Tag: bug-bounty
-
OpenAI now pays researchers $100,000 for critical vulnerabilities
by
in SecurityNewsArtificial intelligence company OpenAI has announced a fivefold increase in the maximum bug bounty rewards for “exceptional and differentiated” critical security vulnerabilities from $20,000 to $100,000. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/openai-now-pays-researchers-100-000-for-critical-vulnerabilities/
-
OpenAI’s New Security Plan Rewards ‘Critical’ Bug Discovery
by
in SecurityNewsMax Payout for Bug Bounty Program Up From $20,000 to $100,000. OpenAI announced a cybersecurity initiative that aims to improve the resilience of its artificial intelligence systems by rewarding the discovery of critical vulnerabilities and improving threat mitigation. OpenAI raised the maximum payout for its bug bounty program from $20,000 to $100,000. First seen on…
-
OpenAI Bumps Up Bug Bounty Reward to $100K in Security Update
by
in SecurityNewsThe artificial intelligence research company previously had its maximum payout set at $20,000 before exponentially raising the reward. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/openai-bug-bounty-reward-100k
-
OpenAI Bug Bounty Program Increases Top Reward to $100,000
by
in SecurityNewsOpenAI Bug Bounty program boosts max reward to $100,000, expanding scope and offering new incentives to enhance AI security and reliability. First seen on hackread.com Jump to article: hackread.com/openai-bug-bounty-program-increases-top-reward/
-
OpenAI Offers Up to $100,000 for Critical Infrastructure Vulnerability Reports
by
in SecurityNewsOpenAI has announced major updates to its cybersecurity initiatives. The company is expanding its Security Bug Bounty Program, increasing the maximum reward for critical vulnerability reports to $100,000, up from $20,000 previously. This enhanced program aims to attract top security researchers worldwide to help identify and fix potential threats before they become major issues. OpenAI’s…
-
OpenAI Offering $100K Bounties for Critical Vulnerabilities
by
in SecurityNewsOpenAI has raised its maximum bug bounty payout to $100,000 (up from $20,000) for high-impact flaws in its infrastructure and products. The post OpenAI Offering $100K Bounties for Critical Vulnerabilities appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/openai-offering-100k-bounties-for-critical-vulnerabilities/
-
New Windows zero-day feared abused in widespread espionage for years
by
in SecurityNews.The zero-day vulnerability, tracked as ZDI-CAN-25373, has yet to be publicly acknowledged and assigned a CVE-ID by Microsoft. ZDI-CAN-25373 has to do with the way Windows displays the contents of .lnk files, a type of binary file used by Windows to act as a shortcut to a file, folder, or application, through the Windows UI.A…
-
Hacker nutzen alte Windows-Sicherheitslücke aus Microsoft tut nichts
by
in SecurityNews
Tags: bug, bug-bounty, china, cyberattack, exploit, germany, hacker, iran, microsoft, military, north-korea, update, vulnerability, windowsExperten des Sicherheits-Unternehmens Trend Micro haben eine als ZDI-CAN-25373 bezeichnete Sicherheitslücke in Windows entdeckt, die Angreifer seit mindestens 2017 ausnutzen. Über die Lücke können die Angreifer Schadcode auf den betroffenen Windows-Rechnern ausführen, sofern der Benutzer eine verseuchte Webseite besucht oder eine infizierte Datei öffnet.Die Lücke steckt in der Vorgehensweise, wie Windows .lnk-Dateien (Verknüpfungsdateien) verarbeitet. Angreifer können Kommandozeilen-Befehle, die…
-
Not all cuts are equal: Security budget choices disproportionately impact risk
by
in SecurityNews
Tags: ai, application-security, attack, awareness, backdoor, breach, bug-bounty, business, ceo, ciso, cloud, compliance, container, control, cyber, cybersecurity, data, iam, identity, incident response, infrastructure, monitoring, phishing, risk, risk-management, service, software, strategy, technology, threat, tool, training, update, usa, vulnerability[Source: Splunk] As cyber threats evolve at an unprecedented pace, delaying essential technology upgrades can severely impact an organization. The newest technological updates are introduced to enhance an organization’s security offerings and directly address recently identified challenges.”Outdated systems lack new features and functionality that allow for more sophisticated offerings, like moving to the cloud,” Kirsty…
-
Google Pays Out Nearly $12M in 2024 Bug Bounty Program
