Rogue HackerOne employee steals bug reports to sell on the side
A HackerOne employee stole vulnerability reports submitted through the bug bounty platform and disclosed them to affected customers to claim financial rewards. [...]
Explore the latest bug bounty news, updates, and programs that reward ethical hackers for finding security vulnerabilities and threats.
Search across headline titles and summaries.
Background for this topic.
Bug bounty programs invite external security researchers to identify and report software vulnerabilities in exchange for rewards, usually monetary. These programs extend testing beyond internal teams by leveraging diverse expertise and real-world attack techniques, helping organizations uncover flaws that might otherwise remain hidden. Participants submit detailed vulnerability reports, which organizations validate and address according to defined scopes and rules.
From a security standpoint, bug bounties increase exposure by allowing controlled probing of live systems, which can reveal critical issues like remote code execution or privilege escalation. Effective programs require clear scope boundaries and efficient triage to prevent resource overload and ensure timely remediation. Integrating external findings into vulnerability management shortens the time between discovery and patching, reducing the risk that attackers exploit unpatched vulnerabilities in production environments.
A HackerOne employee stole vulnerability reports submitted through the bug bounty platform and disclosed them to affected customers to claim financial rewards. [...]
It has been relatively busy this week with new ransomware attacks unveiled, a bug bounty program introduced, and new tactics used by the threat actors to distribute their encryptors. [...]
The LockBit ransomware operation has released 'LockBit 3.0,' introducing the first ransomware bug bounty program and leaking new extortion tactics and Zcash cryptocurrency payment options. [...]