SOFTSWISS Expands Bug Bounty Program

November 1, 2024 at 05:38PM SOFTSWISS enhances its cybersecurity during Cybersecurity Awareness Month by launching a private Bug Bounty Program. This invitation-only initiative recruits white-hat hackers to identify vulnerabilities, ensuring high-quality reports and protecting clients. The program, starting with two products, aims to maintain superior security standards within the iGaming industry. **Meeting Takeaways from SOFTSWISS … Read more

Bug Bounty Platform Bugcrowd Secures $50 Million in Growth Capital

November 1, 2024 at 03:58AM Bugcrowd has obtained $50 million in growth capital from Silicon Valley Bank to support its expansion and innovation efforts, as reported by SecurityWeek. **Meeting Takeaways:** 1. **Funding Acquisition**: Bugcrowd has secured $50 million in growth capital. 2. **Source of Funding**: The capital was obtained from Silicon Valley Bank. 3. **Purpose … Read more

Researchers Uncover Vulnerabilities in Open-Source AI and ML Models

October 29, 2024 at 09:36AM Over three dozen security vulnerabilities in open-source AI/ML models have been disclosed, with significant risks including remote code execution and data theft. Key flaws include IDOR vulnerabilities in Lunary and a critical path traversal issue in ChuanhuChatGPT. Users are urged to update their systems for protection against potential attacks. ### … Read more

First ChatGPT Jailbreak Disclosed via Mozilla’s New AI Bug Bounty Program

October 29, 2024 at 05:12AM A new ChatGPT jailbreak has been revealed through Mozilla’s newly launched 0Din gen-AI bug bounty program, as reported by SecurityWeek. **Meeting Notes Takeaways:** 1. **New Development**: A new jailbreak for ChatGPT has been disclosed. 2. **Source**: The information was shared through Mozilla’s 0Din gen-AI bug bounty program. 3. **Publication**: The … Read more

AWS Cloud Development Kit flaw exposed accounts to full takeover

October 24, 2024 at 06:42PM Amazon Web Services resolved a critical vulnerability in its Cloud Development Kit (CDK), which allowed potential account hijacking through predictable S3 bucket names. Discovered by Aqua, the flaw affected about 1% of users. AWS has implemented changes in version v2.149.0 to enhance security, requiring user action for older versions. **Meeting … Read more

Big Rewards Offered in Dedicated Google Cloud Bug Bounty Program

October 21, 2024 at 08:40AM Google Cloud’s new Vulnerability Reward Program (VRP) covers over 460 products and services, with 140 eligible for top-tier bug bounty rewards, encouraging security researchers to identify and report vulnerabilities. **Meeting Notes Takeaways:** 1. **New VRP Launch**: Google Cloud has introduced a new Vulnerability Reward Program (VRP) that encompasses over 460 … Read more

Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd

September 19, 2024 at 08:36AM Atlassian addressed multiple high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, and Crowd with patches. The vulnerabilities allowed attackers to cause denial-of-service conditions. The patches address security defects in various components and dependencies, with the company urging users to update their installations as soon as possible. None of these issues have been … Read more

Chrome 129 Patches High-Severity Vulnerability in V8 Engine

September 18, 2024 at 08:24AM Google released Chrome 129 in the stable channel, addressing nine vulnerabilities, with the most severe being a type confusion bug in the V8 JavaScript engine. The update also resolves medium and low-severity vulnerabilities, with $13,000 in bug bounty payouts. Chrome 129 is now rolling out for Windows, macOS, and Linux, … Read more

GitLab Updates Resolve Critical Pipeline Execution Vulnerability

September 13, 2024 at 05:03AM GitLab announced patches for 17 vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE) including a critical pipeline execution bug, CVE-2024-6678, with a CVSS score of 9.9. Successful exploitation could disrupt services and inject malicious code. The vulnerabilities affect versions 8.14 to 17.3.1, and patches are available in versions … Read more

Chrome 128 Update Resolves High-Severity Vulnerabilities

September 11, 2024 at 05:15AM Google announced a new Chrome 128 update addressing five vulnerabilities, with four high-severity flaws reported by external researchers. The flaws include heap buffer overflow in Skia, use-after-free in Media Router, type confusion in V8 JavaScript engine, and use-after-free in Autofill. Google rewarded bug bounties for the first two security defects … Read more