Tag: bug-bounty
-
Wegen KI-Spam: curl stellt Bug-Bounty ein
Das curl-Projekt muss nach Jahren und Tausenden Dollar an Sicherheitsforscher sein Bug-Bounty-Programm einstellen. Der Grund: LLMs. First seen on tarnkappe.info Jump to article: tarnkappe.info/kommentar/wegen-ki-spam-curl-stellt-bug-bounty-ein-325472.html
-
Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud
Tags: authentication, bug-bounty, control, corporate, defense, email, github, guide, hacker, malicious, malware, microsoft, vulnerabilitydisabling the ability to run lifecycle scripts, commands that run automatically during package installation,saving lockfile integrity checks (package-lock.json, pnpm-lock.yaml, and others) to version control (git). The lockfile records the exact version and integrity hash of every package in a dependency tree. On subsequent installs, the package manager checks incoming packages against these hashes, and if…
-
Node.js Sets New Standard for HackerOne Reports, Demands Signal of 1.0 or Higher
Node.js has implemented a new quality control measure on its HackerOne bug bounty program, requiring researchers to maintain a minimum Signal reputation score of 1.0 before submitting vulnerability reports. This policy change, announced by the OpenJS Foundation, aims to reduce the growing volume of low-quality submissions that have overwhelmed the security team’s triage capacity. The…
-
Node.js Sets New Standard for HackerOne Reports, Demands Signal of 1.0 or Higher
Node.js has implemented a new quality control measure on its HackerOne bug bounty program, requiring researchers to maintain a minimum Signal reputation score of 1.0 before submitting vulnerability reports. This policy change, announced by the OpenJS Foundation, aims to reduce the growing volume of low-quality submissions that have overwhelmed the security team’s triage capacity. The…
-
Curl ending bug bounty program after flood of AI slop reports
The developer of the popular curl command-line utility and library announced that the project will end its HackerOne security bug bounty program at the end of this month, after being overwhelmed by low-quality AI-generated vulnerability reports. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/curl-ending-bug-bounty-program-after-flood-of-ai-slop-reports/
-
Curl ending bug bounty program after flood of AI slop reports
The developer of the popular curl command-line utility and library announced that the project will end its HackerOne security bug bounty program at the end of this month, after being overwhelmed by low-quality AI-generated vulnerability reports. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/curl-ending-bug-bounty-program-after-flood-of-ai-slop-reports/
-
Curl shutters bug bounty program to remove incentive for submitting AI slop
Maintainer hopes hackers send bug reports anyway, will keep shaming ‘silly ones’ First seen on theregister.com Jump to article: www.theregister.com/2026/01/21/curl_ends_bug_bounty/
-
Bug-Bounty-Programm: Curl-Entwickler dreht dem KI-Schrott den Geldhahn zu
Massen an KI-generierten Bug-Reports belasten Open-Source-Entwickler. Das Curl-Projekt streicht die Prämien – und nimmt damit die Anreize. First seen on golem.de Jump to article: www.golem.de/news/bug-bounty-programm-curl-entwickler-dreht-dem-ki-schrott-den-geldhahn-zu-2601-204260.html
-
Are There IDORs Lurking in Your Code? LLMs Are Finding Critical Business Logic Vulns”, and They’re Everywhere
Security teams have always known that insecure direct object references (IDORs) and broken authorization vulnerabilities exist in their codebases. Ask any AppSec leader if they have IDOR issues, and most would readily admit they do. But here’s the uncomfortable truth: they’ve been dramatically underestimating the scope of the problem. Recent bug bounty data tells a..…
-
HackerOne ‘ghosted’ me for months over $8,500 bug bounty, says researcher
Long after CVEs issued and open source flaws fixed First seen on theregister.com Jump to article: www.theregister.com/2026/01/07/hackerone_ghosted_researcher/
-
Microsoft stellt neue Sicherheitsstrategie vor
Tags: ai, bug-bounty, cloud, cyberattack, governance, hacking, microsoft, open-source, phishing, RedTeam, risk, saas, service, strategy, tool, vulnerabilityMicrosoft hat angekündigt, dass sein Bug-Bounty-Programm ausgeweitet werden soll.Cyberangriffe beschränken sich heutzutage nicht auf bestimmte Unternehmen, Produkte oder Dienstleistungen sie finden dort statt, wo die Schwachstellen sind. Zudem werden die Attacken mit Hilfe von KI-Tools immer ausgefeilter. Vor diesem Hintergrund hat Microsoft seinen neuen Security-Ansatz ‘In Scope by Default” auf der Black Hat Europe angekündigt.Demnach…
-
Microsoft stellt neue Sicherheitsstrategie vor
Tags: ai, bug-bounty, cloud, cyberattack, governance, hacking, microsoft, open-source, phishing, RedTeam, risk, saas, service, strategy, tool, vulnerabilityMicrosoft hat angekündigt, dass sein Bug-Bounty-Programm ausgeweitet werden soll.Cyberangriffe beschränken sich heutzutage nicht auf bestimmte Unternehmen, Produkte oder Dienstleistungen sie finden dort statt, wo die Schwachstellen sind. Zudem werden die Attacken mit Hilfe von KI-Tools immer ausgefeilter. Vor diesem Hintergrund hat Microsoft seinen neuen Security-Ansatz ‘In Scope by Default” auf der Black Hat Europe angekündigt.Demnach…
-
Microsoft expands Bug Bounty scheme to include third-party software
The company is to offer bug bounty awards for people who report security vulnerabilities in third-party and open source software impacting Microsoft services First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366636178/Microsoft-expands-Bug-Bounty-scheme-to-include-third-party-software
