Episode 182: In this episode of Critical Thinking - Bug Bounty Podcast we talk about some recent bugs involving WPM, MCP, and a possible emerging bug class using Wayback. We also talk about some GraphQL Hackbot finds, and what AI’s #1 mission should be.


Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!



====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X: 

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme


Critical Research Lab:

https://lab.ctbb.show/ 


Need a Pentest? We just launched CTBB Pentests!

https://pentest.ctbb.show/


Hack full time? Check out the Full-Time Hunter’s Guild!

https://ctbb.show/fthg


====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!


We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


You can also find some hacker swag at https://ctbb.show/merch!


====== This Week in Bug Bounty ======

LeHack 2026 Recap

https://event.yeswehack.com/events/lehack-2026


Don’t eat the ChocoPoCs! How vulnerability researchers were repeatedly targeted by trojanised exploits

https://www.yeswehack.com/fr/news/chocopocs-vulnerability-researchers-trojanised-exploits


Navigating the AI Wave: How We're Keeping Security Research Meaningful

https://www.hackerone.com/blog/ai-driven-report-volume-insights-and-actions


====== Resources ======

Caido Skills

https://github.com/caido/skills/pull/22


Hunting For AWS Cognito Security

Misconfigurations

https://www.yassineaboukir.com/talks/NahamConEU2022.pdf


X MCP

https://docs.x.com/tools/mcp


US South Summer Sessions: Hack the Heat

https://h1.community/events/details/hackerone-us-south-hackerone-club-presents-us-south-summer-sessions-hack-the-heat/


====== Timestamps ======

(00:00:00) Introduction

(00:08:31) WPM Bug & Wayback to Guest Bearer

(00:18:42) GraphQL Hackbot Finds, Fable Updates, & AI's #1 Mission

(00:29:45) MCP, US South H1 Event, & AI Sandbox Escapes

Podden och tillhörande omslagsbild på den här sidan tillhör Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme). Innehållet i podden är skapat av Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme) och inte av, eller tillsammans med, Poddtoppen.