Tag: bug-bounty
-
New Windows zero-day feared abused in widespread espionage for years
by
in SecurityNews.The zero-day vulnerability, tracked as ZDI-CAN-25373, has yet to be publicly acknowledged and assigned a CVE-ID by Microsoft. ZDI-CAN-25373 has to do with the way Windows displays the contents of .lnk files, a type of binary file used by Windows to act as a shortcut to a file, folder, or application, through the Windows UI.A…
-
Hacker nutzen alte Windows-Sicherheitslücke aus Microsoft tut nichts
by
in SecurityNews
Tags: bug, bug-bounty, china, cyberattack, exploit, germany, hacker, iran, microsoft, military, north-korea, update, vulnerability, windowsExperten des Sicherheits-Unternehmens Trend Micro haben eine als ZDI-CAN-25373 bezeichnete Sicherheitslücke in Windows entdeckt, die Angreifer seit mindestens 2017 ausnutzen. Über die Lücke können die Angreifer Schadcode auf den betroffenen Windows-Rechnern ausführen, sofern der Benutzer eine verseuchte Webseite besucht oder eine infizierte Datei öffnet.Die Lücke steckt in der Vorgehensweise, wie Windows .lnk-Dateien (Verknüpfungsdateien) verarbeitet. Angreifer können Kommandozeilen-Befehle, die…
-
Not all cuts are equal: Security budget choices disproportionately impact risk
by
in SecurityNews
Tags: ai, application-security, attack, awareness, backdoor, breach, bug-bounty, business, ceo, ciso, cloud, compliance, container, control, cyber, cybersecurity, data, iam, identity, incident response, infrastructure, monitoring, phishing, risk, risk-management, service, software, strategy, technology, threat, tool, training, update, usa, vulnerability[Source: Splunk] As cyber threats evolve at an unprecedented pace, delaying essential technology upgrades can severely impact an organization. The newest technological updates are introduced to enhance an organization’s security offerings and directly address recently identified challenges.”Outdated systems lack new features and functionality that allow for more sophisticated offerings, like moving to the cloud,” Kirsty…
-
Google Pays Out Nearly $12M in 2024 Bug Bounty Program
by
in SecurityNewsThe program underwent a series of changes in the past year, including richer maximum rewards in a variety of bug categories. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/google-pays-nearly-12m-2024-bug-bounty-program
-
Google paid $12 million in bug bounties last year to security researchers
by
in SecurityNewsGoogle paid almost $12 million in bug bounty rewards to 660 security researchers who reported security bugs through the company’s Vulnerability Reward Program (VRP) in 2024. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-paid-12-million-in-bug-bounties-last-year-to-security-researchers/
-
Google Paid Out $12 Million via Bug Bounty Programs in 2024
by
in SecurityNewsIn 2024, Google paid out nearly $12 million in bug bounties through its revamped vulnerability reward programs. The post Google Paid Out $12 Million via Bug Bounty Programs in 2024 appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/google-paid-out-12-million-via-bug-bounty-programs-in-2024/
-
DEF CON 32 Efficient Bug Bounty Automation Techniques
by
in SecurityNewsAuthor/Presenter: Gunnar Andrews Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/def-con-32-efficient-bug-bounty-automation-techniques/
-
90,000 WordPress Sites Exposed to Local File Inclusion Attacks
by
in SecurityNewsA critical vulnerability (CVE-2025-0366) in the Jupiter X Core WordPress plugin, actively installed on over 90,000 websites, was disclosed on January 6, 2025. The flaw enables authenticated attackers with contributor-level privileges to execute remote code via chained Local File Inclusion (LFI) and malicious SVG uploads. Discovered by researcher stealthcopter through the Wordfence Bug Bounty Program, the vulnerability…
-
Duo Wins $50K Bug Bounty for Supply Chain Flaw in Newly Acquired Firm
by
in SecurityNewsResearchers earned a $50,500 Bug Bounty after uncovering a critical supply chain flaw in a newly acquired firm,… First seen on hackread.com Jump to article: hackread.com/duo-bug-bounty-supply-chain-flaw-newly-acquired-firm/
-
Meta’s Bug Bounty Initiative Pays $2.3 Million to Security Researchers in 2024
by
in SecurityNewsMeta’s commitment to cybersecurity took center stage in 2024 as the tech giant awarded over $2.3 million in payouts to global security researchers participating in its bug bounty program. Since its inception in 2011, the initiative has grown into a pillar of Meta’s defense strategy, with total payouts now exceeding $20 million. This annual highlight…
