Tag: bug-bounty
-
iPhone besser vor Behördenzugriff schützen: Apple verdoppelt Bug-Bounty-Prämie
First seen on t3n.de Jump to article: t3n.de/news/iphone-apple-bug-bounty-1711809/
-
Apple Bug Bounty Payouts Can Now Top $5m
Apple has doubled its top bug bounty reward to $2m but with bonuses it could reach $5m First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/apple-bug-bounty-payouts-can-now/
-
Week in review: Hackers extorting Salesforce, CentreStack 0-day exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How to get better results from bug bounty programs without wasting money The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/12/week-in-review-hackers-extorting-salesforce-centrestack-0-day-exploited/
-
Week in review: Hackers extorting Salesforce, CentreStack 0-day exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How to get better results from bug bounty programs without wasting money The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/12/week-in-review-hackers-extorting-salesforce-centrestack-0-day-exploited/
-
Apple doubles maximum bug bounty to $2M for zero-click RCEs
Apple raised bug bounties to $2M for zero-click RCEs, doubling payouts. Since 2020, it’s paid $35M to 800 researchers. Apple doubled its bug bounty rewards, now offering up to $2 million for zero-click remote code execution flaws. Since 2020, the tech giant has paid $35M to 800 researchers. Apple aims to pay exploit chains comparable…
-
Apple bumps RCE bug bounties to $2M to counter commercial spyware vendors
Higher difficulty means higher rewards: The culmination of that work is what Apple now calls Memory Integrity Enforcement (MIE) and is a feature of its new A19 and A19 Pro chips found in its iPhone 17 and iPhone Air lineup. MIE is leveraged in iOS to protect the entire kernel and over 70 userland processes,…
-
Apple now offers $2 million for zero-click RCE vulnerabilities
Apple is announcing a major expansion and redesign of its bug bounty program, doubling maximum payouts, adding new research categories, and introducing a more transparent reward structure. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-now-offers-2-million-for-zero-click-rce-vulnerabilities/
-
Apple offers $2 million for zero-click exploit chains
Apple bug bounty program’s categories are expanding and rewards are rising, and zero-click exploit chains may now earn researchers up to $2 million. >>Our bonus … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/10/apple-bug-bounty-rewards-zero-click/
-
Apple offers $2 million for zero-click exploit chains
Apple bug bounty program’s categories are expanding and rewards are rising, and zero-click exploit chains may now earn researchers up to $2 million. >>Our bonus … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/10/apple-bug-bounty-rewards-zero-click/
-
Google Launches AI Bug Bounty with $30,000 Top Reward
Google has introduced a new AI Vulnerability Reward Program offering up to $30,000 for bug discoveries in its AI products First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-launches-ai-bug-bounty/
-
Google Launches AI Bug Bounty with $30,000 Top Reward
Google has introduced a new AI Vulnerability Reward Program offering up to $30,000 for bug discoveries in its AI products First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-launches-ai-bug-bounty/
-
Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits
With the mercenary spyware industry booming, Apple VP Ivan Krstić tells WIRED that the company is also offering bonuses that could bring the max total reward for iPhone exploits to $5 million. First seen on wired.com Jump to article: www.wired.com/story/apple-announces-2-million-bug-bounty-reward/
-
Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits
With the mercenary spyware industry booming, Apple VP Ivan Krstić tells WIRED that the company is also offering bonuses that could bring the max total reward for iPhone exploits to $5 million. First seen on wired.com Jump to article: www.wired.com/story/apple-announces-2-million-bug-bounty-reward/
-
Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits
With the mercenary spyware industry booming, Apple VP Ivan Krstić tells WIRED that the company is also offering bonuses that could bring the max total reward for iPhone exploits to $5 million. First seen on wired.com Jump to article: www.wired.com/story/apple-announces-2-million-bug-bounty-reward/
-
Google Launches Dedicated AI Bug Bounty Program with Rewards Up to $30,000
Google has unveiled a new AI Vulnerability Reward Program (VRP), offering payouts of up to $30,000 for researchers who successfully identify and report security flaws in its AI products, including its flagship Gemini platform. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/hack-gemini-ai/
-
Google Launches Dedicated AI Bug Bounty Program with Rewards Up to $30,000
Google has unveiled a new AI Vulnerability Reward Program (VRP), offering payouts of up to $30,000 for researchers who successfully identify and report security flaws in its AI products, including its flagship Gemini platform. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/hack-gemini-ai/
-
Google’s new AI bug bounty program pays up to $30,000 for flaws
This week, Google has launched an AI Vulnerability Reward Program dedicated to security researchers who find and report flaws in the company’s AI systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/google/googles-new-ai-bug-bounty-program-pays-up-to-30-000-for-flaws/
-
How to get better results from bug bounty programs without wasting money
