Apple Bug Bounty Payouts Can Now Top $5m
Apple has doubled its top bug bounty reward to $2m but with bonuses it could reach $5m
Reward-related cybersecurity coverage examines bug bounties, vulnerability disclosure incentives, and how compensation can influence reporting and risk.
Search across headline titles and summaries.
Background for this topic.
Reward in information security usually means compensation offered for finding and responsibly reporting a vulnerability, commonly through a bug bounty or vulnerability disclosure program. Payment may depend on severity, exploitability, affected assets, report quality, and whether the issue is previously known. Some programs also reward information that helps identify active abuse or improve defenses, but the intended activity and eligibility should be explicitly defined.
Rewards can extend defensive testing beyond an organization’s internal teams, but they require clear scope, reporting channels, response targets, and rules for handling sensitive data. Without these controls, researchers may test unauthorized systems, expose personal information in proof-of-concept material, submit duplicates or invalid findings, or dispute inconsistent decisions. Security teams should connect accepted reports to vulnerability management: validate and prioritize findings, track remediation, communicate disclosure decisions, and preserve evidence. Program metrics such as response time, remediation time, and recurring vulnerability classes can show whether incentives are improving security rather than merely increasing report volume.
Weekly headline count for the current query.
Apple has doubled its top bug bounty reward to $2m but with bonuses it could reach $5m
Google has introduced a new AI Vulnerability Reward Program offering up to $30,000 for bug discoveries in its AI products
The Pwn2Own competition is offering a $1m reward to any teams able to unearth a WhatsApp code execution exploit
Coinbase is offering a $20m reward to help catch the threat actor behind a cyber-attack that could cost it between $180-$400m
The US Government is offering a $5 million reward for information leading to the disruption of financial mechanisms supporting North Korea following a six-year conspiracy
The US government said it will pay up to $10m for information leading to the identification of Hive leaders, and up to $5m for information leading to the arrest of any affiliates
State department wants information on Clop ransomware actors
Indictments claim Russian was involved in Babuk, Hive and LockBit
State Department offers $10m reward for info on notorious group
State Department hopes financial inducement will unmask threat actors
State Department turns up the heat on co-conspirators