-
Meta Paid Out Over $2.3 Million in Bug Bounties in 2024
by
in SecurityNewsMeta received close to 10,000 vulnerability reports and paid out over $2.3 million in bug bounty rewards in 2024. The post Meta Paid Out Over $2.3 Million in Bug Bounties in 2024 appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/meta-paid-out-over-2-3-million-in-bug-bounties-in-2024/
-
In Other News: $10,000 YouTube Flaw, Cybereason CEO Sues Investors, New OT Security Tool
by
in SecurityNewsNoteworthy stories that might have slipped under the radar: Google pays $10,000 bug bounty for YouTube vulnerability, Cybereason CEO sues two investors, Otorio launches new OT security tool. The post In Other News: $10,000 YouTube Flaw, Cybereason CEO Sues Investors, New OT Security Tool appeared first on SecurityWeek. First seen on securityweek.com Jump to article:…
-
Google Pays Out $55,000 Bug Bounty for Chrome Vulnerability
by
in SecurityNewsGoogle has released a Chrome 133 update to address four high-severity vulnerabilities reported by external researchers. The post Google Pays Out $55,000 Bug Bounty for Chrome Vulnerability appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/google-pays-out-55000-bug-bounty-for-chrome-vulnerability/
-
Researchers Breach Software Supply Chain and Secure $50K Bug Bounty
by
in SecurityNews
Tags: breach, bug-bounty, cyber, cybersecurity, data-breach, exploit, flaw, software, supply-chain, vulnerabilityA duo of cybersecurity researchers uncovered a critical vulnerability in a software supply chain, landing them an extraordinary $50,500 bug bounty. The exploit, described as an “Exceptional Vulnerability,” not only exposed systemic flaws in software supply chain security but also demonstrated just how far-reaching the impact of overlooked weak points can be. The researchers, who…
-
Microsoft raises rewards for Copilot AI bug bounty program
by
in SecurityNewsMicrosoft announced over the weekend that it has expanded its Microsoft Copilot (AI) bug bounty program and increased payouts for moderate severity vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-raises-rewards-for-copilot-ai-bug-bounty-program/
-
Microsoft Expands Copilot Bug Bounty Program, Increases Payouts
by
in SecurityNewsMicrosoft has added more Copilot consumer products to its bug bounty program and is offering higher rewards for medium-severity vulnerabilities. The post Microsoft Expands Copilot Bug Bounty Program, Increases Payouts appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-expands-copilot-bug-bounty-program-increases-payouts/
-
DEF CON 32 Top War Stories From A TryHard Bug Bounty Hunter
by
in SecurityNewsAuthor/Presenter: Justin Rhynorater Gardner Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/def-con-32-top-war-stories-from-a-tryhard-bug-bounty-hunter/
-
GitHub Vulnerability Exposes User Credentials via Malicious Repositories
by
in SecurityNewsA cybersecurity researcher recently disclosed several critical vulnerabilities affecting Git-related projects, revealing how improper handling of credential protocols can lead to sensitive data leaks. From GitHub Desktop to Git Credential Manager and Git LFS, these issues were uncovered during a routine bug-hunting session for the GitHub Bug Bounty program, resulting in the assignment of multiple…
-
Security Researchers Discover Critical RCE Vulnerability, Earned $40,000 Bounty
by
in SecurityNewsCybersecurity researchers Abdullah Nawaf and Orwa Atyat, successfully escalated a limited path traversal vulnerability into a full-blown remote code execution (RCE). Their discovery earned a massive $40,000 bounty from the targeted organization’s bug bounty program. The team documented their step-by-step approach, leaving the cybersecurity community with valuable lessons on persistence, creativity, and methodical bug hunting.…
-
Security Researchers Discover Critical RCE Vulnerability, Earn $40,000 Bounty
by
in SecurityNewsCybersecurity researchers Abdullah Nawaf and Orwa Atyat, successfully escalated a limited path traversal vulnerability into a full-blown remote code execution (RCE). Their discovery earned a massive $40,000 bounty from the targeted organization’s bug bounty program. The team documented their step-by-step approach, leaving the cybersecurity community with valuable lessons on persistence, creativity, and methodical bug hunting.…
-
Researchers Used ChatGPT to Discover S3 Bucket Takeover Vulnerability in Red Bull
by
