Tag: bug bounty
11 articles

Convicted Felons Launch Offensive Cybersecurity Firm, Lure Researchers with Million-Dollar Payouts
Meet IRIS C2, a bold new cybersecurity firm launched by convicted felons, shaking up the industry with million-dollar payouts to attract top vulnerability researchers and exploit developers. They're offering up to $7 million for zero-day exploits and other cutting-edge capabilities.

Google Exposes Flaw in Kubernetes Operator, Denies Bug Bounty
Google's security team initially praised researcher Justin O'Leary for uncovering a high-severity flaw, dubbed ConfigConfusion, in the Config Connector add-on for Kubernetes - only to later claim it wasn't a vulnerability at all and deny a bug bounty. The issue still lingers, leaving users of the open-source tool potentially exposed.

Microsoft Patch Tuesday Release Sets Record with 206 CVEs Addressed
Microsoft just dropped a record-breaking Patch Tuesday update, fixing a whopping 206 vulnerabilities across its products - including 38 critical ones. This massive release surpasses previous months and confirms a trend towards larger updates, raising both relief and concern among security experts.

Hackers Exploit Gaps in Vulnerability Programs with Simplified Playbook
Meet Hercules, the mastermind behind a notorious underground tutorial that spills the beans on how to turn vulnerability exploitation into cold, hard cash. With a refreshingly blunt approach, Hercules breaks down the process into simple, actionable steps that even novice attackers can follow.

HackerOne Slashes Bug Bounty Rewards Amid AI-Driven Report Surge
HackerOne's Internet Bug Bounty program has slashed payouts, with medium-severity vulnerabilities now earning just $297, down from $1,843, and critical ones fetching $2,257, down from $9,250. The program is currently on pause as the company retools its rewards structure.

AI-Powered Bug Reports Overwhelm Security Teams
GitHub is overhauling its bug report system after being inundated with AI-generated submissions that are often incomplete, unrealistic, or redundant, making it tough for security teams to keep up. The platform is tightening its definition of a "complete" bug report to help separate signal from noise.

Security Researchers Exploit 47 Zero-Days for $1.3 Million at Pwn2Own Berlin
In a stunning display of cybersecurity prowess, researchers at Pwn2Own Berlin 2026 exploited a whopping 47 zero-day flaws, raking in a total of $1.3 million in just three days. The competition saw contestants disclose and exploit vulnerabilities in top enterprise and AI-facing products, earning daily payouts of $523,000, $385,750, and $389,500.

Open Source Models Challenge Dominance in Automated Bug Finding
The impressive performance of Anthropic's Mythos in automated bug finding, which uncovered 271 Firefox flaws, has been called into question by Ari Herbert-Voss, who argues that open-source models can be just as effective. Herbert-Voss suggests that Mythos's success can be attributed to its ability to detect both simple and complex vulnerabilities, thanks to a phenomenon he terms "supralinear scaling".

Microsoft Awards $2.3M for Cloud and AI Flaws Uncovered in Zero Day Quest Hacking Contest
Microsoft just took a bold step towards securing our digital future by awarding $2.3 million to researchers who uncovered critical cloud and AI flaws in its Zero Day Quest hacking contest, showcasing the power of incentive-driven vulnerability discovery. Nearly 700 submissions poured in, highlighting the vast scope of potential weaknesses in our rapidly evolving tech landscape.

Anthropic Deploys AI to Autonomously Fix Software Vulnerabilities
Imagine an AI that can proactively hunt down and fix hidden software vulnerabilities in critical systems before hackers can exploit them - Anthropic's new Project Glasswing is making this a reality with its cutting-edge AI model, Claude Mythos Preview. This groundbreaking initiative has the potential to revolutionize cybersecurity, but also raises intriguing questions about its capabilities and implications.

Claude AI Uncovers 13-Year-Old Apache ActiveMQ Bug
Meet the AI that just uncovered a 13-year-old secret: Anthropic's Claude helped researchers discover a long-hidden vulnerability in Apache ActiveMQ Classic, a flaw that had been quietly lurking for over a decade. This groundbreaking find is a testament to the power of AI-assisted research in uncovering even the most elusive bugs.