veganism.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Veganism Social is a welcoming space on the internet for vegans to connect and engage with the broader decentralized social media community.

Administered by:

Server stats:

291
active users

#BugBounty

10 posts10 participants1 post today
Peter N. M. Hansteen<p>Quoting a colleague responding to a "bug report"er</p><p>"Additionally, if you want to be taken seriously, you may want to examine your own setup first. The "From" name in your message is literal garbage text, and the account username appears indistinguishable from spam. If the goal is to present yourself as a credible<br>security reporter, this does not inspire confidence. Please verify your own outbound configuration before advising others."</p><p><a href="https://mastodon.social/tags/bugreporting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugreporting</span></a> <a href="https://mastodon.social/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugbounty</span></a> <a href="https://mastodon.social/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a></p>
BobDaHacker 🏳️‍⚧️ | NB<p>🚨 Hacked India's biggest dating app Flutrr (backed by The Times of India). Critical security flaws expose millions of users.</p><p>Technical details:</p><ul><li>Zero authentication checks on ANY API endpoint</li><li>Can read/send messages as any user via WebSocket</li><li>Access anyone's sensitive profile data, matches, conversations</li><li>Update any user's data by just changing UID in requests</li><li>Delete anyones account </li></ul><p>Reported November 2024, they responded in March 2025 with a $100 gift card offer. Still unfixed.</p><p>Every single endpoint trusts client-provided user IDs without verification. This is as bad as it gets for a dating app handling sensitive personal data.</p><p>Full Technical Writeup: <a href="https://bobdahacker.com/blog/indias-biggest-dating-app-hacked" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">bobdahacker.com/blog/indias-bi</span><span class="invisible">ggest-dating-app-hacked</span></a></p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/india" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>india</span></a> <a href="https://infosec.exchange/tags/datingapp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>datingapp</span></a> <a href="https://infosec.exchange/tags/responsibledisclosure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>responsibledisclosure</span></a> <a href="https://infosec.exchange/tags/apisecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>apisecurity</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugbounty</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
Negative PID Inc.<p>Are you interested in deepening your cybersecurity experience and earning money while doing so? If you're up for challenges, bug bounty hunting might be the path to your success. </p><p>Here is how to get started and start cashing in. 👇 </p><p><a href="https://negativepid.blog/how-to-become-a-bug-bounty-hunter/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">negativepid.blog/how-to-become</span><span class="invisible">-a-bug-bounty-hunter/</span></a></p><p><a href="https://mastodon.social/tags/bugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugBounty</span></a> <a href="https://mastodon.social/tags/bugHunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugHunters</span></a> <a href="https://mastodon.social/tags/bugBountyHunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugBountyHunters</span></a> <a href="https://mastodon.social/tags/cyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberSecurity</span></a> <a href="https://mastodon.social/tags/ethicalHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ethicalHacking</span></a> <a href="https://mastodon.social/tags/instantCash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>instantCash</span></a> <a href="https://mastodon.social/tags/earnOnline" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>earnOnline</span></a> <a href="https://mastodon.social/tags/moneyOnline" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>moneyOnline</span></a> <a href="https://mastodon.social/tags/remoteJobs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>remoteJobs</span></a> <a href="https://mastodon.social/tags/digitalNomads" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>digitalNomads</span></a> <a href="https://mastodon.social/tags/bugBountyPrograms" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugBountyPrograms</span></a></p>
RedPacket Security<p>BugCrowd Bug Bounty Disclosure: P3 - Unauthorized Disclosure of PII via Internal NASA Doc Vulnerability - Black_charon - <a href="https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-unauthorized-disclosure-of-pii-via-internal-nasa-doc-vulnerability/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">redpacketsecurity.com/bugcrowd</span><span class="invisible">-bugbounty-disclosure-unauthorized-disclosure-of-pii-via-internal-nasa-doc-vulnerability/</span></a></p><p><a href="https://mastodon.social/tags/BugCrowd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugCrowd</span></a> <a href="https://mastodon.social/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/OSINT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OSINT</span></a> <a href="https://mastodon.social/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://mastodon.social/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyber</span></a></p>
knoppix<p>Plex urges users to update media servers due to a newly patched security flaw ⚠️<br>The issue affects versions 1.41.7.x to 1.42.0.x — fixed in 1.42.1.10060 🛠️</p><p>No CVE has been assigned yet, and technical details remain undisclosed 🔒<br>Users should patch immediately to avoid potential exploitation 🔁</p><p><span class="h-card" translate="no"><a href="https://lemmy.ml/c/plex" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>plex@lemmy.ml</span></a></span> <br><span class="h-card" translate="no"><a href="https://lemmy.ca/c/plex" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>plex@lemmy.ca</span></a></span> <br><span class="h-card" translate="no"><a href="https://infosec.exchange/@BleepingComputer" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>BleepingComputer</span></a></span> </p><p><a href="https://www.bleepingcomputer.com/news/security/plex-warns-users-to-patch-security-vulnerability-immediately/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/plex-warns-users-to-patch-security-vulnerability-immediately/</span></a></p><p><a href="https://mastodon.social/tags/Plex" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Plex</span></a> <a href="https://mastodon.social/tags/MediaServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MediaServer</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/DataBreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataBreach</span></a> <a href="https://mastodon.social/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://mastodon.social/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RCE</span></a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://mastodon.social/tags/Exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exploit</span></a> <a href="https://mastodon.social/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a> <a href="https://mastodon.social/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://mastodon.social/tags/HomeServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HomeServer</span></a></p>
