Tag: bug-bounty
-
Wegen KI-Schrott: Curl-Entwickler erwägt Ende der Bug-Bounty-Prämien
Minderwertige Bug-Reports belasten Open-Source-Entwickler immer stärker. Curl-Maintainer Daniel Stenberg zieht nun radikale Maßnahmen in Erwägung. First seen on golem.de Jump to article: www.golem.de/news/wegen-ki-schrott-curl-entwickler-erwaegt-ende-der-bug-bounty-praemien-2507-198123.html
-
Discovery of compromised Shellter security tool raises disclosure debate
ensure that any testing is legal and authorized;respect the privacy of others;make reasonable efforts to contact the security team of the organization;provide sufficient details to allow the vulnerabilities to be verified and reproduced;not demand payment or rewards for reporting vulnerabilities outside of an established bug bounty program.Organizations shouldprovide a clear method for researchers to securely…
-
Forscher macht aus gelöschten Commits 25.000 US-Dollar
Wer glaubt, unabsichtlich committete Zugangsdaten in einem Github-Repo einfach löschen zu können, der irrt. Ein Forscher kassiert damit Bug-Bounty-Prämien. First seen on golem.de Jump to article: www.golem.de/news/github-forscher-macht-aus-geloeschten-commits-25-000-us-dollar-2507-197760.html
-
1inch rolls out expanded bug bounties with rewards up to $500K
1inch, the leading DeFi aggregator, has launched an upgraded bug bounty initiative, covering five key areas of its platform, with rewards of up to $500,000. Through this initiative 1inch demonstrates its commitment to maintaining the highest level of security across its smart contracts, wallet, dApp, developer tools and infrastructure. As DeFi continues to mature, so…
-
Review: Redefining Hacking
Redefining Hacking takes a look at how red teaming and bug bounty hunting are changing, especially now that AI is becoming a bigger part of the job. About the authors Omar … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/23/review-redefining-hacking/
-
Atlassian Alerts Users to Multiple Critical Vulnerabilities Affecting Data Center Server
Atlassian has released its May 2025 Security Bulletin addressing eight high-severity vulnerabilities affecting multiple enterprise products in its Data Center and Server offerings. The vulnerabilities, discovered through Atlassian’s Bug Bounty program, penetration testing processes, and third-party library scans, pose significant security risks including denial-of-service (DoS) attacks and privilege escalation. All identified issues have been patched…
-
WordPress Plugin Flaw Puts 22,000 Websites at Risk of Cyber Attacks
A severe security flaw has been uncovered in the Motors WordPress theme, a popular choice for car dealerships and listings with over 22,000 sales on ThemeForest. Researcher Foxyyy reported a critical Privilege Escalation vulnerability through the Wordfence Bug Bounty Program, earning a $1,073 bounty for their detailed and reproducible submission. This vulnerability, rated 9.8 (Critical)…
-
New Adobe Photoshop Vulnerability Enables Arbitrary Code Execution
Adobe has released critical security updates addressing three high-severity vulnerabilities (CVE-2025-30324, CVE-2025-30325, CVE-2025-30326) in Photoshop 2024 and 2025 that could enable arbitrary code execution on Windows and macOS systems. The flaws, discovered by external researcher yjdfy through Adobe’s HackerOne bug bounty program, involve memory corruption risks stemming from integer manipulation and uninitialized pointer access. While…
-
AI-Driven Fake Vulnerability Reports Flooding Bug Bounty Platforms
AI-generated bogus vulnerability reports, or >>AI slop,
-
Open-Source Platforms Are More Secure Than Proprietary Ones
Elastic CEO Ash Kulkarni on How AI Transforms Security Data Analysis. Ash Kulkarni, CEO at Elastic, discussed how bug bounty projects and close scrutiny by millions of developers worldwide have made open-source projects more secure than proprietary solutions. He recommends open APIs and interoperability as the future of effective security solutions. First seen on govinfosecurity.com…
-
Microsoft now pays up to $30,000 for some AI vulnerabilities
Microsoft announced an increase in bug bounty payouts to $30,000 for AI vulnerabilities found in Dynamics 365 and Power Platform services and products. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-now-pays-up-to-30-000-for-some-ai-vulnerabilities/
-
Top 16 OffSec, pen-testing, and ethical hacking certifications
Tags: access, android, antivirus, application-security, attack, authentication, blockchain, bug-bounty, business, cisco, cloud, computing, credentials, crypto, cryptography, cyber, cybersecurity, data, defense, detection, encryption, exploit, guide, hacker, hacking, incident response, injection, iot, jobs, kali, linux, malware, microsoft, mitigation, mobile, network, penetration-testing, RedTeam, remote-code-execution, reverse-engineering, risk, risk-assessment, sap, skills, sql, technology, threat, tool, training, update, vulnerability, windowsExperiential learning Offensive security can’t be fully mastered through lectures alone. Candidates need hands-on training in lab environments to develop practical skills. Ideally, certification exams should include a practical assessment, such as developing an exploit to compromise a system.Because individuals learn OffSec techniques, such as penetration testing, in different ways, the most effective certifications offer…
-
EncryptHub’s dual life: Cybercriminal vs Windows bug-bounty researcher
EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling the line between cybercrime and security research. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/encrypthubs-dual-life-cybercriminal-vs-windows-bug-bounty-researcher/
-
50,000+ WordPress Sites Vulnerable to Privilege Escalation Attacks
In a recent cybersecurity development, over 50,000 WordPress websites using the Uncanny Automator plugin have been identified as vulnerable to a critical privilege escalation attack. This vulnerability, discovered by security researcher mikemyers through the Wordfence Bug Bounty Program, allows authenticated attackers with subscriber-level access or higher to escalate their privileges to that of an administrator.…