by
in SecurityNewsThe program underwent a series of changes in the past year, including richer maximum rewards in a variety of bug categories. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/google-pays-nearly-12m-2024-bug-bounty-program
-
Google paid $12 million in bug bounties last year to security researchers
by
in SecurityNewsGoogle paid almost $12 million in bug bounty rewards to 660 security researchers who reported security bugs through the company’s Vulnerability Reward Program (VRP) in 2024. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-paid-12-million-in-bug-bounties-last-year-to-security-researchers/
-
Google Paid Out $12 Million via Bug Bounty Programs in 2024
by
in SecurityNewsIn 2024, Google paid out nearly $12 million in bug bounties through its revamped vulnerability reward programs. The post Google Paid Out $12 Million via Bug Bounty Programs in 2024 appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/google-paid-out-12-million-via-bug-bounty-programs-in-2024/
-
DEF CON 32 Efficient Bug Bounty Automation Techniques
by
in SecurityNewsAuthor/Presenter: Gunnar Andrews Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/def-con-32-efficient-bug-bounty-automation-techniques/
-
90,000 WordPress Sites Exposed to Local File Inclusion Attacks
by
in SecurityNewsA critical vulnerability (CVE-2025-0366) in the Jupiter X Core WordPress plugin, actively installed on over 90,000 websites, was disclosed on January 6, 2025. The flaw enables authenticated attackers with contributor-level privileges to execute remote code via chained Local File Inclusion (LFI) and malicious SVG uploads. Discovered by researcher stealthcopter through the Wordfence Bug Bounty Program, the vulnerability…
-
Duo Wins $50K Bug Bounty for Supply Chain Flaw in Newly Acquired Firm
by
in SecurityNewsResearchers earned a $50,500 Bug Bounty after uncovering a critical supply chain flaw in a newly acquired firm,… First seen on hackread.com Jump to article: hackread.com/duo-bug-bounty-supply-chain-flaw-newly-acquired-firm/
-
Meta’s Bug Bounty Initiative Pays $2.3 Million to Security Researchers in 2024
by
in SecurityNewsMeta’s commitment to cybersecurity took center stage in 2024 as the tech giant awarded over $2.3 million in payouts to global security researchers participating in its bug bounty program. Since its inception in 2011, the initiative has grown into a pillar of Meta’s defense strategy, with total payouts now exceeding $20 million. This annual highlight…
-
Meta Paid Out Over $2.3 Million in Bug Bounties in 2024
by
in SecurityNewsMeta received close to 10,000 vulnerability reports and paid out over $2.3 million in bug bounty rewards in 2024. The post Meta Paid Out Over $2.3 Million in Bug Bounties in 2024 appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/meta-paid-out-over-2-3-million-in-bug-bounties-in-2024/
-
In Other News: $10,000 YouTube Flaw, Cybereason CEO Sues Investors, New OT Security Tool
by
in SecurityNewsNoteworthy stories that might have slipped under the radar: Google pays $10,000 bug bounty for YouTube vulnerability, Cybereason CEO sues two investors, Otorio launches new OT security tool. The post In Other News: $10,000 YouTube Flaw, Cybereason CEO Sues Investors, New OT Security Tool appeared first on SecurityWeek. First seen on securityweek.com Jump to article:…
-
Google Pays Out $55,000 Bug Bounty for Chrome Vulnerability
by
in SecurityNewsGoogle has released a Chrome 133 update to address four high-severity vulnerabilities reported by external researchers. The post Google Pays Out $55,000 Bug Bounty for Chrome Vulnerability appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/google-pays-out-55000-bug-bounty-for-chrome-vulnerability/
-
Researchers Breach Software Supply Chain and Secure $50K Bug Bounty
by
in SecurityNews
Tags: breach, bug-bounty, cyber, cybersecurity, data-breach, exploit, flaw, software, supply-chain, vulnerabilityA duo of cybersecurity researchers uncovered a critical vulnerability in a software supply chain, landing them an extraordinary $50,500 bug bounty. The exploit, described as an “Exceptional Vulnerability,” not only exposed systemic flaws in software supply chain security but also demonstrated just how far-reaching the impact of overlooked weak points can be. The researchers, who…
-
Microsoft raises rewards for Copilot AI bug bounty program
by
