Tag: bug-bounty
-
0-Click Zendesk Flaw Lets Hackers Hijack Accounts and View All Tickets
A critical zero-click vulnerability in Zendesk’s Android SDK has been uncovered, enabling attackers to hijack support accounts and harvest every ticket without any user interaction. Discovered during a private bug bounty program, the flaw stems from weak token generation and storage mechanisms within Zendesk’s mobile application. Vulnerability Overview Zendesk’s Android client generates authentication tokens by…
-
Record $250K Bug Bounty Awarded for Discovering Critical Chrome RCE Flaw
Google has awarded a record-breaking $250,000 bug bounty to security researcher Micky for discovering a critical remote code execution vulnerability in Google Chrome that could allow attackers to escape the browser’s sandbox protection. The flaw, tracked internally as issue 412578726, represents one of the most severe Chrome vulnerabilities discovered in recent years and highlights the…
-
Bug-Bounty-Prämie: 250.000 US-Dollar für eine Sicherheitslücke in Chrome
Angreifer können die Lücke ausnutzen, um aus der Sandbox von Google Chrome auszubrechen und Schadcode auf dem System auszuführen. First seen on golem.de Jump to article: www.golem.de/news/sandbox-escape-google-zahlt-250-000-us-dollar-fuer-eine-chrome-luecke-2508-199057.html
-
Höchste Bug-Bounty-Prämie: Google zahlt 250.000 US-Dollar für eine Chrome-Lücke
Angreifer können die Lücke ausnutzen, um aus der Sandbox von Google Chrome auszubrechen. Der Entdecker hat dafür eine Viertelmillion US-Dollar erhalten. First seen on golem.de Jump to article: www.golem.de/news/sandbox-escape-google-zahlt-250-000-us-dollar-fuer-eine-chrome-luecke-2508-199057.html
-
Akamai Ghost Platform Flaw Allows Hidden Second Request Injection
Akamai Technologies disclosed a critical HTTP request smuggling vulnerability affecting its content delivery network platform that could allow attackers to inject hidden secondary requests through a sophisticated exploitation technique. The vulnerability, designated CVE-2025-32094, was discovered through the company’s bug bounty program and has been resolved across all customer deployments without evidence of successful exploitation in…
-
Microsoft now pays up to $40,000 for some .NET vulnerabilities
Microsoft has expanded its .NET bug bounty program and increased rewards to $40,000 for some .NET and ASP.NET Core vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-now-pays-up-to-40-000-for-some-net-vulnerabilities/
-
AI slop and fake reports are coming for your bug bounty programs
“We’re getting a lot of stuff that looks like gold, but it’s actually just crap,” said the founder of one security testing firm. AI-generated security vulnerability reports are already having an effect on bug hunting, for better and worse. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/24/ai-slop-and-fake-reports-are-exhausting-some-security-bug-bounties/
-
ExpressVPN Windows Client Flaw Could Expose User Information
ExpressVPN disclosed a vulnerability in its Windows desktop client that, under specific circumstances, could have permitted the leakage of user connection details. The flaw was discovered by security researcher Adam-X through ExpressVPN’s bug bounty program and pertains to Remote Desktop Protocol (RDP) and other TCP traffic routed over port 3389. Although the bug did not…
-
Grafana Flaws Allow User Redirection and Code Execution in Dashboards
Grafana Labs has released critical security patches addressing two significant vulnerabilities that could enable attackers to redirect users to malicious websites and execute arbitrary code within dashboard environments. The security update addresses CVE-2025-6023, a high-severity cross-site scripting (XSS) vulnerability, and CVE-2025-6197, a medium-severity open redirect flaw, both discovered through the company’s bug bounty program. Critical…
-
Curl creator mulls nixing bug bounty awards to stop AI slop
Maintainers struggle to handle growing flow of low-quality bug reports written by bots First seen on theregister.com Jump to article: www.theregister.com/2025/07/15/curl_creator_mulls_nixing_bug/
-
Wegen KI-Schrott: Curl-Entwickler erwägt Ende der Bug-Bounty-Prämien
Minderwertige Bug-Reports belasten Open-Source-Entwickler immer stärker. Curl-Maintainer Daniel Stenberg zieht nun radikale Maßnahmen in Erwägung. First seen on golem.de Jump to article: www.golem.de/news/wegen-ki-schrott-curl-entwickler-erwaegt-ende-der-bug-bounty-praemien-2507-198123.html
-
Discovery of compromised Shellter security tool raises disclosure debate
ensure that any testing is legal and authorized;respect the privacy of others;make reasonable efforts to contact the security team of the organization;provide sufficient details to allow the vulnerabilities to be verified and reproduced;not demand payment or rewards for reporting vulnerabilities outside of an established bug bounty program.Organizations shouldprovide a clear method for researchers to securely…
-
Forscher macht aus gelöschten Commits 25.000 US-Dollar
Wer glaubt, unabsichtlich committete Zugangsdaten in einem Github-Repo einfach löschen zu können, der irrt. Ein Forscher kassiert damit Bug-Bounty-Prämien. First seen on golem.de Jump to article: www.golem.de/news/github-forscher-macht-aus-geloeschten-commits-25-000-us-dollar-2507-197760.html
-
1inch rolls out expanded bug bounties with rewards up to $500K
1inch, the leading DeFi aggregator, has launched an upgraded bug bounty initiative, covering five key areas of its platform, with rewards of up to $500,000. Through this initiative 1inch demonstrates its commitment to maintaining the highest level of security across its smart contracts, wallet, dApp, developer tools and infrastructure. As DeFi continues to mature, so…
-
Review: Redefining Hacking
