Episode 161: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gives us some quick hits regarding CSRF and Cross Consumer Attacks, and also touches on some breaking questions surrounding HackerOneFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26https://ztw.com/====== This Week in Bug Bounty ======AS Watsonhttps://app.intigriti.com/programs/aswatson/watsons/detailYesWeHack 2026 Reporthttps://choose.yeswehack.com/bug-bounty-report-2026-trends-and-key-insights-yeswehack?utm_source=youtube&utm_medium=sponsor-critical-thinking&utm_campaign=yeswehack-report-2026 ====== Resources ======PhoneLeak: Data Exfiltration in Gemini via Phone Callhttps://blog.starstrike.ai/posts/phoneleak-data-exfiltration-in-gemini-via-phone-call/Max's Tweet about decreasing bountieshttps://x.com/0xw2w/status/2020788164378427483HackerOne General Terms and Conditionshttps://www.hackerone.com/terms/generalResearch Review #-2: RCE in Google's AI code editor Antigravity (sudi)https://www.youtube.com/watch?v=JqvJSF2UMyY====== Timestamps ======(00:00:00) Introduction(00:03:26) YesWeHack 2026 Report(00:09:12) CSRF Realizations & Data Exfiltration in Gemini via Phone Call(00:14:38) 7urb0's Youtube, HackerOne decreasing bounties and Section    3.1 controversy.(00:19:06) Cross Consumer Attacks