Security news aggregator

Latest coverage for Bug Bounty

Explore the latest bug bounty news, updates, and programs that reward ethical hackers for finding security vulnerabilities and threats.

61 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Bug bounty programs invite external security researchers to identify and report software vulnerabilities in exchange for rewards, usually monetary. These programs extend testing beyond internal teams by leveraging diverse expertise and real-world attack techniques, helping organizations uncover flaws that might otherwise remain hidden. Participants submit detailed vulnerability reports, which organizations validate and address according to defined scopes and rules.

From a security standpoint, bug bounties increase exposure by allowing controlled probing of live systems, which can reveal critical issues like remote code execution or privilege escalation. Effective programs require clear scope boundaries and efficient triage to prevent resource overload and ensure timely remediation. Integrating external findings into vulnerability management shortens the time between discovery and patching, reducing the risk that attackers exploit unpatched vulnerabilities in production environments.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 61 Filtered view

A lesson in how not to respond to vulnerability reports UPDATED Vibe-coding platform Lovable is pooh-poohing a researcher’s finding that anyone could open a free account on the service and read other users' sensitive info, including credentials, chat history, and source code. However, the company’s story keeps changing: First it attributed the publicly exposed info to "intentional behavior" and "unclear documentation," then threw bug-bounty service HackerOne under the bus.…

Long after CVEs issued and open source flaws fixed Last fall, Jakub Ciolek reported two denial-of-service bugs in Argo CD, a popular Kubernetes controller, via HackerOne's Internet Bug Bounty (IBB) program. Both were assigned CVEs and have since been fixed. But instead of receiving an $8,500 reward for the two flaws, Ciolek says, HackerOne ghosted him for months.…

PLUS: China's Great Firewall springs a leak; FBI issues rare 'Flash Alert' of Salesforce attacks; $10m bounty for alleged Russian hacker; and more Infosec In Brief 15 ransomware gangs, including Scattered Spider and Lapsus$, have announced that they are going dark, and say no more attacks will be carried out in their name.…

Seven-year-old Cisco vuln that remains inexplicably unpatched is their way in The US State Department has put a $10 million bounty on the heads of three Russians accused of being intelligence agents hacking America's critical infrastructure - primarily via old Cisco kit, it seems.…

Said bugs 'can have significant implications' – glad to hear that from Redmond Microsoft is so concerned about security in its Copilot products for folks that it’s lifted bug bounty payments for moderate-severity vulnerabilities from nothing to a maximum of $5,000, and expanded the range of vulnerabilities it will pay people to find and report.…

Loading more headlines...