Tag: bug-bounty
-
Critical UniFi OS Flaw Enables Remote Code Execution
Tags: bug-bounty, control, credentials, cve, cyber, flaw, remote-code-execution, risk, router, vulnerabilitySecurity researchers have uncovered a severe unauthenticated Remote Code Execution vulnerability in Ubiquiti’s UniFi OS that earned a substantial $25,000 bug bounty reward. Tracked as CVE-2025-52665, this critical flaw allows attackers to gain complete control of UniFi devices without requiring any credentials or user interaction, posing significant risks to organizations using UniFi Dream Machine routers…
-
Critical UniFi OS Flaw Enables Remote Code Execution
Tags: bug-bounty, control, credentials, cve, cyber, flaw, remote-code-execution, risk, router, vulnerabilitySecurity researchers have uncovered a severe unauthenticated Remote Code Execution vulnerability in Ubiquiti’s UniFi OS that earned a substantial $25,000 bug bounty reward. Tracked as CVE-2025-52665, this critical flaw allows attackers to gain complete control of UniFi devices without requiring any credentials or user interaction, posing significant risks to organizations using UniFi Dream Machine routers…
-
Anthropic Claude Unternehmensdaten gefährdet
Tags: ai, api, bug, bug-bounty, cyberattack, data, exploit, google, infrastructure, injection, network, risk, vulnerabilityEin aktueller Report zeigt, wie sich über Anthropic Claude sensible Daten extrahieren lassen.Eine kürzlich bekannt gewordene Schwachstelle im KI-Assistenten Claude von Anthropic könnte von Angreifern ausgenutzt werden, um heimlich Unternehmensdaten zu exfiltrieren. Dabei lassen sich auch Sicherheitskonfigurationen umgehen, die solche Attacken eigentlich verhindern sollen. Wie sich das mithilfe indirekter Prompt-Injection-Techniken und Claudes Code Interpreter bewerkstelligen…
-
Anthropic Claude Unternehmensdaten gefährdet
Tags: ai, api, bug, bug-bounty, cyberattack, data, exploit, google, infrastructure, injection, network, risk, vulnerabilityEin aktueller Report zeigt, wie sich über Anthropic Claude sensible Daten extrahieren lassen.Eine kürzlich bekannt gewordene Schwachstelle im KI-Assistenten Claude von Anthropic könnte von Angreifern ausgenutzt werden, um heimlich Unternehmensdaten zu exfiltrieren. Dabei lassen sich auch Sicherheitskonfigurationen umgehen, die solche Attacken eigentlich verhindern sollen. Wie sich das mithilfe indirekter Prompt-Injection-Techniken und Claudes Code Interpreter bewerkstelligen…
-
Bug-Bounty-Programm trifft KI ein zweischneidiges Schwert
Tags: ai, api, bug-bounty, ciso, cloud, compliance, hacker, reverse-engineering, service, threat, tool, vulnerabilityKI-gestütztes Bug Hunting verspricht viele Vorteile. Ob sich diese auch in der Praxis verwirklichen, ist eine andere Sache.Künstliche Intelligenz (KI) wird zunehmend auch zum Treiber von Bug-Bounty-Programmen. Sicherheitsexperten greifen auf Large Language Models (LLMs) zurück, um:die Suche nach Schwachstellen zu automatisieren,Reverse Engineering von APIs zu bewerkstelligen, undCode-Basen schneller denn je zu durchleuchten.Allerdings gehen diese Effizienz-…
-
Bug-Bounty-Programm trifft KI ein zweischneidiges Schwert
Tags: ai, api, bug-bounty, ciso, cloud, compliance, hacker, reverse-engineering, service, threat, tool, vulnerabilityKI-gestütztes Bug Hunting verspricht viele Vorteile. Ob sich diese auch in der Praxis verwirklichen, ist eine andere Sache.Künstliche Intelligenz (KI) wird zunehmend auch zum Treiber von Bug-Bounty-Programmen. Sicherheitsexperten greifen auf Large Language Models (LLMs) zurück, um:die Suche nach Schwachstellen zu automatisieren,Reverse Engineering von APIs zu bewerkstelligen, undCode-Basen schneller denn je zu durchleuchten.Allerdings gehen diese Effizienz-…
-
Bug-Bounty-Programm trifft KI ein zweischneidiges Schwert
Tags: ai, api, bug-bounty, ciso, cloud, compliance, hacker, reverse-engineering, service, threat, tool, vulnerabilityKI-gestütztes Bug Hunting verspricht viele Vorteile. Ob sich diese auch in der Praxis verwirklichen, ist eine andere Sache.Künstliche Intelligenz (KI) wird zunehmend auch zum Treiber von Bug-Bounty-Programmen. Sicherheitsexperten greifen auf Large Language Models (LLMs) zurück, um:die Suche nach Schwachstellen zu automatisieren,Reverse Engineering von APIs zu bewerkstelligen, undCode-Basen schneller denn je zu durchleuchten.Allerdings gehen diese Effizienz-…
-
AI-powered bug hunting shakes up bounty industry, for better or worse
Tags: access, ai, authentication, automation, bug-bounty, business, ciso, cloud, control, credentials, data, detection, exploit, flaw, guide, identity, infrastructure, injection, intelligence, risk, risk-management, sql, strategy, supply-chain, threat, tool, vulnerabilityFirehose of ‘false positives’: Gunter Ollmann, CTO at Cobalt.io, warns that AI is exacerbating the existing problem that comes from vendors getting swamped with often low-quality bug submissions.Security researchers turning to AI is creating a “firehose of noise, false positives, and duplicates,” according to Ollmann.”The future of security testing isn’t about managing a crowd of…
-
AI-powered bug hunting shakes up bounty industry, for better or worse
Tags: access, ai, authentication, automation, bug-bounty, business, ciso, cloud, control, credentials, data, detection, exploit, flaw, guide, identity, infrastructure, injection, intelligence, risk, risk-management, sql, strategy, supply-chain, threat, tool, vulnerabilityFirehose of ‘false positives’: Gunter Ollmann, CTO at Cobalt.io, warns that AI is exacerbating the existing problem that comes from vendors getting swamped with often low-quality bug submissions.Security researchers turning to AI is creating a “firehose of noise, false positives, and duplicates,” according to Ollmann.”The future of security testing isn’t about managing a crowd of…
