Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Just casually broke bunq’s sandbox with 0day-level spoofing, and nobody seems to care 🇳🇱

published on 2025-06-22 02:42:23 UTC by /u/ficu71
Content:

So I cooked up a fake transaction for shits and giggles. No valid IBAN. No real user. No device. No signature. No token. No nothing. Just pure distilled bullshit in a JSON payload.

Guess what? “Transaction accepted” “attack_success”: true “fraud_score”: 0.99999 System looked at it and said: “yeah, looks good to me.”

I even told the sandbox I was sending 10k EUR from FAKE_IBAN_901 to INVALID_IBAN_123 using a spoofed IMEI and some RSA nonsense I made up in Notepad. Bunq backend? Nodded politely and gave me a sandbox TXID.

It gets better — it accepts critical priority flags, fake biometric hashes, invalid currency codes, all wrapped in a nice little “success” bow.

This ain’t a bug, this is a fuckin’ confessional.

If bunq staff lurking here: hit me up. This ain’t a ransom, but y’all might wanna know just how open wide your API goes when someone whispers sweet nothings like tpp_id: "lol_fake_999".

We got logs. We got timestamps. We got receipts.

Your move, bunq.

submitted by /u/ficu71
[link] [comments]
Article: Just casually broke bunq’s sandbox with 0day-level spoofing, and nobody seems to care 🇳🇱 - published 3 months ago.

https://www.reddit.com/r/netsec/comments/1lhdhmt/just_casually_broke_bunqs_sandbox_with_0daylevel/   
Published: 2025 06 22 02:42:23
Received: 2025 06 22 02:59:42
Feed: /r/netsec - Information Security News and Discussion
Source: /r/netsec - Information Security News and Discussion
Category: Cyber Security
Topic: Cyber Security
Views: 14

Custom HTML Block

Click to Open Code Editor