top of page


Mass PII Exposure: How Forgotten Files Can Lead to Critical Data Leakage
Learn how unauthenticated access to sensitive documents can expose thousands of PII records, why file exposure is critical, and how organizations can prevent mass data leakage.
Rajan Kumar Barik
Jun 167 min read


How to Use AI in Bug Bounty to Find Deeper Vulnerabilities
Introduction to AI in Bug Bounty Bug bounty has evolved from opportunistic testing to structured, high-impact research. Today, thousands of researchers target the same assets. Surface-level vulnerabilities are quickly discovered, and programs increasingly reward findings that demonstrate depth, context, and real-world impact. This shift has made efficiency and thinking methodology as important as technical skill. This is where AI in bug bounty is becoming relevant. AI does no
Ridhi Sharma
Apr 294 min read


Bug Bounty Platforms: What Security Leaders Should Know Before Choosing One
If you are evaluating bug bounty platforms, here is what you should understand before making a decision.
Ridhi Sharma
Feb 214 min read


Bug Bounty Program Readiness Checklist: What Security Leaders Must Do Before Launching
Bug bounty programs get a lot of attention, and for good reason. When they work well, they help organizations uncover real security vulnerabilities that automated tools and internal testing often miss.
Yashika Wadhwani
Feb 194 min read


Bug Bounty Program Readiness: CISO Questions That Reveal Gaps
We have learned one thing: readiness has very little to do with tooling or scope documents. It shows up in the questions CISOs ask before the first researcher ever looks at their assets.
Anurag Tripathi
Feb 23 min read


Non-Negotiables at Com Olho
Com Olho exists to enable responsible, ethical, and effective vulnerability disclosure. To make that possible, we operate with clear boundaries.
Jahanvi Sachdeva
Jan 292 min read


The Role of ISO 29147 and 30111 in Enhancing Cybersecurity Strategies for 2026
Two key international standards, ISO 29147 and ISO 30111, provide essential frameworks for managing vulnerability disclosure and handling.
Jahanvi Sachdeva
Nov 11, 20254 min read


Alias Emails at Com Olho: Testing With Precision and Trust
Alias Emails are designed to make that balance easier. They give every researcher a dedicated email address for testing. This address is safe, inbound only, and tied directly to your profile.
Anurag Tripathi
Sep 12, 20252 min read


Tips to climb the leaderboard at Com Olho without losing your why
When we started building Com Olho’s crowdsourced security platform, we were writing a promise. Talent will be seen.
Anurag Tripathi
Sep 10, 20254 min read


Understanding IDOR Vulnerabilities and Their Role in Data Breaches
This issue allows unauthorized access to sensitive data and can have devastating consequences. In this post, we will explore how IDOR vulnerabilities work
Aditya Kumar
Sep 2, 20254 min read


How to Master Time Based SQL Injection Techniques for Ethical Hacking
Among the various SQL injection methods, Time Based SQL Injection is particularly powerful.
Jahanvi Sachdeva
Aug 26, 20254 min read


How to Begin Your Journey in Ethical Hacking for Mobile Applications
Ethical hacking for mobile applications is a thrilling and evolving area that plays a vital role in safeguarding user data.
Aditya Kumar
Jul 29, 20254 min read


Bug Bounty Basics: What Every Aspiring Hacker Should Know
One of the most appealing avenues is the bug bounty program, a system where ethical hackers help organizations spot and resolve vulnerabilities in their software.
Abhinav Bangia
Jul 21, 20253 min read


Hijacking the Cloud: An AWS Takeover and RCE Tale
Hijacking the Cloud: An AWS Takeover and RCE Tale
Aditya Kumar
May 14, 20253 min read


How to Chain Multiple Vulnerabilities for Maximum Impact in Bug Bounty Hunting
How to Chain Multiple Vulnerabilities for Maximum Impact in Bug Bounty Hunting
Aditya Kumar
Jan 30, 20253 min read


Our Vision for the Future of Crowdsourced Security
Our Vision for the Future of Crowdsourced Security.
Anurag Tripathi
Jan 23, 20251 min read


Problems with Running Your Own Managed Bug Bounty or Responsible Disclosure Programs
Problems with Running Your Own Managed Bug Bounty or Responsible Disclosure Programs
Dipti Bhadouriya
Jan 7, 20252 min read


Understanding CVE-2024-6387: A P1 Vulnerability Exposing Systems to Remote Code Execution Risks
CVE-2024-6387 has been identified as a P1 vulnerability, a top-priority, high-severity issue that demands immediate attention.
Abhinav Bangia
Nov 12, 20243 min read


Understanding OAuth Misconfigurations: Common Pitfalls and How to Avoid Them
In this blog, we’ll explore the most common OAuth misconfigurations, their potential impacts, and how to prevent them.
Aditya Kumar
Aug 16, 20244 min read


Shielding Your WordPress Site:Understanding and Mitigating XML-RPC Vulnerabilities
If you've discovered an XML-RPC vulnerability in your WordPress site, there are several steps you can take to mitigate the risks associated
Anurag Tripathi
May 14, 20242 min read
bottom of page
