Episode 174: In this episode of Critical Thinking - Bug Bounty Podcast we follow up from last episode with some advice for BB platforms, as well as cover a slew of writeups from Searchlight Cyber, watchTowr, and Starstrike.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Need a Pentest? We just launched CTBB Pentests!https://pentest.ctbb.show/Hack full time? Check out the Full-Time Hunter’s Guild!https://ctbb.show/fthg====== This Week in Bug Bounty ======COST, AI frontier models and more: A measured take on the future of security testinghttps://www.yeswehack.com/security-best-practices/cost-mythos-future-security-testingCommon AI misconceptions debugged!https://www.intigriti.com/blog/business-insights/common-misconceptions-debugged#trend-3-validity-ratios-remain-constant-ai-slop-isnt-rising-as-a-proportionBountySync + Socialhttps://luma.com/bountysync_social====== Resources ======Ghosts of Encryption Pasthttps://slcyber.io/research-center/ghosts-of-encryption-past-salesforce-exacttarget/tessl Skill Optimizerhttps://tessl.io/registry/tessl/skill-optimizer/0.8.0The Internet Is Falling Down, Falling Down, Falling Downhttps://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/High Fidelity Check for the cPanel Authentication Bypasshttps://slcyber.io/research-center/high-fidelity-check-for-the-cpanel-authentication-bypass-cve-2026-41940/Achieving Deterministic Prompt Injection Through Client-Side Feedback Loopshttps://blog.starstrike.ai/posts/achieving-deterministic-prompt-injection-through-client-side-feedback-loops/GPT-5.5: Mythos-Like Hacking, Open To Allhttps://xbow.com/blog/mythos-like-hacking-open-to-allRemote Command Execution in Google Cloud with Single Directory Deletionhttps://flatt.tech/research/posts/remote-command-execution-in-google-cloud-with-single-directory-deletion/?utm_source=bugbountydaily.com&utm_medium=referral====== Timestamps ======(00:00:00) Introduction(00:09:20) AMPScript(00:25:10) Tessl Skill Optimizer(00:33:07) cPanel & WHM Authentication Bypass(00:40:46) Advice for Bug Bounty Programs(00:50:07) Prompt Injection Through Client-Side Feedback Loops(00:54:37) GPT 5.5(01:01:00) Remote Command Execution in Google Cloud