Redefining Hacking takes a look at how red teaming and bug bounty hunting are changing, especially now that AI is becoming a bigger part of the job. About the authors Omar … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/23/review-redefining-hacking/
-
Atlassian Alerts Users to Multiple Critical Vulnerabilities Affecting Data Center Server
Atlassian has released its May 2025 Security Bulletin addressing eight high-severity vulnerabilities affecting multiple enterprise products in its Data Center and Server offerings. The vulnerabilities, discovered through Atlassian’s Bug Bounty program, penetration testing processes, and third-party library scans, pose significant security risks including denial-of-service (DoS) attacks and privilege escalation. All identified issues have been patched…
-
WordPress Plugin Flaw Puts 22,000 Websites at Risk of Cyber Attacks
A severe security flaw has been uncovered in the Motors WordPress theme, a popular choice for car dealerships and listings with over 22,000 sales on ThemeForest. Researcher Foxyyy reported a critical Privilege Escalation vulnerability through the Wordfence Bug Bounty Program, earning a $1,073 bounty for their detailed and reproducible submission. This vulnerability, rated 9.8 (Critical)…
-
New Adobe Photoshop Vulnerability Enables Arbitrary Code Execution
Adobe has released critical security updates addressing three high-severity vulnerabilities (CVE-2025-30324, CVE-2025-30325, CVE-2025-30326) in Photoshop 2024 and 2025 that could enable arbitrary code execution on Windows and macOS systems. The flaws, discovered by external researcher yjdfy through Adobe’s HackerOne bug bounty program, involve memory corruption risks stemming from integer manipulation and uninitialized pointer access. While…
-
AI-Driven Fake Vulnerability Reports Flooding Bug Bounty Platforms
AI-generated bogus vulnerability reports, or >>AI slop,
-
Open-Source Platforms Are More Secure Than Proprietary Ones
Elastic CEO Ash Kulkarni on How AI Transforms Security Data Analysis. Ash Kulkarni, CEO at Elastic, discussed how bug bounty projects and close scrutiny by millions of developers worldwide have made open-source projects more secure than proprietary solutions. He recommends open APIs and interoperability as the future of effective security solutions. First seen on govinfosecurity.com…
-
Microsoft now pays up to $30,000 for some AI vulnerabilities
Microsoft announced an increase in bug bounty payouts to $30,000 for AI vulnerabilities found in Dynamics 365 and Power Platform services and products. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-now-pays-up-to-30-000-for-some-ai-vulnerabilities/
-
Top 16 OffSec, pen-testing, and ethical hacking certifications
Tags: access, android, antivirus, application-security, attack, authentication, blockchain, bug-bounty, business, cisco, cloud, computing, credentials, crypto, cryptography, cyber, cybersecurity, data, defense, detection, encryption, exploit, guide, hacker, hacking, incident response, injection, iot, jobs, kali, linux, malware, microsoft, mitigation, mobile, network, penetration-testing, RedTeam, remote-code-execution, reverse-engineering, risk, risk-assessment, sap, skills, sql, technology, threat, tool, training, update, vulnerability, windowsExperiential learning Offensive security can’t be fully mastered through lectures alone. Candidates need hands-on training in lab environments to develop practical skills. Ideally, certification exams should include a practical assessment, such as developing an exploit to compromise a system.Because individuals learn OffSec techniques, such as penetration testing, in different ways, the most effective certifications offer…
-
EncryptHub’s dual life: Cybercriminal vs Windows bug-bounty researcher
EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling the line between cybercrime and security research. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/encrypthubs-dual-life-cybercriminal-vs-windows-bug-bounty-researcher/
-
50,000+ WordPress Sites Vulnerable to Privilege Escalation Attacks
In a recent cybersecurity development, over 50,000 WordPress websites using the Uncanny Automator plugin have been identified as vulnerable to a critical privilege escalation attack. This vulnerability, discovered by security researcher mikemyers through the Wordfence Bug Bounty Program, allows authenticated attackers with subscriber-level access or higher to escalate their privileges to that of an administrator.…
-
OpenAI now pays researchers $100,000 for critical vulnerabilities
Artificial intelligence company OpenAI has announced a fivefold increase in the maximum bug bounty rewards for “exceptional and differentiated” critical security vulnerabilities from $20,000 to $100,000. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/openai-now-pays-researchers-100-000-for-critical-vulnerabilities/
-
OpenAI’s New Security Plan Rewards ‘Critical’ Bug Discovery
Max Payout for Bug Bounty Program Up From $20,000 to $100,000. OpenAI announced a cybersecurity initiative that aims to improve the resilience of its artificial intelligence systems by rewarding the discovery of critical vulnerabilities and improving threat mitigation. OpenAI raised the maximum payout for its bug bounty program from $20,000 to $100,000. First seen on…
-
OpenAI Bumps Up Bug Bounty Reward to $100K in Security Update
The artificial intelligence research company previously had its maximum payout set at $20,000 before exponentially raising the reward. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/openai-bug-bounty-reward-100k
-
OpenAI Bug Bounty Program Increases Top Reward to $100,000
OpenAI Bug Bounty program boosts max reward to $100,000, expanding scope and offering new incentives to enhance AI security and reliability. First seen on hackread.com Jump to article: hackread.com/openai-bug-bounty-program-increases-top-reward/