Tag: bug-bounty
-
Akamai Ghost Platform Flaw Allows Hidden Second Request Injection
Akamai Technologies disclosed a critical HTTP request smuggling vulnerability affecting its content delivery network platform that could allow attackers to inject hidden secondary requests through a sophisticated exploitation technique. The vulnerability, designated CVE-2025-32094, was discovered through the company’s bug bounty program and has been resolved across all customer deployments without evidence of successful exploitation in…
-
Microsoft now pays up to $40,000 for some .NET vulnerabilities
Microsoft has expanded its .NET bug bounty program and increased rewards to $40,000 for some .NET and ASP.NET Core vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-now-pays-up-to-40-000-for-some-net-vulnerabilities/
-
AI slop and fake reports are coming for your bug bounty programs
“We’re getting a lot of stuff that looks like gold, but it’s actually just crap,” said the founder of one security testing firm. AI-generated security vulnerability reports are already having an effect on bug hunting, for better and worse. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/24/ai-slop-and-fake-reports-are-exhausting-some-security-bug-bounties/
-
ExpressVPN Windows Client Flaw Could Expose User Information
ExpressVPN disclosed a vulnerability in its Windows desktop client that, under specific circumstances, could have permitted the leakage of user connection details. The flaw was discovered by security researcher Adam-X through ExpressVPN’s bug bounty program and pertains to Remote Desktop Protocol (RDP) and other TCP traffic routed over port 3389. Although the bug did not…
-
Grafana Flaws Allow User Redirection and Code Execution in Dashboards
Grafana Labs has released critical security patches addressing two significant vulnerabilities that could enable attackers to redirect users to malicious websites and execute arbitrary code within dashboard environments. The security update addresses CVE-2025-6023, a high-severity cross-site scripting (XSS) vulnerability, and CVE-2025-6197, a medium-severity open redirect flaw, both discovered through the company’s bug bounty program. Critical…
-
Curl creator mulls nixing bug bounty awards to stop AI slop
Maintainers struggle to handle growing flow of low-quality bug reports written by bots First seen on theregister.com Jump to article: www.theregister.com/2025/07/15/curl_creator_mulls_nixing_bug/
-
Wegen KI-Schrott: Curl-Entwickler erwägt Ende der Bug-Bounty-Prämien
Minderwertige Bug-Reports belasten Open-Source-Entwickler immer stärker. Curl-Maintainer Daniel Stenberg zieht nun radikale Maßnahmen in Erwägung. First seen on golem.de Jump to article: www.golem.de/news/wegen-ki-schrott-curl-entwickler-erwaegt-ende-der-bug-bounty-praemien-2507-198123.html
-
Discovery of compromised Shellter security tool raises disclosure debate
ensure that any testing is legal and authorized;respect the privacy of others;make reasonable efforts to contact the security team of the organization;provide sufficient details to allow the vulnerabilities to be verified and reproduced;not demand payment or rewards for reporting vulnerabilities outside of an established bug bounty program.Organizations shouldprovide a clear method for researchers to securely…
-
Forscher macht aus gelöschten Commits 25.000 US-Dollar
Wer glaubt, unabsichtlich committete Zugangsdaten in einem Github-Repo einfach löschen zu können, der irrt. Ein Forscher kassiert damit Bug-Bounty-Prämien. First seen on golem.de Jump to article: www.golem.de/news/github-forscher-macht-aus-geloeschten-commits-25-000-us-dollar-2507-197760.html
-
1inch rolls out expanded bug bounties with rewards up to $500K
1inch, the leading DeFi aggregator, has launched an upgraded bug bounty initiative, covering five key areas of its platform, with rewards of up to $500,000. Through this initiative 1inch demonstrates its commitment to maintaining the highest level of security across its smart contracts, wallet, dApp, developer tools and infrastructure. As DeFi continues to mature, so…
-
Review: Redefining Hacking
Redefining Hacking takes a look at how red teaming and bug bounty hunting are changing, especially now that AI is becoming a bigger part of the job. About the authors Omar … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/23/review-redefining-hacking/
-
Atlassian Alerts Users to Multiple Critical Vulnerabilities Affecting Data Center Server
Atlassian has released its May 2025 Security Bulletin addressing eight high-severity vulnerabilities affecting multiple enterprise products in its Data Center and Server offerings. The vulnerabilities, discovered through Atlassian’s Bug Bounty program, penetration testing processes, and third-party library scans, pose significant security risks including denial-of-service (DoS) attacks and privilege escalation. All identified issues have been patched…
-
WordPress Plugin Flaw Puts 22,000 Websites at Risk of Cyber Attacks
A severe security flaw has been uncovered in the Motors WordPress theme, a popular choice for car dealerships and listings with over 22,000 sales on ThemeForest. Researcher Foxyyy reported a critical Privilege Escalation vulnerability through the Wordfence Bug Bounty Program, earning a $1,073 bounty for their detailed and reproducible submission. This vulnerability, rated 9.8 (Critical)…
-
New Adobe Photoshop Vulnerability Enables Arbitrary Code Execution
Adobe has released critical security updates addressing three high-severity vulnerabilities (CVE-2025-30324, CVE-2025-30325, CVE-2025-30326) in Photoshop 2024 and 2025 that could enable arbitrary code execution on Windows and macOS systems. The flaws, discovered by external researcher yjdfy through Adobe’s HackerOne bug bounty program, involve memory corruption risks stemming from integer manipulation and uninitialized pointer access. While…
-
AI-Driven Fake Vulnerability Reports Flooding Bug Bounty Platforms
AI-generated bogus vulnerability reports, or >>AI slop,
