https://soundcloud.com/angel-drikin/skrillex-bug-hunt-remix

#dubstep does sound like farts. lol

#remix #bughunter #bugbounty

BugCrowd Bug Bounty Disclosure: P4 - open redirect vulnerability occurring at https://keycloak.shared-services.staging.appdat.jsc.nasa.gov/ - uko3211 - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-open-redirect-vulnerability-occurring-at-https-keycloak-shared-services-staging-appdat-jsc-nasa-gov/

#BugCrowd #BugBounty #Vulnerability #OSINT #ThreatIntel #Cyber

BugCrowd Bug Bounty Disclosure: P5 - Directory Listing Vulnerability - Vinit06 - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-directory-listing-vulnerability/

#BugCrowd #BugBounty #Vulnerability #OSINT #ThreatIntel #Cyber

BugCrowd Bug Bounty Disclosure: P4 - Publicly editable Google Slides linked from nasa.gov enables unauthorized content modification (content integrity & brand abuse risk - Epenetus-Matias-Putra - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-publicly-editable-google-slides-linked-from-nasa-gov-enables-unauthorized-content-modification-content-integrity-brand-abuse-risk/

#BugCrowd #BugBounty #Vulnerability #OSINT #ThreatIntel #Cyber

BugCrowd Bug Bounty Disclosure: P4 - Sensitive NASA Jira & Employee Data Exposure via Public JSFiddle - - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-sensitive-nasa-jira-employee-data-exposure-via-public-jsfiddle/

#BugCrowd #BugBounty #Vulnerability #OSINT #ThreatIntel #Cyber

BugCrowd Bug Bounty Disclosure: P5 - internal IP Disclosure via Public DNS Record (blue.guest.hq.nasa.gov) - Theekshana_kusal - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-internal-ip-disclosure-via-public-dns-record-blue-guest-hq-nasa-gov/

#BugCrowd #BugBounty #Vulnerability #OSINT #ThreatIntel #Cyber

A vulnerability in GitLab was exploited to perform an Account Takeover, resulting in a $35,000 bounty. The flaw consisted of multiple logical errors in validation, authentication flow, and state control. This case underscores the importance of reasoning and attention to detail in bug hunting rather than just using automated tools. #infosec #BugBounty #Cybersecurityhttps://gorkaaa.medium.com/35-000-por-un-fallo-en-gitlab-an%C3%A1lisis-completo-de-un-reporte-real-3fe1bd5bbb00?source=rss------bug_bounty-5

A Zero-Click Account Takeover (ZCA) vulnerability was discovered on an unnamed platform, allowing attackers to view, modify, and take over any user account without needing their password. This is a critical security issue that developers should address by implementing proper role-based authorization checks on APIs #infosec #BugBounty #Cybersecurityhttps://ln0rag.medium.com/ghost-in-the-system-a-zero-click-path-to-owning-any-user-account-945f9ca7e70d?source=rss------bug_bounty_tips-5

A vulnerability in GitLab was exploited to perform an Account Takeover, resulting in a $35,000 bounty. The flaw consisted of multiple logical errors in validation, authentication flow, and state control. This case underscores the importance of reasoning and attention to detail in bug hunting rather than just using automated tools. #infosec #BugBounty #Cybersecurityhttps://gorkaaa.medium.com/35-000-por-un-fallo-en-gitlab-an%C3%A1lisis-completo-de-un-reporte-real-3fe1bd5bbb00?source=rss------bug_bounty-5

A Zero-Click Account Takeover (ZCA) vulnerability was discovered on an unnamed platform, allowing attackers to view, modify, and take over any user account without needing their password. This is a critical security issue that developers should address by implementing proper role-based authorization checks on APIs #infosec #BugBounty #Cybersecurityhttps://ln0rag.medium.com/ghost-in-the-system-a-zero-click-path-to-owning-any-user-account-945f9ca7e70d?source=rss------bug_bounty_tips-5

#Apple :apple_inc: baut #BugBounty-Programm aus, gibt bis zu 2 Millionen Dollar | heise online https://www.heise.de/news/Apple-baut-Bug-Bounty-Programm-aus-gibt-bis-zu-2-Millionen-Dollar-10749183.html #Malware #CyberCrime #exploit #Hacking

In this article, we explore five essential wordlists every bug bounty hunter should have and how to effectively use them for improving chances of discovering vulnerabilities. These include: Haddix's (for common filenames/directories), WordPress plugin/theme generator (targeted WordPress slugs), GraphQL wordlist (fuzzing operations/fields), PortSwigger XSS cheat sheet (payload variants), and SecLists (Web-Content) (a curated collection of directories, endpoints, filenames). Each list's utility is explained along with command examples to leverage them effectively. #infosec #BugBounty #Cybersecurityhttps://medium.com/coding-nexus/5-wordlists-every-bug-bounty-hunter-should-save-and-how-to-use-them-a03d875222b4?source=rss------bug_bounty_tips-5

Nawet 5 mln dolarów za znalezienie krytycznej luki w produktach Apple – ciekawa aktualizacja programu Security Bounty

Programy Bug Bounty są często organizowane przez duże korporacje, aby zachęcić społeczność badaczy cyberbezpieczeństwa do poszukiwania luk i podatności w oferowanych produktach i usługach. Za znalezione błędy wydawane są nagrody, często w postaci środków pieniężnych. Wysokość nagrody zależy od wielu czynników, jednym z nich jest wpływ wykrytej luki na rzeczywiste...

