Google told researcher 'Nice catch!' Then denied bug bounty for flaw it still hasn't fixed
EXCLUSIVE 'Working as intended' for the win … again
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
EXCLUSIVE 'Working as intended' for the win … again
A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project hijack the victim's machine learning model upload and run code inside Google's serving infrastructure
Hackers exploit CVE-2026-3300 in Everest Forms Pro to inject PHP via form fields, creating rogue admin accounts. 29,300 attempts blocked. Researcher h0xilo submitted a flaw in Everest Forms Pro for WordPress, tracked as CVE-2026-3300, to Wordfence’s bug bounty program and earned $325 for it. WPEverest patched the flaw on March 18. Wordfence published a full […]
Critical flaw payouts slashed by more than 75%
OpenAI’s Safety Bug Bounty program seeks to address AI safety vulnerabilities beyond traditional security flaws
Goal is to run software locally and stream only to owners' computers If the sour taste has still not left your mouth after Ring's Super Bowl ad, there is a $10,000 prize for anyone who can find a security flaw in the company's cameras.…
Long after CVEs issued and open source flaws fixed Last fall, Jakub Ciolek reported two denial-of-service bugs in Argo CD, a popular Kubernetes controller, via HackerOne's Internet Bug Bounty (IBB) program. Both were assigned CVEs and have since been fixed. But instead of receiving an $8,500 reward for the two flaws, Ciolek says, HackerOne ghosted him for months.…
Microsoft now pays security researchers for finding critical vulnerabilities in any of its online services, regardless of whether the code was written by Microsoft or a third party. [...]
Experts Detail Upsides of Bug Bounties and Getting Devices Into Researchers' HandsAs fresh vulnerabilities in hardware keep coming to light, one question remains: What vendors can do to better prevent, identify and eradiate flaws? One shortlist offered by veteran hardware hackers centered on the upsides of engagement, including bug bounty programs.
This week, Google has launched an AI Vulnerability Reward Program dedicated to security researchers who find and report flaws in the company's AI systems. [...]
Threat actors are attempting to leverage a newly released artificial intelligence (AI) offensive security tool called HexStrike AI to exploit recently disclosed security flaws
A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code execution and information theft
Chocolate Factory downgrades risk, citing the need for attacker access Overly permissive settings in Google Cloud's Document AI service could be abused by data thieves to break into Cloud Storage buckets and steal sensitive information.…
Google has more than doubled payouts for Google Chrome security flaws reported through its Vulnerability Reward Program, with the maximum possible reward for a single bug now exceeding $250,000. [...]
Crypto exchange Kraken revealed that an unnamed security researcher exploited an "extremely critical" zero-day flaw in its platform to steal $3 million in digital assets and refused to return them
Let customers interfere with other tenants? That's our cloud working by design, Redmond seems to say A vulnerability — or just Azure working as intended, depending on who you ask — in Microsoft's cloud potentially allows miscreants to wave away firewall rules and access other people's private web resources.…
A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations.
Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. [...]
Chocolate Factory paid a record $12m in 2022 Bug hunters who found security holes in Google — and also responsibly disclosed details of those flaws to the Chocolate Factory — earned more than $12 million in bounty rewards in 2022, marking a record year for the corporation's Vulnerability Reward Programs (VRPs) in terms of payouts and number of vulnerabilities found and fixed.…