in SecurityNewsBug bounty programs have emerged as a critical avenue for researchers to identify vulnerabilities in digital platforms. One such success story involves a recent discovery made within the Red Bull bug bounty program, where a security researcher utilized ChatGPT to craft a domain monitoring script that ultimately led to the identification of a significant Amazon…
-
Diese Security-Technologien haben ausgedient
by
in SecurityNews
Tags: ai, authentication, bug-bounty, ciso, cloud, compliance, credentials, cyberattack, cyersecurity, firewall, gartner, Hardware, network, password, penetration-testing, risk, service, siem, strategy, tool, vpn, vulnerability, waf, zero-trust -
Bug Bounty Bonanza: $40,000 Reward for Escalating Limited Path Traversal to RCE
by
in SecurityNewsAs a dedicated bug bounty hunter with an enviable track record on BugCrowd, Abdullah Nawaf, Full full-time bug Bounty Hunter, thrives on the thrill of discovery and the challenge of finding high-impact vulnerabilities. Recently, alongside his colleague Orwa Atyat, they achieved a notable success: turning a limited path traversal vulnerability into a fully-fledged remote code execution…
-
Beware cybersecurity tech that’s past its prime, 5 areas to check or retire
by
in SecurityNews
Tags: access, advisory, ai, antivirus, attack, authentication, breach, bug-bounty, ciso, cloud, control, credentials, cyberattack, cybersecurity, data, data-breach, defense, detection, encryption, endpoint, firewall, Hardware, network, password, penetration-testing, risk, router, siem, software, strategy, switch, threat, tool, vpn, vulnerability, waf, zero-trustCybersecurity leaders can choose from an ever-expanding list of digital tools to help them ward off attacks and, based on market projections, they’re implementing plenty of those options.Gartner predicts a 15% increase in cybersecurity spending for 2025, with global expenditures expected to reach $212 billion in the upcoming year. The research and consulting firm says…
-
DEF CON 32 Practical Exploitation of DoS in Bug Bounty
by
in SecurityNewsAuthor/Presenter: Roni Lupin Carta Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/def-con-32-practical-exploitation-of-dos-in-bug-bounty/
-
Gen AI is transforming the cyber threat landscape by democratizing vulnerability hunting
by
in SecurityNews
Tags: ai, api, apt, attack, bug-bounty, business, chatgpt, cloud, computing, conference, credentials, cve, cyber, cybercrime, cyberespionage, cybersecurity, data, defense, detection, email, exploit, finance, firewall, flaw, framework, github, government, group, guide, hacker, hacking, incident response, injection, LLM, malicious, microsoft, open-source, openai, penetration-testing, programming, rce, RedTeam, remote-code-execution, service, skills, software, sql, tactics, threat, tool, training, update, vulnerability, waf, zero-dayGenerative AI has had a significant impact on a wide variety of business processes, optimizing and accelerating workflows and in some cases reducing baselines for expertise.Add vulnerability hunting to that list, as large language models (LLMs) are proving to be valuable tools in assisting hackers, both good and bad, in discovering software vulnerabilities and writing…
-
Bug bounty programs: Why companies need them now more than ever
by
in SecurityNews
Tags: attack, best-practice, bug-bounty, business, crypto, cyber, cybercrime, cybersecurity, defense, exploit, finance, guide, hacker, hacking, jobs, malicious, ransom, strategy, threat, tool, update, vulnerability, zero-dayIn the fast-evolving landscape of cybersecurity, the need for proactive measures has become more pressing than ever.When I first entered the cybersecurity field, the primary threats were largely opportunistic hackers exploiting known vulnerabilities and multi-million-dollar ransoms were unheard of. Today, the stakes are significantly higher. According to Cybersecurity Ventures, cybercrime is expected to cost the…
-
Crypto.com Launches Massive $2m Bug Bounty Program
by
in SecurityNews
Tags: bug-bountyCrypto.com has launched a massive $2m bug bounty program on HackerOne, the largest ever offered on the platform, to enhance platform security First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cryptocom-launches-2m-bug-bounty/
-
835 Sicherheitslücken durch White Hat Hacker aufgedeckt
by
in SecurityNewsSogenannte White-Hat-Hacker, die auf der Seite des Gesetzes stehen, haben im Jahr 2023 835 Sicherheitslücken entdeckt und über Bug-Bounty-Programme 45… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/835-sicherheitslucken-durch-white-hat-hacker-aufgedeckt