-
OpenAI now pays researchers $100,000 for critical vulnerabilities
Artificial intelligence company OpenAI has announced a fivefold increase in the maximum bug bounty rewards for “exceptional and differentiated” critical security vulnerabilities from $20,000 to $100,000. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/openai-now-pays-researchers-100-000-for-critical-vulnerabilities/
-
OpenAI Bumps Up Bug Bounty Reward to $100K in Security Update
The artificial intelligence research company previously had its maximum payout set at $20,000 before exponentially raising the reward. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/openai-bug-bounty-reward-100k
-
OpenAI’s New Security Plan Rewards ‘Critical’ Bug Discovery
Max Payout for Bug Bounty Program Up From $20,000 to $100,000. OpenAI announced a cybersecurity initiative that aims to improve the resilience of its artificial intelligence systems by rewarding the discovery of critical vulnerabilities and improving threat mitigation. OpenAI raised the maximum payout for its bug bounty program from $20,000 to $100,000. First seen on…
-
OpenAI Bug Bounty Program Increases Top Reward to $100,000
OpenAI Bug Bounty program boosts max reward to $100,000, expanding scope and offering new incentives to enhance AI security and reliability. First seen on hackread.com Jump to article: hackread.com/openai-bug-bounty-program-increases-top-reward/
-
OpenAI Offers Up to $100,000 for Critical Infrastructure Vulnerability Reports
OpenAI has announced major updates to its cybersecurity initiatives. The company is expanding its Security Bug Bounty Program, increasing the maximum reward for critical vulnerability reports to $100,000, up from $20,000 previously. This enhanced program aims to attract top security researchers worldwide to help identify and fix potential threats before they become major issues. OpenAI’s…
-
OpenAI Offering $100K Bounties for Critical Vulnerabilities
OpenAI has raised its maximum bug bounty payout to $100,000 (up from $20,000) for high-impact flaws in its infrastructure and products. The post OpenAI Offering $100K Bounties for Critical Vulnerabilities appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/openai-offering-100k-bounties-for-critical-vulnerabilities/
-
New Windows zero-day feared abused in widespread espionage for years
.The zero-day vulnerability, tracked as ZDI-CAN-25373, has yet to be publicly acknowledged and assigned a CVE-ID by Microsoft. ZDI-CAN-25373 has to do with the way Windows displays the contents of .lnk files, a type of binary file used by Windows to act as a shortcut to a file, folder, or application, through the Windows UI.A…
-
Hacker nutzen alte Windows-Sicherheitslücke aus Microsoft tut nichts
Tags: bug, bug-bounty, china, cyberattack, exploit, germany, hacker, iran, microsoft, military, north-korea, update, vulnerability, windowsExperten des Sicherheits-Unternehmens Trend Micro haben eine als ZDI-CAN-25373 bezeichnete Sicherheitslücke in Windows entdeckt, die Angreifer seit mindestens 2017 ausnutzen. Über die Lücke können die Angreifer Schadcode auf den betroffenen Windows-Rechnern ausführen, sofern der Benutzer eine verseuchte Webseite besucht oder eine infizierte Datei öffnet.Die Lücke steckt in der Vorgehensweise, wie Windows .lnk-Dateien (Verknüpfungsdateien) verarbeitet. Angreifer können Kommandozeilen-Befehle, die…
-
Not all cuts are equal: Security budget choices disproportionately impact risk
Tags: ai, application-security, attack, awareness, backdoor, breach, bug-bounty, business, ceo, ciso, cloud, compliance, container, control, cyber, cybersecurity, data, iam, identity, incident response, infrastructure, monitoring, phishing, risk, risk-management, service, software, strategy, technology, threat, tool, training, update, usa, vulnerability[Source: Splunk] As cyber threats evolve at an unprecedented pace, delaying essential technology upgrades can severely impact an organization. The newest technological updates are introduced to enhance an organization’s security offerings and directly address recently identified challenges.”Outdated systems lack new features and functionality that allow for more sophisticated offerings, like moving to the cloud,” Kirsty…
-
Google Pays Out Nearly $12M in 2024 Bug Bounty Program
The program underwent a series of changes in the past year, including richer maximum rewards in a variety of bug categories. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/google-pays-nearly-12m-2024-bug-bounty-program
-
Google paid $12 million in bug bounties last year to security researchers
Google paid almost $12 million in bug bounty rewards to 660 security researchers who reported security bugs through the company’s Vulnerability Reward Program (VRP) in 2024. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-paid-12-million-in-bug-bounties-last-year-to-security-researchers/
-
Google Paid Out $12 Million via Bug Bounty Programs in 2024
In 2024, Google paid out nearly $12 million in bug bounties through its revamped vulnerability reward programs. The post Google Paid Out $12 Million via Bug Bounty Programs in 2024 appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/google-paid-out-12-million-via-bug-bounty-programs-in-2024/
-
DEF CON 32 Efficient Bug Bounty Automation Techniques
Author/Presenter: Gunnar Andrews Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/def-con-32-efficient-bug-bounty-automation-techniques/
-
90,000 WordPress Sites Exposed to Local File Inclusion Attacks
A critical vulnerability (CVE-2025-0366) in the Jupiter X Core WordPress plugin, actively installed on over 90,000 websites, was disclosed on January 6, 2025. The flaw enables authenticated attackers with contributor-level privileges to execute remote code via chained Local File Inclusion (LFI) and malicious SVG uploads. Discovered by researcher stealthcopter through the Wordfence Bug Bounty Program, the vulnerability…