{"alg": "RS256", "typ": "JWT", "jku": "https://attacker.com/jwks.json"}`.
Sourcehivesecurity.gitlab.io
Applies toGeneral (applications using JWT for auth)
Why it mattersThis is a direct authentication bypass leading to account takeover.
OAuth Authorization Code Redirect Hijacking
WhatAn attacker can capture an OAuth authorization code by setting the `redirect_uri` parameter to their own domain (`redirect_uri=https://attacker.com/callback`).
Sourcehivesecurity.gitlab.io
Applies toGeneral (applications with OAuth 2.0 integrations)
Why it mattersAllows attackers to hijack user sessions and gain unauthorized access to victim accounts.
SSRF to Cloud Instance Metadata Service
WhatServer-Side Request Forgery (SSRF) can target cloud metadata endpoints (e.g., `http://169.254.169.254/`) to steal IAM credentials and escalate privileges.
Sourcehivesecurity.gitlab.io
Applies toGeneral (applications deployed in AWS, Azure, GCP)
Why it mattersLeads to full cloud environment compromise from a single vulnerable endpoint.
AI's Impact on Bug Bounty Workflows
WhatThe 2026 YesWeHack report details how AI is supercharging bug bounty trends, including how hunters choose scopes, hone skills, and use AI tools to optimize hunts.
Sourcewww.yeswehack.com
Applies toGeneral (threat intelligence on attacker TTPs)
Why it mattersUnderstanding AI-augmented attacker workflows is critical for defense.
Is your WordPress site exposed to threats like these?
Arc is an AI security agent that watches your site 24/7 and patches vulnerabilities before attackers find them.
Scan your site free →