French Bug Bounty Platform YesWeHack Raises $28 Million

June 14, 2024 at 03:00AM YesWeHack, a French bug bounty and vulnerability disclosure policy company, has raised €26 million in a Series C funding round, bringing its total raised to over $52 million. The investment was led by Wendel, with additional capital from other partners. YesWeHack plans to use the funds to invest in AI, … Read more

Easily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools

June 14, 2024 at 03:00AM A Protect AI report has revealed a dozen critical vulnerabilities in open-source AI/ML tools, including issues that could lead to information exposure, privilege escalation, and server takeover. The most severe is CVE-2024-22476 in Intel Neural Compressor, allowing remote privilege escalation. The report emphasizes timely reporting to maintainers for fixes. Various … Read more

GitHub Paid Out Over $4 Million via Bug Bounty Program

June 12, 2024 at 08:06AM GitHub’s bug bounty program, established 10 years ago, has paid out over $4 million. In 2023, the program reached this milestone and saw its largest single reward of $75,000 for a vulnerability. The total payout exceeded $850,000 in 2023, with GitHub aiming to enhance payout processes and public disclosures in … Read more

Chrome 126, Firefox 127 Patch High-Severity Vulnerabilities

June 12, 2024 at 06:18AM Google and Mozilla released Chrome 126 and Firefox 127, respectively, with patches for high-severity memory safety vulnerabilities. Google awarded over $160,000 in bug bounty rewards to external researchers. The highest reward of $100,115 was for CVE-2024-5839, related to a medium-severity inappropriate Memory Allocator implementation. Firefox’s update addresses 15 vulnerabilities, including … Read more

Mozilla Launches 0Din Gen-AI Bug Bounty Program

June 7, 2024 at 09:15AM Mozilla launches new bug bounty program called 0Day Investigative Network (0Din) focusing on large language models and deep learning technologies. The program aims to improve the security of the gen-AI ecosystem by addressing various security issues. Researchers can submit findings to ‘0din at’, allowing them an opportunity for contribution … Read more

Cox fixed an API auth bypass exposing millions of modems to attacks

June 3, 2024 at 05:12PM Cox Communications fixed an authorization bypass vulnerability discovered by bug bounty hunter Sam Curry, preventing remote attackers from resetting modem settings and stealing sensitive customer information. The largest private broadband company in the U.S., Cox provides services to nearly seven million homes and businesses across over 30 states. The company … Read more

Google Patches Fourth Chrome Zero-Day in Two Weeks

May 24, 2024 at 05:09AM Google has released a new Chrome update to fix a high-severity vulnerability, CVE-2024-5274, making it the fourth zero-day patched in two weeks. The exploit exists in the wild, and no bug bounty will be given for its discovery. Google urges users to update to the latest Chrome release, version 125.0.6422.112. … Read more

Chrome 125 Update Patches High-Severity Vulnerabilities

May 22, 2024 at 06:30AM Google announced the release of Chrome 125 update addressing six vulnerabilities, including four high-severity bugs reported by external researchers. The update resolves issues such as use-after-free flaw, type confusion bug in V8 JavaScript engine, and heap buffer overflow problems. Google has paid out bug bounty rewards ranging from $5,000 to … Read more

Third Chrome Zero-Day Patched by Google Within One Week

May 16, 2024 at 05:09AM Google released Chrome 125 with patches for nine vulnerabilities, including high-severity bugs CVE-2024-4947 and CVE-2024-4948. Exploitation of CVE-2024-4947 could allow remote code execution, and Google acknowledged its exploitation in the wild. Updates are advised due to recent zero-day vulnerabilities. Bug bounty details have not been disclosed. From the meeting notes, … Read more

Google Boosts Bug Bounty Payouts Tenfold in Mobile App Security Push

May 1, 2024 at 11:21AM Google has raised the bug bounty rewards for its Mobile VRP, offering up to $450,000 for a single vulnerability report meeting certain criteria. Researchers can earn up to $150,000 for code execution flaws in Tier 2 apps and $45,000 for issues in Tier 3 apps. Reports without proposed patches may … Read more