-
Why bug bounty schemes have not led to secure software
Computer Weekly speaks to Katie Moussouris, security entrepreneur and bug bounty pioneer, about the life of security researchers, bug bounties and the artificial intelligence revolution First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366636232/Why-bug-bounty-schemes-have-not-led-to-secure-software
-
Hardware Hackers Urge Vendor Engagement for Security Success
Experts Detail Upsides of Bug Bounties and Getting Devices Into Researchers’ Hands. As fresh vulnerabilities in hardware keep coming to light, one question remains: What vendors can do to better prevent, identify and eradiate flaws? One shortlist offered by veteran hardware hackers centered on the upsides of engagement, including bug bounty programs. First seen on…
-
Hardware Hackers Urge Vendor Engagement for Security Success
Experts Detail Upsides of Bug Bounties and Getting Devices Into Researchers’ Hands. As fresh vulnerabilities in hardware keep coming to light, one question remains: What vendors can do to better prevent, identify and eradiate flaws? One shortlist offered by veteran hardware hackers centered on the upsides of engagement, including bug bounty programs. First seen on…
-
WhatsApp flaw allowed discovery of the 3.5 billion mobile numbers registered to the platform
Tags: api, attack, bug-bounty, business, china, cloud, dark-web, data, data-breach, encryption, flaw, government, mobile, phishing, phone, privacy, spam, technology, vulnerability, windowsHey there You are using WhatsApp, marks this as one of the most embarrassing weaknesses yet in the world’s most widely-used communication app.The vulnerability was in WhatsApp’s contact discovery mechanism, the foundation of how this and many similar apps work. When WhatsApp is installed, it asks for permission to match mobile numbers in a user’s…
-
WhatsApp flaw allowed discovery of the 3.5 billion mobile numbers registered to the platform
Tags: api, attack, bug-bounty, business, china, cloud, dark-web, data, data-breach, encryption, flaw, government, mobile, phishing, phone, privacy, spam, technology, vulnerability, windowsHey there You are using WhatsApp, marks this as one of the most embarrassing weaknesses yet in the world’s most widely-used communication app.The vulnerability was in WhatsApp’s contact discovery mechanism, the foundation of how this and many similar apps work. When WhatsApp is installed, it asks for permission to match mobile numbers in a user’s…
-
Bug Bounty Programs Rise as Key Strategic Security Solutions
Bug bounty programs create formal channels for organizations to leverage external security expertise, offering researchers legal protection and financial incentives for ethical vulnerability disclosure. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/bug-bounty-programs-rise-as-key-strategic-security-solutions
-
Meta Expands WhatsApp Security Research with New Proxy Tool and $4M in Bounties This Year
Meta on Tuesday said it has made available a tool called WhatsApp Research Proxy to some of its long-time bug bounty researchers to help improve the program and more effectively research the messaging platform’s network protocol.The idea is to make it easier to delve into WhatsApp-specific technologies as the application continues to be a lucrative…
-
Fighting AI with AI: Adversarial bots vs. autonomous threat hunters
Tags: access, ai, attack, automation, backup, breach, bug-bounty, cloud, credentials, cyber, cybersecurity, data, defense, endpoint, exploit, hacker, healthcare, identity, infrastructure, Internet, iot, least-privilege, malicious, network, phishing, startup, technology, threat, tool, update, vpn, vulnerability, zero-dayWhile there’s no doubt AI holds great potential for cybersecurity, in practice, it’s mainly being used to automate what we’re already doing. For companies to stand a chance, we need new approaches to AI-powered defense, not optimized ones. Attackers already have systemic advantages that AI amplifies dramatically. While there are some great examples of how…
-
Fighting AI with AI: Adversarial bots vs. autonomous threat hunters
Tags: access, ai, attack, automation, backup, breach, bug-bounty, cloud, credentials, cyber, cybersecurity, data, defense, endpoint, exploit, hacker, healthcare, identity, infrastructure, Internet, iot, least-privilege, malicious, network, phishing, startup, technology, threat, tool, update, vpn, vulnerability, zero-dayWhile there’s no doubt AI holds great potential for cybersecurity, in practice, it’s mainly being used to automate what we’re already doing. For companies to stand a chance, we need new approaches to AI-powered defense, not optimized ones. Attackers already have systemic advantages that AI amplifies dramatically. While there are some great examples of how…
-
Amazon rolls out AI bug bounty program
Select researchers and academic teams will get access to Amazon’s NOVA models next year as the tech giant continues to integrate the AI tools into its own tech stack. First seen on cyberscoop.com Jump to article: cyberscoop.com/amazon-bug-bounty-program-ai-nova/
-
Amazon rolls out AI bug bounty program
Select researchers and academic teams will get access to Amazon’s NOVA models next year as the tech giant continues to integrate the AI tools into its own tech stack. First seen on cyberscoop.com Jump to article: cyberscoop.com/amazon-bug-bounty-program-ai-nova/