-
Top 10 Best Bug Bounty Platforms in 2025
As digital attack surfaces expand with rapid innovation in cloud, AI, and Web3 technologies, organizations increasingly rely on the collective intelligence of ethical hackers to identify vulnerabilities before malicious actors can exploit them. These platforms facilitate a structured, incentivized approach to security testing, offering unparalleled scalability, diversity of expertise, and cost-effectiveness compared to traditional security…
-
iPhone besser vor Behördenzugriff schützen: Apple verdoppelt Bug-Bounty-Prämie
First seen on t3n.de Jump to article: t3n.de/news/iphone-apple-bug-bounty-1711809/
-
Apple Bug Bounty Payouts Can Now Top $5m
Apple has doubled its top bug bounty reward to $2m but with bonuses it could reach $5m First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/apple-bug-bounty-payouts-can-now/
-
Week in review: Hackers extorting Salesforce, CentreStack 0-day exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How to get better results from bug bounty programs without wasting money The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/12/week-in-review-hackers-extorting-salesforce-centrestack-0-day-exploited/
-
Week in review: Hackers extorting Salesforce, CentreStack 0-day exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How to get better results from bug bounty programs without wasting money The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/12/week-in-review-hackers-extorting-salesforce-centrestack-0-day-exploited/
-
Apple doubles maximum bug bounty to $2M for zero-click RCEs
Apple raised bug bounties to $2M for zero-click RCEs, doubling payouts. Since 2020, it’s paid $35M to 800 researchers. Apple doubled its bug bounty rewards, now offering up to $2 million for zero-click remote code execution flaws. Since 2020, the tech giant has paid $35M to 800 researchers. Apple aims to pay exploit chains comparable…
-
Apple bumps RCE bug bounties to $2M to counter commercial spyware vendors
Higher difficulty means higher rewards: The culmination of that work is what Apple now calls Memory Integrity Enforcement (MIE) and is a feature of its new A19 and A19 Pro chips found in its iPhone 17 and iPhone Air lineup. MIE is leveraged in iOS to protect the entire kernel and over 70 userland processes,…
-
Apple now offers $2 million for zero-click RCE vulnerabilities
Apple is announcing a major expansion and redesign of its bug bounty program, doubling maximum payouts, adding new research categories, and introducing a more transparent reward structure. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-now-offers-2-million-for-zero-click-rce-vulnerabilities/
-
Apple offers $2 million for zero-click exploit chains
Apple bug bounty program’s categories are expanding and rewards are rising, and zero-click exploit chains may now earn researchers up to $2 million. >>Our bonus … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/10/apple-bug-bounty-rewards-zero-click/
-
Apple offers $2 million for zero-click exploit chains
Apple bug bounty program’s categories are expanding and rewards are rising, and zero-click exploit chains may now earn researchers up to $2 million. >>Our bonus … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/10/apple-bug-bounty-rewards-zero-click/
-
Google Launches AI Bug Bounty with $30,000 Top Reward
Google has introduced a new AI Vulnerability Reward Program offering up to $30,000 for bug discoveries in its AI products First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-launches-ai-bug-bounty/
-
Google Launches AI Bug Bounty with $30,000 Top Reward
Google has introduced a new AI Vulnerability Reward Program offering up to $30,000 for bug discoveries in its AI products First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-launches-ai-bug-bounty/
-
Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits
With the mercenary spyware industry booming, Apple VP Ivan Krstić tells WIRED that the company is also offering bonuses that could bring the max total reward for iPhone exploits to $5 million. First seen on wired.com Jump to article: www.wired.com/story/apple-announces-2-million-bug-bounty-reward/
-
Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits
With the mercenary spyware industry booming, Apple VP Ivan Krstić tells WIRED that the company is also offering bonuses that could bring the max total reward for iPhone exploits to $5 million. First seen on wired.com Jump to article: www.wired.com/story/apple-announces-2-million-bug-bounty-reward/
-
Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits
With the mercenary spyware industry booming, Apple VP Ivan Krstić tells WIRED that the company is also offering bonuses that could bring the max total reward for iPhone exploits to $5 million. First seen on wired.com Jump to article: www.wired.com/story/apple-announces-2-million-bug-bounty-reward/
-
Google Launches Dedicated AI Bug Bounty Program with Rewards Up to $30,000
Google has unveiled a new AI Vulnerability Reward Program (VRP), offering payouts of up to $30,000 for researchers who successfully identify and report security flaws in its AI products, including its flagship Gemini platform. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/hack-gemini-ai/
-
Google Launches Dedicated AI Bug Bounty Program with Rewards Up to $30,000
Google has unveiled a new AI Vulnerability Reward Program (VRP), offering payouts of up to $30,000 for researchers who successfully identify and report security flaws in its AI products, including its flagship Gemini platform. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/hack-gemini-ai/