#WBiegu #Aktualizacja #Apple #BugBounty

https://sekurak.pl/nawet-5-mln-dolarow-za-znalezienie-krytycznej-luki-w-produktach-apple-ciekawa-aktualizacja-programu-security-bounty/

Apple podwaja nagrodę w programie Bug Bounty do 2 mln USD za ataki na poziomie szpiegowskim

Apple ogłosiło nową, ulepszoną wersję swojego programu Bug Bounty, w którym nagroda za łańcuchy exploitów porównywalne do ataków szpiegowskich wzrosła do 2 mln USD.

Łączne wypłaty z bonusami za obejście Lockdown Mode i luki w wersjach beta mogą przekroczyć 5 mln USD, co Apple nazywa największą nagrodą oferowaną przez jakikolwiek program bug bounty.

Nowy program skupia się na kompletnych łańcuchach exploitów, a nie pojedynczych lukach, co odzwierciedla realne ataki. Nagrody za zdalne wektory ataku znacząco wzrosły, podczas gdy mniej powszechne kategorie otrzymają mniejsze wypłaty.

Apple wprowadza też „Target Flags”, inspirowane grami typu capture-the-flag. Pozwalają one badaczom udowodnić poziom uzyskanego dostępu (np. wykonanie kodu lub arbitralny odczyt/zapis). Po weryfikacji przez Apple nagroda jest wypłacana w najbliższym cyklu płatności, bez oczekiwania na poprawkę systemu.

Nowe kategorie obejmują m.in.:

• One-click WebKit sandbox escapes – do 300 000 USD
• Exploity bezprzewodowe – do 1 mln USD
• Pełne obejście Gatekeeper w macOS – 100 000 USD

Program wchodzi w życie od listopada 2025, a od startu w 2020 Apple wypłaciło ponad 35 mln USD ponad 800 badaczom.

Podobne programy mają inne filmy technologiczne z całego świata, w tym Synology, o czym szerzej posłuchasz w jednym z odcinków mojego podcastu „Bo czemu nie?”.

#Apple #AppleSecurity #Bezpieczeństwo #bezpieczeństwosystemów #BugBounty #cybersecurity #exploit #exploitchains #hackowanie #iOS #LockdownMode #macOS #nagroda #programiści #technews #vulnerability

💰 Apple Introduces $2M Bug Bounty for Spyware-Level Exploits / Mac Rumors

｢ The program now places greater emphasis on complete exploit chains rather than individual vulnerabilities, reflecting the reality that real-world attacks typically chain multiple bugs together. The rewards for remote-entry vectors have also been substantially increased, although categories not commonly seen in actual attacks will receive lower payouts ｣

https://www.macrumors.com/2025/10/10/apple-bug-bounty-program-overhauled/

#bugbounty #apple #cybersecurity

#Apple Announces $2 Million #BugBounty Reward for the Most Dangerous Exploits

https://www.wired.com/story/apple-announces-2-million-bug-bounty-reward/

#cybersecurity #spyware

There was a stroke of luck, a twist of fate (actually a bounty payment) and today we have tire change 😎

#bugbounty #bugbounties #bountyhunters

Find this one bug and Apple will pay you more than Rs 17 crore https://english.mathrubhumi.com/technology/apple-offers-rs-17-crore-bug-bounty-for-zero-click-hack-discovery-kvxbn2oj?utm_source=dlvr.it&utm_medium=mastodon #Apple #CyberSecurity #BugBounty #TechNews #iPhone

In this article, a researcher describes their journey in developing an AI to detect Cross-Site Scripting (XSS) vulnerabilities. Traditional scanners are criticized for their brute force approach and limited effectiveness. Instead, this new method uses machine learning to process thousands of payloads and learn from them, acting as a powerful assistant to human security analysts in finding XSS flaws, rather than replacing their creativity. #infosec #BugBounty #Cybersecurity
https://medium.com/data-and-beyond/automating-xss-detection-with-machine-learning-beyond-the-hype-036db1ec7458?source=rss------xss_attack-5

Apple đã nâng mức thưởng kỷ lục lên tới 2 triệu USD cho các nhà nghiên cứu bảo mật phát hiện ra lỗ hổng nghiêm trọng trên sản phẩm của hãng. Đây là động thái nhằm tăng cường an ninh, đặc biệt hướng tới thế hệ iPhone 17.

#Apple #BảoMật #CôngNghệ #TinCôngNghệ #iPhone17 #BugBounty
#Security #TechNews #Cybersecurity

https://vtcnews.vn/cong-nghe-13-10-apple-treo-thuong-2-trieu-usd-cho-nguoi-phat-hien-loi-bao-mat-ar970841.html