Tag: bug-bounty
-
Duo Wins $50K Bug Bounty for Supply Chain Flaw in Newly Acquired Firm
Researchers earned a $50,500 Bug Bounty after uncovering a critical supply chain flaw in a newly acquired firm,… First seen on hackread.com Jump to article: hackread.com/duo-bug-bounty-supply-chain-flaw-newly-acquired-firm/
-
Meta’s Bug Bounty Initiative Pays $2.3 Million to Security Researchers in 2024
Meta’s commitment to cybersecurity took center stage in 2024 as the tech giant awarded over $2.3 million in payouts to global security researchers participating in its bug bounty program. Since its inception in 2011, the initiative has grown into a pillar of Meta’s defense strategy, with total payouts now exceeding $20 million. This annual highlight…
-
Meta Paid Out Over $2.3 Million in Bug Bounties in 2024
Meta received close to 10,000 vulnerability reports and paid out over $2.3 million in bug bounty rewards in 2024. The post Meta Paid Out Over $2.3 Million in Bug Bounties in 2024 appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/meta-paid-out-over-2-3-million-in-bug-bounties-in-2024/
-
In Other News: $10,000 YouTube Flaw, Cybereason CEO Sues Investors, New OT Security Tool
Noteworthy stories that might have slipped under the radar: Google pays $10,000 bug bounty for YouTube vulnerability, Cybereason CEO sues two investors, Otorio launches new OT security tool. The post In Other News: $10,000 YouTube Flaw, Cybereason CEO Sues Investors, New OT Security Tool appeared first on SecurityWeek. First seen on securityweek.com Jump to article:…
-
Google Pays Out $55,000 Bug Bounty for Chrome Vulnerability
Google has released a Chrome 133 update to address four high-severity vulnerabilities reported by external researchers. The post Google Pays Out $55,000 Bug Bounty for Chrome Vulnerability appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/google-pays-out-55000-bug-bounty-for-chrome-vulnerability/
-
Researchers Breach Software Supply Chain and Secure $50K Bug Bounty
Tags: breach, bug-bounty, cyber, cybersecurity, data-breach, exploit, flaw, software, supply-chain, vulnerabilityA duo of cybersecurity researchers uncovered a critical vulnerability in a software supply chain, landing them an extraordinary $50,500 bug bounty. The exploit, described as an “Exceptional Vulnerability,” not only exposed systemic flaws in software supply chain security but also demonstrated just how far-reaching the impact of overlooked weak points can be. The researchers, who…
-
Microsoft raises rewards for Copilot AI bug bounty program
Microsoft announced over the weekend that it has expanded its Microsoft Copilot (AI) bug bounty program and increased payouts for moderate severity vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-raises-rewards-for-copilot-ai-bug-bounty-program/
-
Microsoft Expands Copilot Bug Bounty Program, Increases Payouts
Microsoft has added more Copilot consumer products to its bug bounty program and is offering higher rewards for medium-severity vulnerabilities. The post Microsoft Expands Copilot Bug Bounty Program, Increases Payouts appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-expands-copilot-bug-bounty-program-increases-payouts/
-
DEF CON 32 Top War Stories From A TryHard Bug Bounty Hunter
Author/Presenter: Justin Rhynorater Gardner Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/def-con-32-top-war-stories-from-a-tryhard-bug-bounty-hunter/
-
GitHub Vulnerability Exposes User Credentials via Malicious Repositories
A cybersecurity researcher recently disclosed several critical vulnerabilities affecting Git-related projects, revealing how improper handling of credential protocols can lead to sensitive data leaks. From GitHub Desktop to Git Credential Manager and Git LFS, these issues were uncovered during a routine bug-hunting session for the GitHub Bug Bounty program, resulting in the assignment of multiple…
-
Security Researchers Discover Critical RCE Vulnerability, Earned $40,000 Bounty
Cybersecurity researchers Abdullah Nawaf and Orwa Atyat, successfully escalated a limited path traversal vulnerability into a full-blown remote code execution (RCE). Their discovery earned a massive $40,000 bounty from the targeted organization’s bug bounty program. The team documented their step-by-step approach, leaving the cybersecurity community with valuable lessons on persistence, creativity, and methodical bug hunting.…
-
Security Researchers Discover Critical RCE Vulnerability, Earn $40,000 Bounty
Cybersecurity researchers Abdullah Nawaf and Orwa Atyat, successfully escalated a limited path traversal vulnerability into a full-blown remote code execution (RCE). Their discovery earned a massive $40,000 bounty from the targeted organization’s bug bounty program. The team documented their step-by-step approach, leaving the cybersecurity community with valuable lessons on persistence, creativity, and methodical bug hunting.…
-
Researchers Used ChatGPT to Discover S3 Bucket Takeover Vulnerability in Red Bull
Bug bounty programs have emerged as a critical avenue for researchers to identify vulnerabilities in digital platforms. One such success story involves a recent discovery made within the Red Bull bug bounty program, where a security researcher utilized ChatGPT to craft a domain monitoring script that ultimately led to the identification of a significant Amazon…
-
Bug Bounty Bonanza: $40,000 Reward for Escalating Limited Path Traversal to RCE
As a dedicated bug bounty hunter with an enviable track record on BugCrowd, Abdullah Nawaf, Full full-time bug Bounty Hunter, thrives on the thrill of discovery and the challenge of finding high-impact vulnerabilities. Recently, alongside his colleague Orwa Atyat, they achieved a notable success: turning a limited path traversal vulnerability into a fully-fledged remote code execution…
-
Beware cybersecurity tech that’s past its prime, 5 areas to check or retire
