Explore the latest bug bounty news, updates, and programs that reward ethical hackers for finding security vulnerabilities and threats.
Search across headline titles and summaries.
Background for this topic.
Bug Bounty is a systematic approach to uncovering vulnerabilities and security flaws within software or information systems. Organizations implement bug bounty programs to incentivize independent security researchers and ethical hackers to report potential security threats. In exchange for their findings, contributors often receive recognition and financial rewards based on the severity and impact of the identified bugs.
In the context of information security, the practice plays a pivotal role by leveraging the collective expertise of the cybersecurity community. This collective defense strategy helps organizations stay ahead of malicious actors by resolving security issues before they can be exploited. A well-structured bug bounty program not only enhances the overall security posture of an organization but also promotes transparent and collaborative efforts in strengthening cyber resilience across various digital platforms.
Weekly headline count for the current query.
Also: UK Sanctions HTX-Linked EntityThis week, the U.S. sanctioned Sinaloa Cartel-linked networks, the U.K. sanctioned a HTX-linked entity, Syndicate Labs shuttered, Missouri sued CoinFlip, Verus attacker took a bounty deal, StablR was exploited and malicious packages targeted crypto developer systems.
Critical flaw payouts slashed by more than 75%
Anthropic and OpenAI promise their latest tools will find more vulnerabilities. Cybersecurity employees say they’re already flooded with AI-generated reports. The post AI might cut false positives, but it won’t stop the slop appeared first on CyberScoop.
A lesson in how not to respond to vulnerability reports UPDATED Vibe-coding platform Lovable is pooh-poohing a researcher’s finding that anyone could open a free account on the service and read other users' sensitive info, including credentials, chat history, and source code. However, the company’s story keeps changing: First it attributed the publicly exposed info to "intentional behavior" and "unclear documentation," then threw bug-bounty service HackerOne under the bus.…
Discovery used to be the bottleneck for open source bugs, but with automated discovery, remediation's the bottleneck, which bounties don't fund.
OpenAI’s Safety Bug Bounty program seeks to address AI safety vulnerabilities beyond traditional security flaws
Bug bounty platform HackerOne is notifying hundreds of employees that their data was stolen after attackers hacked Navia, one of its U.S. benefits administrators. [...]
Nearly 300 employees caught up in intrusion at benefits provider Navia Almost 300 HackerOne employees are caught up in a data breach, with the bug bounty biz slamming a third-party benefits provider for a weeks-long delay in notification.…
Goal is to run software locally and stream only to owners' computers If the sour taste has still not left your mouth after Ring's Super Bowl ad, there is a $10,000 prize for anyone who can find a security flaw in the company's cameras.…
Crowdsourced bug bounties and pen-testing firms see AI agents stealing the low-hanging vulnerabilities from their human counterparts. Oversight remains key.
The developer of the popular curl command-line utility and library announced that the project will end its HackerOne security bug bounty program at the end of this month, after being overwhelmed by low-quality AI-generated vulnerability reports. [...]
Maintainer hopes hackers send bug reports anyway, will keep shaming ‘silly ones’ The maintainer of popular open-source data transfer tool cURL has ended the project’s bug bounty program after maintainers struggled to assess a flood of AI-generated contributions.…
Long after CVEs issued and open source flaws fixed Last fall, Jakub Ciolek reported two denial-of-service bugs in Argo CD, a popular Kubernetes controller, via HackerOne's Internet Bug Bounty (IBB) program. Both were assigned CVEs and have since been fixed. But instead of receiving an $8,500 reward for the two flaws, Ciolek says, HackerOne ghosted him for months.…
Critical vulnerabilities found in third-party applications eligible for award under 'in scope by default' move Microsoft is overhauling its bug bounty program to reward exploit hunters for finding vulnerabilities across all its products and services, even those without established bounty schemes.…
Microsoft now pays security researchers for finding critical vulnerabilities in any of its online services, regardless of whether the code was written by Microsoft or a third party. [...]
Experts Detail Upsides of Bug Bounties and Getting Devices Into Researchers' HandsAs fresh vulnerabilities in hardware keep coming to light, one question remains: What vendors can do to better prevent, identify and eradiate flaws? One shortlist offered by veteran hardware hackers centered on the upsides of engagement, including bug bounty programs.
Bug bounty programs create formal channels for organizations to leverage external security expertise, offering researchers legal protection and financial incentives for ethical vulnerability disclosure.
Meta on Tuesday said it has made available a tool called WhatsApp Research Proxy to some of its long-time bug bounty researchers to help improve the program and more effectively research the messaging platform's network protocol
Behind every click, there’s a risk waiting to be tested. A simple ad, email, or link can now hide something dangerous. Hackers are getting smarter, using new tools to sneak past filters and turn trusted systems against us
Apple has doubled its top bug bounty reward to $2m but with bonuses it could reach $5m