-
Open-Source Platforms Are More Secure Than Proprietary Ones
Elastic CEO Ash Kulkarni on How AI Transforms Security Data Analysis. Ash Kulkarni, CEO at Elastic, discussed how bug bounty projects and close scrutiny by millions of developers worldwide have made open-source projects more secure than proprietary solutions. He recommends open APIs and interoperability as the future of effective security solutions. First seen on govinfosecurity.com…
-
Microsoft now pays up to $30,000 for some AI vulnerabilities
Microsoft announced an increase in bug bounty payouts to $30,000 for AI vulnerabilities found in Dynamics 365 and Power Platform services and products. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-now-pays-up-to-30-000-for-some-ai-vulnerabilities/
-
Top 16 OffSec, pen-testing, and ethical hacking certifications
Tags: access, android, antivirus, application-security, attack, authentication, blockchain, bug-bounty, business, cisco, cloud, computing, credentials, crypto, cryptography, cyber, cybersecurity, data, defense, detection, encryption, exploit, guide, hacker, hacking, incident response, injection, iot, jobs, kali, linux, malware, microsoft, mitigation, mobile, network, penetration-testing, RedTeam, remote-code-execution, reverse-engineering, risk, risk-assessment, sap, skills, sql, technology, threat, tool, training, update, vulnerability, windowsExperiential learning Offensive security can’t be fully mastered through lectures alone. Candidates need hands-on training in lab environments to develop practical skills. Ideally, certification exams should include a practical assessment, such as developing an exploit to compromise a system.Because individuals learn OffSec techniques, such as penetration testing, in different ways, the most effective certifications offer…
-
EncryptHub’s dual life: Cybercriminal vs Windows bug-bounty researcher
EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling the line between cybercrime and security research. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/encrypthubs-dual-life-cybercriminal-vs-windows-bug-bounty-researcher/
-
50,000+ WordPress Sites Vulnerable to Privilege Escalation Attacks
In a recent cybersecurity development, over 50,000 WordPress websites using the Uncanny Automator plugin have been identified as vulnerable to a critical privilege escalation attack. This vulnerability, discovered by security researcher mikemyers through the Wordfence Bug Bounty Program, allows authenticated attackers with subscriber-level access or higher to escalate their privileges to that of an administrator.…
-
OpenAI now pays researchers $100,000 for critical vulnerabilities
Artificial intelligence company OpenAI has announced a fivefold increase in the maximum bug bounty rewards for “exceptional and differentiated” critical security vulnerabilities from $20,000 to $100,000. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/openai-now-pays-researchers-100-000-for-critical-vulnerabilities/
-
OpenAI’s New Security Plan Rewards ‘Critical’ Bug Discovery
Max Payout for Bug Bounty Program Up From $20,000 to $100,000. OpenAI announced a cybersecurity initiative that aims to improve the resilience of its artificial intelligence systems by rewarding the discovery of critical vulnerabilities and improving threat mitigation. OpenAI raised the maximum payout for its bug bounty program from $20,000 to $100,000. First seen on…
-
OpenAI Bumps Up Bug Bounty Reward to $100K in Security Update
The artificial intelligence research company previously had its maximum payout set at $20,000 before exponentially raising the reward. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/openai-bug-bounty-reward-100k
-
OpenAI Bug Bounty Program Increases Top Reward to $100,000
OpenAI Bug Bounty program boosts max reward to $100,000, expanding scope and offering new incentives to enhance AI security and reliability. First seen on hackread.com Jump to article: hackread.com/openai-bug-bounty-program-increases-top-reward/
-
OpenAI Offers Up to $100,000 for Critical Infrastructure Vulnerability Reports
OpenAI has announced major updates to its cybersecurity initiatives. The company is expanding its Security Bug Bounty Program, increasing the maximum reward for critical vulnerability reports to $100,000, up from $20,000 previously. This enhanced program aims to attract top security researchers worldwide to help identify and fix potential threats before they become major issues. OpenAI’s…
-
OpenAI Offering $100K Bounties for Critical Vulnerabilities
OpenAI has raised its maximum bug bounty payout to $100,000 (up from $20,000) for high-impact flaws in its infrastructure and products. The post OpenAI Offering $100K Bounties for Critical Vulnerabilities appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/openai-offering-100k-bounties-for-critical-vulnerabilities/
-
New Windows zero-day feared abused in widespread espionage for years
.The zero-day vulnerability, tracked as ZDI-CAN-25373, has yet to be publicly acknowledged and assigned a CVE-ID by Microsoft. ZDI-CAN-25373 has to do with the way Windows displays the contents of .lnk files, a type of binary file used by Windows to act as a shortcut to a file, folder, or application, through the Windows UI.A…
-
Hacker nutzen alte Windows-Sicherheitslücke aus Microsoft tut nichts
Tags: bug, bug-bounty, china, cyberattack, exploit, germany, hacker, iran, microsoft, military, north-korea, update, vulnerability, windowsExperten des Sicherheits-Unternehmens Trend Micro haben eine als ZDI-CAN-25373 bezeichnete Sicherheitslücke in Windows entdeckt, die Angreifer seit mindestens 2017 ausnutzen. Über die Lücke können die Angreifer Schadcode auf den betroffenen Windows-Rechnern ausführen, sofern der Benutzer eine verseuchte Webseite besucht oder eine infizierte Datei öffnet.Die Lücke steckt in der Vorgehensweise, wie Windows .lnk-Dateien (Verknüpfungsdateien) verarbeitet. Angreifer können Kommandozeilen-Befehle, die…