#bug-bounty

[ follow ]
#ai-security #cybersecurity #open-source-security #vulnerability-disclosure #cloud-security #apple #curl
Information security
fromSecurityWeek
1 day ago

Cyber Insights 2026: Offensive Security; Where It is and Where Its Going

Red teaming and offensive security must accelerate and expand to proactively find and harden system weaknesses against increasingly frequent, sophisticated, and damaging attacks.
Information security
fromZero Day Initiative
1 week ago

Zero Day Initiative - Pwn2Own Automotive 2026 - Day Two Results

Julien Cohen-Scali chained an authentication bypass and privilege escalation on Phoenix Contact CHARX SEC-3150, earning $20,000 and 4 Master of Pwn points; Autocrypt failed to demonstrate a Grizzl‑E exploit in time.
fromDataBreaches.Net
1 week ago

Cloudflare whacks WAF bypass bug that opened side door for attackers - DataBreaches.Net

Cloudflare has fixed a flaw in its web application firewall (WAF) that allowed attackers to bypass security rules and directly access origin servers, which could lead to data theft or full server takeover. FearsOff security researchers reported the bug in October through Cloudflare's bug bounty program, and the CDN says it has patched the vulnerability in its ACME (Automatic Certificate Management Environment) validation logic with no action required from its customers.
Information security
Software development
fromTheregister
1 week ago

Curl shutters bug bounty program to stop AI slop

cURL maintainer ended the bug bounty program due to overwhelming AI-generated and low-quality submissions that burdened the security team.
fromTheregister
1 month ago

Microsoft now buys bugs, with or without a bounty program

Under the new model, MSRC will pay researchers who report critical vulnerabilities that have a demonstrable impact on Microsoft's online services. "Regardless of whether the code is owned and managed by Microsoft, a third party, or is open source, we will do whatever it takes to remediate the issue," Gallagher said. "Our goal is to incentivize research on the highest risk areas, especially the areas that threat actors are most likely to exploit."
Information security
#vulnerability-disclosure
more#vulnerability-disclosure
#cloud-security
more#cloud-security
Information security
fromComputerWeekly.com
1 month ago

Why bug bounty schemes have not led to secure software | Computer Weekly

Software companies need legal liability for insecure code because bug bounties create exploitative, speculative labor and leave many security researchers underpaid and legally exposed.
fromTechzine Global
2 months ago

Vulnerability in Claude enables data leak via prompt

Anthropic's AI assistant, Claude, appears vulnerable to an attack that allows private data to be sent to an attacker without detection. Anthropic confirms that it is aware of the risk. The company states that users must be vigilant and interrupt the process as soon as they notice suspicious activity. The discovery comes from researcher Johann Rehberger, also known as Wunderwuzzi, who has previously uncovered several vulnerabilities in AI systems, writes The Register.
Information security
#iot-security
more#iot-security
#apple
more#apple
Information security
fromSecurityWeek
3 months ago

Google Offers Up to $20,000 in New AI Bug Bounty Program

Google launched a dedicated AI Vulnerability Reward Program excluding prompt injections, jailbreaks, and alignment issues while prioritizing security and abuse vulnerability reports.
fromZDNET
3 months ago

Google will pay you up to $30,000 in rewards to find bugs in its AI products

On Monday, Google security engineering managers Jason Parsons and Zak Bennett said in a blog post that the new program, an extension of the tech giant's existing Abuse Vulnerability Reward Program (VRP), will incentivize researchers and bug bounty hunters to focus on "high-impact abuse issues and security vulnerabilities" in Google products and services.
Artificial intelligence
fromDeveloper Tech News
6 months ago

Can open-source survive the onslaught of AI slop?

Daniel Stenberg stated, "does not seem to slow down. On the contrary, it seems that we have recently not only received more AI slop but also more human slop."
Tech industry
fromTechCrunch
6 months ago

Exclusive: Meta fixes bug that could leak users' AI prompts and generated content

Meta has addressed a security vulnerability that allowed users to access private prompts and AI-generated responses of others, revealing major concerns with data authorization.
Privacy professionals
Growth hacking
fromHackernoon
2 years ago

1inch Rolls Out Expanded Bug Bounties With Rewards Up To $500K | HackerNoon

1inch launches upgraded bug bounty programs with rewards up to $500,000 to enhance DeFi security across key components.
#cybersecurity
fromHackernoon
3 years ago
Information security

Digital Defenders: Meet Syed Shahzaib Shah, Pakistan's Ethical Hacker Changing the Game | HackerNoon

Shahzaib Shah exemplifies how curiosity and dedication can propel impactful careers in cybersecurity, regardless of geographic or economic constraints.
fromMedium
9 months ago
Tech industry

Earn Money by Discovering Bugs

Bug bounty hunting allows anyone to earn money by finding vulnerabilities in websites.
fromHackernoon
3 years ago
Information security

Digital Defenders: Meet Syed Shahzaib Shah, Pakistan's Ethical Hacker Changing the Game | HackerNoon

more#cybersecurity
[ Load more ]