SECURITY CIPHER · BLOG

bug bounty

Posts from Security Cipher.

PIYUSH KUMAWAT · July 16, 2026

AI Pentest Tools in 2026: What Actually Works (T3MP3ST, PentestGPT, Caido and More)

Half the bug bounty writeups on my feed this week were not about a new vulnerability class – they were about a…

PIYUSH KUMAWAT · July 13, 2026

Hacking GraphQL APIs in 2026: Introspection, BOLA, and Batching Attacks

GraphQL is a gift to attackers. One endpoint, usually /graphql, that speaks a typed, self-describing language and will happily tell you every…

PIYUSH KUMAWAT · July 10, 2026

IDOR Hunting in 2026: A Practical Playbook for Finding Broken Access Control

IDOR is the bug that pays rent for a lot of bug bounty hunters, and it is still the one developers ship…

PIYUSH KUMAWAT · July 1, 2026

AI Bug Bounty in 2026: How Hunters Use Claude Code and Automation to Find Bugs Faster

AI bug bounty in 2026: how hunters use Claude Code, Burp MCP and automation to find bugs faster, with honest accuracy numbers…

PIYUSH KUMAWAT · August 14, 2024

🛠️ Reconnaissance and Vulnerability Scanning Script🛡️

In the fast-paced world of cybersecurity, staying ahead of potential threats requires thorough reconnaissance and vulnerability assessments. This blog post introduces you…

PIYUSH KUMAWAT · February 19, 2024

$600 Simple MFA Bypass – Graphql

Welcome to my blog! In this post, I’ll delve into my recent security testing adventure focusing on multi-factor authentication (MFA) implementation in…

PIYUSH KUMAWAT · November 21, 2023

Top Recon Tools for Bug Bounty Hunters

In this blog, we explore top-tier reconnaissance tools that empower bug bounty hunters. From Shodan’s IoT device insights to Waymore’s web application…