October 12, 2023 at 01:36PM Microsoft has introduced a new AI bounty program for the AI-driven Bing experience, offering rewards up to $15,000. The program covers vulnerabilities found in AI-powered Bing experiences across various services and products, including bing.com, Microsoft Edge, Microsoft Start Application, and Skype Mobile Application. Qualified submissions are eligible for bounty rewards … Read more
October 11, 2023 at 12:06PM Patches have been released for a critical memory corruption vulnerability in the cURL data transfer project. The flaw, tracked as CVE-2023-38545, affects the SOCKS5 proxy handshake process in cURL, allowing remote exploitation in certain configurations. The bug can lead to heap buffer overflow, and affected versions are 7.69.0 to 8.3.0. … Read more
October 11, 2023 at 08:24AM Google has released Chrome 118 with fixes for 20 vulnerabilities, including a critical bug in Site Isolation that could allow sites to steal data. Google has yet to determine the bug bounty reward for this vulnerability. The release also addresses eight medium-severity flaws and five low-severity vulnerabilities. The latest version … Read more
October 10, 2023 at 08:24AM Natalie Silvanovich, a member of Google’s Project Zero, discusses her work in finding and fixing zero-day vulnerabilities. Project Zero aims to make zero-day vulnerabilities difficult to exploit by attackers. Silvanovich explains the team’s disclosure policy, research process, and the necessary skills for being a successful researcher. She also touches on … Read more