March 19, 2024 at 06:18AM AI-powered code documentation firm Mintlify experienced a data breach due to system vulnerability, leading to 91 customer GitHub tokens being compromised. The breach prompted a bug bounty program and security measures, including token revocation and collaboration with GitHub and cybersecurity firms. Mintlify also launched a bug bounty program for security … Read more
March 18, 2024 at 09:15AM The US Department of Defense has processed 50,000 reports through its vulnerability disclosure program, initiated after the success of the ‘Hack the Pentagon’ bug bounty program. Collaborating with platforms like HackerOne, Bugcrowd, and Synack, DoD expanded its bug bounty programs, saving an estimated $61 million and receiving over 45,000 vulnerability … Read more
March 13, 2024 at 02:10PM Google awarded $10 million to 632 bug hunters in 2023, slightly less than the previous year. The company introduced new reward categories and a Bonus Awards program. High-paying categories included Android VRP, and Wear OS was added to the bounty program. However, the effectiveness of bug bounties in making software … Read more
March 12, 2024 at 02:04PM Google announced a $10 million payout in 2023 for its bug bounty programs, totaling $59 million since 2010. 632 researchers from 68 countries earned rewards, with the highest single payout at $113,337. $3.4 million was awarded for Android vulnerabilities, with increased maximum rewards. Google’s bug bounty payouts are comparable to … Read more
February 29, 2024 at 09:27AM Meta recently patched a critical vulnerability affecting the Facebook password reset process, as reported by cybersecurity researcher Samip Aryal. The flaw allowed an attacker to exploit a two-hour window to brute-force a unique six-digit code and gain control of an account. Meta’s bug bounty program recognized Aryal’s contribution, but the … Read more
February 26, 2024 at 10:21AM A critical SQL injection vulnerability in the Ultimate Member WordPress plugin with 200,000 installations allowed unauthenticated attackers to extract sensitive data by appending SQL queries. The flaw, tracked as CVE-2024-1071, was assigned a CVSS score of 9.8. The issue was resolved in the Ultimate Member version 2.8.3 on February 19. … Read more
February 21, 2024 at 06:45AM Google and Mozilla released updates for Chrome and Firefox, addressing multiple vulnerabilities. Chrome 122 resolves 12 security defects, including high-severity memory safety bugs, with bug bounties paid to researchers. Firefox 123 also addresses 12 vulnerabilities, categorized as high, medium, and low-severity flaws. Both companies state that no vulnerabilities have been … Read more
February 13, 2024 at 03:30AM Meta has acknowledged the potential for account takeovers due to the reuse of phone numbers, particularly after being abandoned for at least 45 days. This issue implicates telecom companies’ phone number recycling practices, leading to security and privacy risks. Despite reports and attempts to address the issue, Meta has declined … Read more
January 26, 2024 at 03:51AM Cybersecurity researchers and bug bounty hunters earned over $1.3 million from hacking Teslas, EV chargers, and infotainment systems at the Pwn2Own Automotive competition. The Synacktiv team won, earning $450,000 by exploiting vulnerabilities. ZDI is preparing for Pwn2Own Vancouver 2024, with a prize pool exceeding $1 million. Last year’s competition in … Read more
January 24, 2024 at 07:36AM Google announced the release of Chrome 121, addressing 17 vulnerabilities, 11 of which were reported by external researchers. Three were rated as ‘high’ severity, earning bug bounty rewards totaling over $30,000. The update also resolved six medium-severity and two low-severity issues. The specific technical details of the resolved bugs were … Read more