Episode 161: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gives us some quick hits regarding CSRF and Cross Consumer Attacks, and also touches on some breaking questions surrounding HackerOne

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

Critical Research Lab:

https://lab.ctbb.show/

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26

https://ztw.com/

====== This Week in Bug Bounty ======

AS Watson

https://app.intigriti.com/programs/aswatson/watsons/detail

YesWeHack 2026 Report

https://choose.yeswehack.com/hubfs/YWH%20Report/YesWeHack_2026_Report.pdf

====== Resources ======

PhoneLeak: Data Exfiltration in Gemini via Phone Call

https://blog.starstrike.ai/posts/phoneleak-data-exfiltration-in-gemini-via-phone-call/

Max's Tweet about decreasing bounties

https://x.com/0xw2w/status/2020788164378427483

HackerOne General Terms and Conditions

https://www.hackerone.com/terms/general

Research Review #-2: RCE in Google's AI code editor Antigravity (sudi)

https://www.youtube.com/watch?v=JqvJSF2UMyY

====== Timestamps ======

(00:00:00) Introduction

(00:03:26) YesWeHack 2026 Report

(00:09:12) CSRF Realizations & Data Exfiltration in Gemini via Phone Call

(00:14:38) 7urb0's Youtube, HackerOne decreasing bounties and Section 3.1 controversy.

(00:19:06) Cross Consumer Attacks