in SecurityNewsMicrosoft announced over the weekend that it has expanded its Microsoft Copilot (AI) bug bounty program and increased payouts for moderate severity vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-raises-rewards-for-copilot-ai-bug-bounty-program/
-
Microsoft Expands Copilot Bug Bounty Program, Increases Payouts
by
in SecurityNewsMicrosoft has added more Copilot consumer products to its bug bounty program and is offering higher rewards for medium-severity vulnerabilities. The post Microsoft Expands Copilot Bug Bounty Program, Increases Payouts appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-expands-copilot-bug-bounty-program-increases-payouts/
-
DEF CON 32 Top War Stories From A TryHard Bug Bounty Hunter
by
in SecurityNewsAuthor/Presenter: Justin Rhynorater Gardner Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/def-con-32-top-war-stories-from-a-tryhard-bug-bounty-hunter/
-
GitHub Vulnerability Exposes User Credentials via Malicious Repositories
by
in SecurityNewsA cybersecurity researcher recently disclosed several critical vulnerabilities affecting Git-related projects, revealing how improper handling of credential protocols can lead to sensitive data leaks. From GitHub Desktop to Git Credential Manager and Git LFS, these issues were uncovered during a routine bug-hunting session for the GitHub Bug Bounty program, resulting in the assignment of multiple…
-
Security Researchers Discover Critical RCE Vulnerability, Earned $40,000 Bounty
by
in SecurityNewsCybersecurity researchers Abdullah Nawaf and Orwa Atyat, successfully escalated a limited path traversal vulnerability into a full-blown remote code execution (RCE). Their discovery earned a massive $40,000 bounty from the targeted organization’s bug bounty program. The team documented their step-by-step approach, leaving the cybersecurity community with valuable lessons on persistence, creativity, and methodical bug hunting.…
-
Security Researchers Discover Critical RCE Vulnerability, Earn $40,000 Bounty
by
in SecurityNewsCybersecurity researchers Abdullah Nawaf and Orwa Atyat, successfully escalated a limited path traversal vulnerability into a full-blown remote code execution (RCE). Their discovery earned a massive $40,000 bounty from the targeted organization’s bug bounty program. The team documented their step-by-step approach, leaving the cybersecurity community with valuable lessons on persistence, creativity, and methodical bug hunting.…
-
Researchers Used ChatGPT to Discover S3 Bucket Takeover Vulnerability in Red Bull
by
in SecurityNewsBug bounty programs have emerged as a critical avenue for researchers to identify vulnerabilities in digital platforms. One such success story involves a recent discovery made within the Red Bull bug bounty program, where a security researcher utilized ChatGPT to craft a domain monitoring script that ultimately led to the identification of a significant Amazon…
-
Diese Security-Technologien haben ausgedient
by
in SecurityNews
Tags: ai, authentication, bug-bounty, ciso, cloud, compliance, credentials, cyberattack, cyersecurity, firewall, gartner, Hardware, network, password, penetration-testing, risk, service, siem, strategy, tool, vpn, vulnerability, waf, zero-trust -
Bug Bounty Bonanza: $40,000 Reward for Escalating Limited Path Traversal to RCE
by
in SecurityNewsAs a dedicated bug bounty hunter with an enviable track record on BugCrowd, Abdullah Nawaf, Full full-time bug Bounty Hunter, thrives on the thrill of discovery and the challenge of finding high-impact vulnerabilities. Recently, alongside his colleague Orwa Atyat, they achieved a notable success: turning a limited path traversal vulnerability into a fully-fledged remote code execution…
-
Beware cybersecurity tech that’s past its prime, 5 areas to check or retire
by
in SecurityNews
Tags: access, advisory, ai, antivirus, attack, authentication, breach, bug-bounty, ciso, cloud, control, credentials, cyberattack, cybersecurity, data, data-breach, defense, detection, encryption, endpoint, firewall, Hardware, network, password, penetration-testing, risk, router, siem, software, strategy, switch, threat, tool, vpn, vulnerability, waf, zero-trustCybersecurity leaders can choose from an ever-expanding list of digital tools to help them ward off attacks and, based on market projections, they’re implementing plenty of those options.Gartner predicts a 15% increase in cybersecurity spending for 2025, with global expenditures expected to reach $212 billion in the upcoming year. The research and consulting firm says…