🎯 WEEKLY BRIEF
This week we are tracking a massive 1.4 TB data leak at Nike, that could change the game for counterfeiters. PayPal is offering huge bonuses for checkout bugs, while Netflix and Twilio are leading the way with lightning fast triage. Plus there are three major CTF’s kicking off this weekend to test out your skills.
🚀 TOP PROGRAMS TO HACK THIS WEEK
Here are some new and familiar programs this week to check out!
Program | Platform | Asset Type | Max Bounty | Why it's 🔥 |
HackerOne | Payments / SDK | $45,000 + | 1.5x Multiplier on High/Critical bugs. | |
Bugcrowd | Web / API | $100,000 | Leading program for AI jailbreaks and safety bypasses. | |
HackerOne | API / SaaS / Mobile | $8,000 | Industry-leading triage speed (usually under 8 hours). | |
HackerOne | Web / SaaS / Mobile / AI | $10,000 | Creative targets like Firefly AI and Photoshop Web. | |
HackerOne | Web / API / Mobile / OSS | $25,000 | Elite Triage. Payouts in <48 hours; rewards "Content Authorization" bypasses and OSS flaws. |
💡TIPS FOR THE WEEK
Program Tips:
PayPal: Focus on the checkout flow. Try to manipulate prices or bypass payment steps in their SDK.
OpenAI: Go for "jailbreaks." See if you can trick the AI into sharing its secret safety rules or internal data.
Twilio: Test for IDORs. Check if one account can view or change data belonging to another workspace.
Adobe: Look for metadata flaws. Try to change an image's look without breaking its "Content Credential" security tag.
Netflix: Hunt for authentication bypasses. Look for ways to view content or access accounts without the right permissions
Remember, Don’t Get Banned.
Be clear, make sure your proof of concept actually works before you send something in
📅 Upcoming Events & CTFs
BITSCTF 2026 (Feb 6–8): A 48 hour event with many categories like Web, Crypto, and PWN. It uses dynamic scoring and has no limit on team size.
Pragyan CTF 2026 (Feb 6–8): A global event with a prize pool of about $1,100. You can play alone or in teams of up to four people.
LA CTF 2026 (Feb 7–9): A highly-rated competition hosted by UCLA for all skill levels. It features technical challenges, professor talks, and even meme contests
⚠️ Cyber News
Group called WorldLeaks claims to have leaked 1.4 TB of data from Nike's internal systems. This includes over 188,000 files now appearing online.
The leak included secret designs, prototypes, and material lists for future sneakers and clothes.
Files cover years of records, including factory audits, strategy plans, and internal staff videos. While customer payment info hasn't been confirmed leaked, the theft of Nike's innovation pipeline is a huge risk.
Subscribe for more opportunities! See you in the next one. :)