Best thing ever: discovering an exploit that no one else has found (so far as you know).
Worst thing ever: being exploited.
Runner up: Learning about a beautiful exploit AFTER the company has implemented measures to stop it.
I was recently exposed to an excellent blog post about an exploit of the Kindle Unlimited system. For those
If I were to ask you what the most common type of hack is, you'd probably guess something like SSL Injection, or Buffer Overflow, or something of that nature. You wouldn't be entirely wrong, but there's a much more general answer that covers all those things:
The most common attack is bad input
When it boils