Tags: access, advisory, ai, antivirus, attack, authentication, breach, bug-bounty, ciso, cloud, control, credentials, cyberattack, cybersecurity, data, data-breach, defense, detection, encryption, endpoint, firewall, Hardware, network, password, penetration-testing, risk, router, siem, software, strategy, switch, threat, tool, vpn, vulnerability, waf, zero-trustCybersecurity leaders can choose from an ever-expanding list of digital tools to help them ward off attacks and, based on market projections, they’re implementing plenty of those options.Gartner predicts a 15% increase in cybersecurity spending for 2025, with global expenditures expected to reach $212 billion in the upcoming year. The research and consulting firm says…
-
DEF CON 32 Practical Exploitation of DoS in Bug Bounty
Author/Presenter: Roni Lupin Carta Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/def-con-32-practical-exploitation-of-dos-in-bug-bounty/
-
Gen AI is transforming the cyber threat landscape by democratizing vulnerability hunting
Tags: ai, api, apt, attack, bug-bounty, business, chatgpt, cloud, computing, conference, credentials, cve, cyber, cybercrime, cyberespionage, cybersecurity, data, defense, detection, email, exploit, finance, firewall, flaw, framework, github, government, group, guide, hacker, hacking, incident response, injection, LLM, malicious, microsoft, open-source, openai, penetration-testing, programming, rce, RedTeam, remote-code-execution, service, skills, software, sql, tactics, threat, tool, training, update, vulnerability, waf, zero-dayGenerative AI has had a significant impact on a wide variety of business processes, optimizing and accelerating workflows and in some cases reducing baselines for expertise.Add vulnerability hunting to that list, as large language models (LLMs) are proving to be valuable tools in assisting hackers, both good and bad, in discovering software vulnerabilities and writing…
-
Bug bounty programs: Why companies need them now more than ever
Tags: attack, best-practice, bug-bounty, business, crypto, cyber, cybercrime, cybersecurity, defense, exploit, finance, guide, hacker, hacking, jobs, malicious, ransom, strategy, threat, tool, update, vulnerability, zero-dayIn the fast-evolving landscape of cybersecurity, the need for proactive measures has become more pressing than ever.When I first entered the cybersecurity field, the primary threats were largely opportunistic hackers exploiting known vulnerabilities and multi-million-dollar ransoms were unheard of. Today, the stakes are significantly higher. According to Cybersecurity Ventures, cybercrime is expected to cost the…
-
Crypto.com Launches Massive $2m Bug Bounty Program
Tags: bug-bountyCrypto.com has launched a massive $2m bug bounty program on HackerOne, the largest ever offered on the platform, to enhance platform security First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cryptocom-launches-2m-bug-bounty/
-
835 Sicherheitslücken durch White Hat Hacker aufgedeckt
Sogenannte White-Hat-Hacker, die auf der Seite des Gesetzes stehen, haben im Jahr 2023 835 Sicherheitslücken entdeckt und über Bug-Bounty-Programme 45… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/835-sicherheitslucken-durch-white-hat-hacker-aufgedeckt
-
Uniswap Labs to Offer $15.5 Million Bounty for Bug Hunters
Uniswap Labs has launched a $15.5 million bug bounty program to ensure the security of its latest protocol, Uniswap v4. This substantial bounty is the largest ever offered in the history of the DeFi sector. Uniswap v4 represents the latest evolution of the Uniswap Protocol, marking a significant transformation into a comprehensive developer platform. This…
-
Microsoft launches $4M bug bounty challenge to secure AI, cloud
First seen on scworld.com Jump to article: www.scworld.com/brief/microsoft-launches-4m-bug-bounty-challenge-to-secure-ai-cloud
-
Microsoft KI und Cloud: Neues Bug-Bounty-Event mit 4 Millionen US-Dollar Prämie
Entdecken Sicherheitsforscher beim neuen Zero-Day-Quest-Event Lücken in Microsoft-Produkten, winken hohe Geldprämien. First seen on heise.de Jump to article: www.heise.de/news/Microsoft-KI-und-Cloud-Neues-Bug-Bounty-Event-mit-4-Millionen-US-Dollar-Praemie-10077677.html
-
Microsoft announces Zero Day Quest hacking event with big rewards
Microsoft is enhancing its bug bounty initiatives with the launch of the Zero Day Quest hacking event. With $4 million in potential rewards, it focuses on driving research in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/19/microsoft-zero-day-quest-hacking-event/
-
Microsoft launches Zero Day Quest hacking event with $4 million in rewards
Microsoft announced today at its Ignite annual conference in Chicago, Illinois, that it’s expanding its bug bounty programs with Zero Day Quest, a new hacking event focusing on cloud and AI products and platforms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-launches-zero-day-quest-hacking-event-with-4-million-in-rewards/
-
HackerOne urges U.S. to advocate for research protections in UN cybercrime treaty
The company responsible for bug bounty platforms warns in a letter to top U.S. officials that the treaty’s vague language could undermine ethical security research. First seen on cyberscoop.com Jump to article: cyberscoop.com/un-cybercrime-treaty-hackerone-letter-security-research/
-
AI Bug Bounty Program Yields 34 Flaws In Open Source Tools
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36535/AI-Bug-Bounty-Program-Yields-34-Flaws-In-Open-Source-Tools.html
-
Bug Bounty Platform Bugcrowd Secures $50 Million in Growth Capital
Bugcrowd has secured $50 million in growth capital facility from Silicon Valley Bank for expansion and innovation. The post Bug Bounty Platform Bugcro… First seen on securityweek.com Jump to article: www.securityweek.com/bug-bounty-platform-bugcrowd-secures-50-million-in-growth-capital/