| 4986 | Phishing with history.back() open redirect |
Open redirect |
NA |
Brian Hyde (@0xHyde) |
Bug Bounty | 2017-09-09 | 2023-06-13 |
| 4653 | Sending out phishing e-mails from @microsoft.com |
HTML injection |
Microsoft |
SI9INT (@si9int) |
Bug Bounty | 2018-08-07 | 2023-06-13 |
| 4105 | Fullscreen API Attack’s Revisited and the FaceBook NA Story |
Phishing |
Meta / Facebook |
Circle Ninja (@circleninja) |
Bug Bounty | 2019-06-15 | 2023-06-13 |
| 3636 | Discord embed spoofing |
Phishing |
Discord |
DarkMatterMatt |
Bug Bounty | 2020-03-02 | 2023-06-13 |
| 3391 | Another "Fappening" on the Horizon? |
Account takeover
Phishing |
Apple |
Sociosploit |
Bug Bounty | 2020-06-15 | 2023-06-13 |
| 3241 | Smear phishing: a new Android vulnerability |
Phishing
Android |
Google |
Jim Fisher (@MrJamesFisher) |
Bug Bounty | 2020-08-06 | 2023-06-13 |
| 2388 | eBay XSS demo and guide to spear phishing |
XSS |
Ebay |
MLT (@0dayWizard) |
Bug Bounty | 2021-07-25 | 2023-06-13 |
| 2372 | How I could have hacked your medium account by phishing your FB, Twitter & Google credentials. |
Open redirect
OAuth |
Medium |
Renganathan (@IamRenganathan) |
Bug Bounty | 2021-07-29 | 2023-06-13 |
| 2086 | From URL dumps digging to IDOR , BAC, Massive Phishing in Udemy |
Broken Access Control
Information disclosure
IDOR
HTML injection |
Udemy |
Mostafa Mamdoh |
Bug Bounty | 2021-11-12 | 2023-06-13 |
| 2008 | A phishing document signed by Microsoft – part 1 |
Phishing
RCE |
Microsoft |
Pieter Ceelen (@ptrpieter) |
Bug Bounty | 2021-12-09 | 2023-06-13 |
| 2007 | Don’t Reply: A Clever Phishing Method In Apple’s Mail App |
Phishing |
Apple |
Jon Bottarini (@jon_bottarini) |
Bug Bounty | 2021-12-09 | 2023-06-13 |
| 1935 | A phishing document signed by Microsoft – part 2 |
Phishing
RCE |
Microsoft |
Pieter Ceelen (@ptrpieter) |
Bug Bounty | 2022-01-07 | 2023-06-13 |
| 1733 | How a macOS bug could have allowed for a serious phishing attack against users |
MacOS
Phishing |
Apple |
Guilherme Rambo (@_inside) |
Bug Bounty | 2022-03-14 | 2023-06-13 |
| 1697 | Clipboard hazard with Google Sheets |
Phishing |
Google |
Imre Rad (@ImreRad) |
Bug Bounty | 2022-03-25 | 2023-06-13 |
| 1678 | A Large-scale and Longitudinal Measurement Study of DKIM Deployment |
Email spoofing
Phishing |
Google
Mailchimp
Sendgrid
Salesforce |
Chuhan Wang |
Bug Bounty | 2022-04-01 | 2023-06-13 |
| 1525 | Spoofing Microsoft 365 Like It’s 1995 |
Spoofing
Phishing |
Microsoft |
Steve Borosh (@424f424f) |
Bug Bounty | 2022-05-24 | 2023-06-13 |
| 1423 | HTML and Hyperlink Injection via Share Option In Microsoft Onenote Application |
HTML injection
Phishing |
Microsoft |
Divyanshu Shukla (@justm0rph3u5) |
Bug Bounty | 2022-06-28 | 2023-06-13 |
| 1180 | “GIFShell” — Covert Attack Chain and C2 Utilizing Microsoft Teams GIFs |
Phishing |
Microsoft |
Bobby Rauch |
Bug Bounty | 2022-08-24 | 2023-06-13 |
| 845 | How Sigstore quickly patched an upstream vulnerability |
OAuth
Account takeover
Phishing |
Sigstore
dex |
Joern Schneeweisz |
Bug Bounty | 2022-11-10 | 2023-06-13 |
| 801 | Hacking Smartwatches for Spear Phishing |
IoT
Phishing
Android |
NA |
Cybervelia (@cybervelia) |
Bug Bounty | 2022-11-20 | 2023-06-13 |
| 760 | discord.exe – Improper Input Validation |
Security code review
Local Privilege Escalation
Phishing |
Discord |
RiotSecTeam (@RiotSecTeam) |
Bug Bounty | 2022-11-28 | 2023-06-13 |
| 593 | Exploiting Application Logic to Phish Internal Mailing Lists |
Phishing |
NA |
Tanner Emek (@itscachemoney) |
Bug Bounty | 2023-01-13 | 2023-06-13 |
| 550 | CrossTalk and Secret Agent: Two Attack Vectors on Okta%27s Identity Suite |
Insecure storage of sensitive information
Phishing |
Okta |
Tal Peleg |
Bug Bounty | 2023-01-23 | 2023-06-13 |
| 80 | Arbitrary email forgery in Webflow |
Email spoofing
Phishing |
Webflow |
Antoine Carrincazeaux |
Bug Bounty | 2023-05-17 | 2023-06-13 |
