Tech Newbie interested in mobile cyber security, after multiple hacking events, seeking suggestions, tips, advice etc, to get involved.

Hey,

we sometimes notice problems that could theoretically be exploited with some effort. However, we simply open tickets with the developers so that they can fix it.

For ethical hacking, you should have a broad knowledge of networks, scripting, and operating systems.
To encounter issues or vulnerabilities, one should think outside the box and approach topics in an unconventional manner.
When I looked at CVE-2025-22442, I thought to myself, “Of course it's possible!” I just hadn't previously considered that the mechanism could be exploited. https://bayton.org/blog/2025/04/cve-2025-22442/

Scripting in particular is a very important tool. On the one hand, you may not be fast enough with commands yourself. On the other hand, you want to test various commands automatically. I have heard that forced application crashes can be an indication of security vulnerabilities. But first you have to find out how/whether you can exploit this for your own purposes. Presumably, one can learn a lot from old security vulnerabilities by studying how each vulnerability worked and how it could be exploited. When testing IT systems for vulnerabilities, you should first find out whether or not this violates any laws.

If you encounter vulnerabilities in the future and report them, don't exaggerate. And certainly don't try to make it as media-effective as possible. They become media-effective all by themselves when the vulnerability is really significant. Very often, reports from white hats are very welcome and are usually taken seriously by companies. If you don't communicate on an eye-to-eye level, it can damage your reputation.