21 Sep 2021

HackerOne expands Internet Bug Bounty project to tackle open source bugs

HackerOne will be expanding its Bug Bounty program, seeking to increase overall open source security. Open source projects are relied upon by enterprise players and SMBs alike and can represent some significant security risks as open-source components are stored and shared publicly. They range from full operating systems to education

Read More
17 Nov 2020

Crypto Firm Offers $200,000 Bug Bounty to Hacker Who Stole $2m

On Thursday, cryptography borrowing and savings company Akropolis suffered from a cyberattack after a hacker exploited a bug in its SavingsModule smart contract. The cyberattacker was able to steal over two million in DAI virtual currency. The company is now offering the attacker a $200,000 reward as a bug bounty

Read More
13 Oct 2020

Wormable Apple iCloud Bug Allows Automatic Photo Theft

Ethical hackers have reportedly been earning large payouts from Apple’s bug bounty program for their involvement in discovering 55 bugs during a three-month hack that exposed a wormable Apple iCloud vulnerability that could be exploited for photo theft. The ethical hackers searched through Apple’s infrastructure and systems, discovering a total

Read More
01 Jun 2020

Researcher lands 100000 dollar reward for Sign in with Apple authentication bypass bug

HackerNews reported that Bhavuk Jain, a bug bounty hunter, has received $100,000 from Apple for uncovering a severe authentication bypass vulnerability that could result in a takeover of third-party user accounts. The bug was discovered in the “Sign in with Apple” feature that allows new users to sign in to

Read More
28 May 2020

$100 million in bounties paid by HackerOne to ethical hackers

HackerOne recently announced that as of May 26, they have paid out $100,000,000 in rewards to ethical hackers around the world. Since the beginning of HackerOne’s white hat hacking program, bug bounty hunters have uncovered and reported an estimated 170,000 security vulnerabilities. HackerOne uses information gathered from its bug bounty

Read More
14 May 2020

Cyberwar Was Coming: A Reflection on the 25 Year Old Thesis that Predicted a Generation of Cyberconflict

“You’ve got to read what this kid is writing out of his basement at the University of Vermont…”  – recently retired CIA officer to intelligence and military colleagues in 1994. A candid 25 year retrospective on a thesis that launched a tremendous amount of dialogue and action on the issues of information warfare, cyberterrorism, and cybersecurity.

Read More
17 Apr 2020

Zoom Revamps Bug Bounty Program

On Wednesday, the video conferencing platform Zoom announced that it is re-launching its bug bounty program in collaboration with Luta Security. The company aims to make significant changes to the program amid security alerts regarding the platform’s cybersecurity practices and safety. Researchers have reported finding potentially serious vulnerabilities in the

Read More
06 Apr 2020

Researcher Hijacks iOS, macOS Camera with Three Safari Zero-Days

Ryan Pickren, a security researcher, has been awarded $75,000 by Apple for uncovering seven zero-days in Safari, three of which Pickren used to access the camera. The discoveries were shared with Apple in December of 2019 and were subsequently patched. Using the three flaws, Pickren was able to build an

Read More
30 Mar 2020

GitHub Paid Out Over $1 Million in Bug Bounties

This week, GitHub announced that it had paid hackers over $1 million in bug bounties across all of its programs in 2020 alone. The security bug program was launched in 2016 but has been accepting vulnerability reports since February of 2014. In 2019, the Microsoft owned company paid almost $600,000

Read More
06 Feb 2020

Bug hunter finds cryptocurrency-mining botnet on DOD network

Last month, a security researcher who was searching for bugs as a part of a bounty program discovered a cryptocurrency mining botnet inside a web server operated by the US Department of Defense. The researcher, Nitesh Surana, reported the big through the DOD’s official bug bounty program. The bug report was

Read More