Basically 95% of "hacks" nowadays are either just social engineering or someone left an S3 bucket public. Whitehack hacking / going after bug bounties is a slave-tier exercise and honestly a pretty embarrassing pursuit. CVE filing has become a joke. The actual security field / companies all basically sell snake oil. "Compliance" is basically a meme, security audits are literally a scam