Google's new AI bug bounty program pays up to $30,000 for flaws
This week, Google has launched an AI Vulnerability Reward Program dedicated to security researchers who find and report flaws in the company's AI systems.
Articles tagged with: #bug-bounty
Clear filter
HackerOne Paid $81 In Bug Bounty With Emergence of Bionic Hackers
HackerOne, a leading platform in offensive security, announced it has paid out a total of $81 million in bug bounties to its global community of white-hat hackers over the past year. This figure, detailed in the company's 9th annual Hacker-Powered Security Report, marks a 13% increase from the previous year, highlighting the growing reliance on
HackerOne paid $81 million in bug bounties over the past year
Bug bounty platform HackerOne has paid $81 million in rewards to white-hat hackers worldwide over the past 12 months. submitted by /u/rkhunter_ [link] [comments]
HackerOne paid $81 million in bug bounties over the past year
Bug bounty platform HackerOne announced that it paid out $81 million in rewards to white-hat hackers worldwide over the past 12 months.
selling pentest service
did so much bug bounty and now starting a pentesting service company, but finding difficult to get clients, tired of explaining CISO having SOC2 or ISO will not mean they are secure haha. how do we tackle this.? im good at emails but barely getting reply coz i know cto and ciso get ton of vendor emails every minute submitted by /u/Busy_Mastodon2282 [link] [comments]
Ethical Hacker Finds User Passwords In 180 Seconds
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. - Sep. 25, 2025 - Listen to the podcast Brandyn Murtagh is a full-time bug bounty-hunter and ethical 'White Hat' hacker. He uses the very same techniques as cybercriminals, but for good, helping identify
Sharing a free, AI-assisted platform I built to help with cybersecurity recon and learning.
Hey r/cybersecurity , I've been a long-time viewer of this community and wanted to contribute a resource I've been working on. I often found myself wishing for a more integrated, intelligent platform for common cybersecurity tasks - especially for initial reconnaissance and for those looking to learn and also who is doing cybersecurity practice and bug bounty hunting. So, I built Secrazy , and it's completely free and open to everyone: https://secrazy.site My goal was simply to create a suite...
Are certifications really necessary for a fresher in cybersecurity
I'm a student interested in starting a career in cybersecurity. I keep seeing people recommend certifications like CEH, Security+, OSCP, etc. The problem is these certs are expensive and many of them expire after a limited period. For someone who is just starting out, are certifications really mandatory to land an entry-level role? Or can I focus on building skills through labs, projects, and maybe bug bounty work instead? I'd like to hear from people already working in the field - do hiring...
HackerOne Confirms Data Breach - Hackers Gained Unauthorized Access To Salesforce Instance
HackerOne has confirmed it was among the companies affected by a recent data breach that provided unauthorized access to its Salesforce instance. The access was gained through a compromise of the third-party application Drift, which Salesloft owns. The bug bounty platform announced the security incident, aligning with its company value of "Default to Disclosure." According
Trying to get into freelance SOC work - have some lab experience but need real clients
Hey everyone, I've been working on building up my SOC skills over the past year or so. I've got a pretty decent home lab setup with Splunk, Wazuh, ELK stack and have been working through tons of detection scenarios. Also did some bug bounty stuff which helped me understand the offensive side. I've built some custom Sigma rules, done threat hunting exercises, worked with the MITRE framework - basically trying to get hands-on with everything I can in a lab environment. Got my Security+ and CEH,...
Top 10 Best Web Application Penetration Testing Companies in 2025
Web application penetration testing in 2025 goes beyond a simple, one-time assessment. The top companies combine human expertise with automation and intelligent platforms to provide continuous, on-demand testing. The rise of Penetration Testing as a Service (PTaaS) and bug bounty programs reflects this evolution, offering flexible, scalable, and real-time security testing that keeps pace with
Master Regex for Bug Bounty Hunting | Find Vulnerabilities Faster
Unlock the power of Regex in bug bounty hunting ! In this video, I'll teach you how to use Regular Expressions (Regex) to speed up your recon, identify hidden endpoints, filter responses, and detect potential vulnerabilities efficiently. Whether you're a beginner or an experienced hunter, this tutorial will help you improve your workflow and find more bugs. What You'll Learn: ✅ Basics of Regex for bug bounty ✅ Advanced Regex techniques for recon ✅ Filtering URLs, parameters & endpoints ✅...
0-Click Zendesk Account Takeover Vulnerability Enables Access to all Zendesk Tickets
A critical security vulnerability has been discovered in Zendesk's Android SDK implementation that allows attackers to perform mass account takeovers without any user interaction. The flaw, which earned a $3,000 bug bounty payout, stems from predictable token generation mechanisms that enable unauthorized access to all Zendesk support tickets across affected organizations. Key Takeaways1. Predictable JWT
How do you handle password leak reports regarding customers/users of your service/product due to customers poor security hygiene
My company runs an online product offering with several customers using our product. We also have a bug bounty program and every now and then, we receive reports of leaked credentials pertaining to our customers. These leaked credentials are due to customer's poor security (malware on their PC, same password everywhere, etc) and not a breach on our end. I'm trying to understand the right way to handle these. Would contacting customers to inform them of their password leaks be an obligation or...