The wrong bug bounty strategy can flood your team with low-value reports. The right one can surface critical vulnerabilities that would otherwise slip through. A new academic … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/07/bug-bounty-rewards-better-results/
-
How to get better results from bug bounty programs without wasting money
The wrong bug bounty strategy can flood your team with low-value reports. The right one can surface critical vulnerabilities that would otherwise slip through. A new academic … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/07/bug-bounty-rewards-better-results/
-
HackerOne paid $81 million in bug bounties over the past year
Bug bounty platform HackerOne announced that it paid out $81 million in rewards to white-hat hackers worldwide over the past 12 months. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackerone-paid-81-million-in-bug-bounties-over-the-past-year/
-
YesWeHack Bug Bounty Boosts Security Collaboration
Live Hacking Event Offers New Insights Over Traditional Testing. In today’s threat landscape, as attackers grow more sophisticated, organizations are finding that direct collaboration between ethical hackers and development teams offers advantages traditional testing methods can’t always match. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/yeswehack-bug-bounty-boosts-security-collaboration-a-29446
-
Cybersecurity Snapshot: Security Lags Cloud and AI Adoption, Tenable Report Finds, as CISA Lays Out Vision for CVE Program’s Future
Tags: access, ai, api, attack, automation, best-practice, breach, bug-bounty, business, cisa, cloud, communications, computer, control, cve, cyber, cybersecurity, data, data-breach, defense, encryption, exploit, framework, google, governance, government, identity, infrastructure, intelligence, international, Internet, linkedin, mitre, network, nist, office, open-source, privacy, programming, RedTeam, resilience, risk, risk-management, service, skills, software, strategy, tactics, technology, threat, tool, update, vulnerabilityCheck out Tenable’s report detailing challenges and best practices for cloud and AI security. Plus, CISA rolled out a roadmap for the CVE Program, while NIST updated its guidelines for secure software patches. And get the latest on TLS/SSL security and AI attack disclosures! Here are five things you need to know for the week…
-
Reflected XSS Flaw Enables Attackers to Evade Amazon CloudFront Protection Using Safari
A recent bug bounty discovery has drawn attention to a browser-specific reflected Cross-Site Scripting (XSS) vulnerability on help-ads.target.com. This flaw was found to bypass Amazon CloudFront’s Web Application Firewall (WAF) protections but could only be exploited on the Safari browser. The finding highlights the importance of testing for diverse browser behaviors during security assessments. Discovery…
-
Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure
Threat actors are attempting to leverage a newly released artificial intelligence (AI) offensive security tool called HexStrike AI to exploit recently disclosed security flaws.HexStrike AI, according to its website, is pitched as an AI”‘driven security platform to automate reconnaissance and vulnerability discovery with an aim to accelerate authorized red teaming operations, bug bounty hunting, First…
-
How Exposure Management Has Helped Tenable Reduce Risk and Align with the Business
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In the second of a two-part blog series, Tenable CSO Robert Huber shares how exposure management has helped him reduce risk and better align with the business. You can read the entire Exposure…
-
How Exposure Management Has Helped Tenable Reduce Risk and Align with the Business
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In the second of a two-part blog series, Tenable CSO Robert Huber shares how exposure management has helped him reduce risk and better align with the business. You can read the entire Exposure…
-
0-Click Zendesk Flaw Lets Hackers Hijack Accounts and View All Tickets
A critical zero-click vulnerability in Zendesk’s Android SDK has been uncovered, enabling attackers to hijack support accounts and harvest every ticket without any user interaction. Discovered during a private bug bounty program, the flaw stems from weak token generation and storage mechanisms within Zendesk’s mobile application. Vulnerability Overview Zendesk’s Android client generates authentication tokens by…
-
Record $250K Bug Bounty Awarded for Discovering Critical Chrome RCE Flaw
Google has awarded a record-breaking $250,000 bug bounty to security researcher Micky for discovering a critical remote code execution vulnerability in Google Chrome that could allow attackers to escape the browser’s sandbox protection. The flaw, tracked internally as issue 412578726, represents one of the most severe Chrome vulnerabilities discovered in recent years and highlights the…
-
Bug-Bounty-Prämie: 250.000 US-Dollar für eine Sicherheitslücke in Chrome
Angreifer können die Lücke ausnutzen, um aus der Sandbox von Google Chrome auszubrechen und Schadcode auf dem System auszuführen. First seen on golem.de Jump to article: www.golem.de/news/sandbox-escape-google-zahlt-250-000-us-dollar-fuer-eine-chrome-luecke-2508-199057.html
-
Höchste Bug-Bounty-Prämie: Google zahlt 250.000 US-Dollar für eine Chrome-Lücke
Angreifer können die Lücke ausnutzen, um aus der Sandbox von Google Chrome auszubrechen. Der Entdecker hat dafür eine Viertelmillion US-Dollar erhalten. First seen on golem.de Jump to article: www.golem.de/news/sandbox-escape-google-zahlt-250-000-us-dollar-fuer-eine-chrome-luecke-2508-199057.html