HackerOne paid ethical hackers over $300 million in bug bounties
HackerOne has announced that its bug bounty programs have awarded over $300 million in rewards to ethical hackers and vulnerability researchers since the platform's inception. [...]
Research examines attack methods, defenses, and vulnerabilities, helping security teams understand risks and improve protection.
Search across headline titles and summaries.
Background for this topic.
Research is the systematic study of technologies, systems, attack methods, vulnerabilities, and defensive techniques to establish evidence and produce new findings. In information security, it includes work such as discovering flaws in software or protocols, analyzing malware and attacker behavior, testing cryptographic designs, and evaluating security controls. News under this tag may describe a proof of concept, a measurement study, or a proposed technique rather than a confirmed real-world attack.
For practitioners, research can change how risks are prioritized and mitigated. A demonstrated vulnerability may require vulnerability-management teams to verify affected assets, apply fixes, or add compensating controls; responsible disclosure gives developers time to assess and remediate before technical details enable exploitation. Research involving live systems, personal data, or offensive tooling also raises privacy, authorization, dual-use, and ethical concerns. Sound findings should state their assumptions, scope, limitations, and reproducibility, since laboratory results do not automatically show that an attack is practical in every environment.
HackerOne has announced that its bug bounty programs have awarded over $300 million in rewards to ethical hackers and vulnerability researchers since the platform's inception. [...]
New findings have shed light on what's said to be a lawful attempt to covertly intercept traffic originating from jabber[.]ru (aka xmpp[.]ru), an XMPP-based instant messaging service, via servers hosted on Hetzner and Linode (a subsidiary of Akamai) in Germany
The Pwn2Own Toronto 2023 hacking competition has ended with security researchers earning $1,038,500 for 58 zero-day exploits (and multiple bug collisions) targeting consumer products between October 24 and October 27. [...]
Google has announced that it's expanding its Vulnerability Rewards Program (VRP) to reward researchers for finding attack scenarios tailored to generative artificial intelligence (AI) systems in an effort to bolster AI safety and security
Nearly six years on from Spectre and Meltdown, novel method steals passwords, emails, texts University researchers have developed a novel exploit that can steal information from virtually all modern Apple Macs, iPhones, and iPads.…
The Russian APT28 hacking group (aka 'Strontium' or 'Fancy Bear') has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021. [...]
A sophisticated cross-platform malware platform named StripedFly flew under the radar of cybersecurity researchers for five years, infecting over a million Windows and Linux systems during that time. [...]
Academic researchers created a new speculative side-channel attack they named iLeakage that works on all recent Apple devices and can extract sensitive information from the Safari web browser. [...]
A relatively new threat actor known as YoroTrooper is likely made of operators originating from Kazakhstan
Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. [...]
In the race over Citrix's latest vulnerability, the bad guys have a huge head start, with broad implications for businesses and critical infrastructure providers worldwide.
With this zero-day, researchers say the 'scrappy' group is stepping up its operations The Winter Vivern cyber spy group is exploiting an XSS zero-day vulnerability in attacks on European governments.…
ESET Research reported the vulnerability to the Roundcube team on October 12
Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. [...]
Emerging RaaS operation uses Rhysida ransomware paired with a wicked infostealer called Lumar, researchers warn.
The University of Michigan says in a statement today that they suffered a data breach after hackers broke into its network in August and accessed systems with information belonging to students, applicants, alumni, donors, employees, patients, and research study participants. [...]
Uptycs researchers said the technique exploits Microsoft files to execute malicious commands
The open-source remote access trojan known as Quasar RAT has been observed leveraging DLL side-loading to fly under the radar and stealthily siphon data from compromised Windows hosts
The number of Cisco IOS XE devices hacked with a malicious backdoor implant has mysteriously plummeted from over 50,000 impacted devices to only a few hundred, with researchers unsure what is causing the sharp decline. [...]