Skip to main content

Tag: hackerone

4 articles

Rows of computer servers and networking equipment in a brightly-lit server room.

phpBB Fixes Decade-Old Auth Bypass Bug

A major vulnerability in phpBB has been uncovered, allowing attackers to bypass authentication and log in as any user, including administrators, with ease and no special knowledge required. This decade-old bug, exploitable in default configurations, has been patched - but only after researchers took steps to privately disclose the issue to prevent widespread exploitation.

Analyst 207
Person in casual tech outfit sits near laptop with blank screen in modern office setting.

HackerOne Slashes Bug Bounty Rewards Amid AI-Driven Report Surge

HackerOne's Internet Bug Bounty program has slashed payouts, with medium-severity vulnerabilities now earning just $297, down from $1,843, and critical ones fetching $2,257, down from $9,250. The program is currently on pause as the company retools its rewards structure.

Analyst 207
Brightly-lit tech company headquarters with server room interior and security hint.

AWS Discloses Flaw in Quick Access Control

AWS swiftly addressed a security flaw in Quick Access, discovered by Fog Security, which could have allowed unauthorized users to bypass access controls, and fortunately, no customer data was compromised. The issue was resolved in March 2026, with no action required from customers.

Analyst 207
Shattered padlock on cracked digital surface with error message and accusatory finger in background.

Lovable Disputes Data Leak, Shifts Blame to HackerOne

Lovable, a coding platform, is facing scrutiny after a security researcher uncovered a major data leak, exposing users' sensitive information, including credentials, chat history, and source code, to anyone with a free account. The company's shifting explanations have only added fuel to the fire, sparking concerns about its data handling practices.

Analyst 207