Tag: hackerone
4 articles

phpBB Fixes Decade-Old Auth Bypass Bug
A major vulnerability in phpBB has been uncovered, allowing attackers to bypass authentication and log in as any user, including administrators, with ease and no special knowledge required. This decade-old bug, exploitable in default configurations, has been patched - but only after researchers took steps to privately disclose the issue to prevent widespread exploitation.

HackerOne Slashes Bug Bounty Rewards Amid AI-Driven Report Surge
HackerOne's Internet Bug Bounty program has slashed payouts, with medium-severity vulnerabilities now earning just $297, down from $1,843, and critical ones fetching $2,257, down from $9,250. The program is currently on pause as the company retools its rewards structure.

AWS Discloses Flaw in Quick Access Control
AWS swiftly addressed a security flaw in Quick Access, discovered by Fog Security, which could have allowed unauthorized users to bypass access controls, and fortunately, no customer data was compromised. The issue was resolved in March 2026, with no action required from customers.

Lovable Disputes Data Leak, Shifts Blame to HackerOne
Lovable, a coding platform, is facing scrutiny after a security researcher uncovered a major data leak, exposing users' sensitive information, including credentials, chat history, and source code, to anyone with a free account. The company's shifting explanations have only added fuel to the fire, sparking concerns about its data handling practices.