BobDaHacker 🏳️‍⚧️ | NB<p>🎢 Hacked South Park's Casa Bonita. Could access their entire POS system and see all customer payments/tips and more 😬</p><p>Technical details:</p><ul><li>Founders Club admin panel: No auth required, all member emails exposed</li><li>POS registration: Form disabled client-side only, API endpoint still functional</li><li>Reservation enumeration: Sequential IDs exposed full customer data</li><li>Full control over customer tabs, payments, and inventory</li><li>Supabase misconfiguration: Public signups triggered automated membership cards</li></ul><p>No security.txt anywhere. Had to email parkcounty.com addresses then get help from my friend whose company partners with South Park.</p><p>Fixed fast but never thanked me. Got a Founders Club card 6 months later though, because the system automatically sends them 😂</p><p>Full Technical Writeup: <a href="https://bobdahacker.com/blog/i-hacked-southpark" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">bobdahacker.com/blog/i-hacked-</span><span class="invisible">southpark</span></a></p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugbounty</span></a> <a href="https://infosec.exchange/tags/responsibleDisclosure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>responsibleDisclosure</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/southpark" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>southpark</span></a> <a href="https://infosec.exchange/tags/CasaBonita" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CasaBonita</span></a></p>
Right News India<p>Apple Security Bounty: Tech Giant Offers Up to $2 Million for Finding iPhone Vulnerabilities</p><p>🌐 Please Like &amp; Share ‼️<br><a href="https://mastodon.social/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>News</span></a> <a href="https://mastodon.social/tags/Applesecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Applesecurity</span></a> <a href="https://mastodon.social/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugbounty</span></a></p><p><a href="https://rightnewsindia.com/apple-security-bounty-tech-giant-offers-up-to-2-million-for-finding-iphone-vulnerabilities/?utm_source=mastodon&amp;utm_medium=jetpack_social" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">rightnewsindia.com/apple-secur</span><span class="invisible">ity-bounty-tech-giant-offers-up-to-2-million-for-finding-iphone-vulnerabilities/?utm_source=mastodon&amp;utm_medium=jetpack_social</span></a></p>
geeknik<p>Support ethical AI sabotage and open-source resistance. I build Gödel’s Therapy Room to expose LLM failure modes, develop browser tools to kill trackers, and train cognitive adversaries to detect bullshit.<br>Buy me a coffee and join the quantum rebellion.<br>☕ <a href="https://www.buymeacoffee.com/geeknik" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">buymeacoffee.com/geeknik</span><span class="invisible"></span></a><br><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/AIethics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AIethics</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugbounty</span></a></p>
Milos Constantin<p>HexStrike AI <a href="https://hachyderm.io/tags/MCP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MCP</span></a> Agents is an advanced <a href="https://hachyderm.io/tags/MCP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MCP</span></a> server that lets <a href="https://hachyderm.io/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> agents (<a href="https://hachyderm.io/tags/Claude" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Claude</span></a>, <a href="https://hachyderm.io/tags/GPT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPT</span></a>, <a href="https://hachyderm.io/tags/Copilot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Copilot</span></a>, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, <a href="https://hachyderm.io/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugbounty</span></a> automation, and <a href="https://hachyderm.io/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> research..</p>
Constantin Milos<p>HexStrike AI <a href="https://infosec.exchange/tags/MCP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MCP</span></a> Agents is an advanced <a href="https://infosec.exchange/tags/MCP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MCP</span></a> server that lets <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> agents (<a href="https://infosec.exchange/tags/Claude" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Claude</span></a>, <a href="https://infosec.exchange/tags/GPT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPT</span></a>, <a href="https://infosec.exchange/tags/Copilot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Copilot</span></a>, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugbounty</span></a> automation, and <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> research..</p>
RedPacket Security<p>BugCrowd Bug Bounty Disclosure: P5 - Unauthenticated metadata disclosure of protected NASA flight reports and mission schedules via /ajax/activity - madhu873 - <a href="https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-unauthenticated-metadata-disclosure-of-protected-nasa-flight-reports-and-mission-schedules-via-ajax-activity/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">redpacketsecurity.com/bugcrowd</span><span class="invisible">-bugbounty-disclosure-unauthenticated-metadata-disclosure-of-protected-nasa-flight-reports-and-mission-schedules-via-ajax-activity/</span></a></p><p><a href="https://mastodon.social/tags/BugCrowd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugCrowd</span></a> <a href="https://mastodon.social/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/OSINT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OSINT</span></a> <a href="https://mastodon.social/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://mastodon.social/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyber</span></a></p>
Dissent Doe :cupofcoffee:<p>I just caught up with this one. In case you haven't seen it:</p><p>Security researcher quips maybe it's time to get 'a real job' after being paid meagre $1,000 bug bounty by Apple</p><p><a href="https://www.pcgamer.com/hardware/security-researcher-quips-maybe-its-time-to-get-a-real-job-after-being-paid-meagre-usd1-000-bug-bounty-by-apple/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">pcgamer.com/hardware/security-</span><span class="invisible">researcher-quips-maybe-its-time-to-get-a-real-job-after-being-paid-meagre-usd1-000-bug-bounty-by-apple/</span></a></p><p>h/t, MSN</p><p><a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugbounty</span></a> <a href="https://infosec.exchange/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apple</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a></p>

Microsoft paid a record $17M to 344 security researchers across 59 countries over the past year 🛡️💰
1,469 valid reports helped fix 1,000+ security flaws across Windows, Azure, Xbox, 365 & more.
Highest single bounty: $200K.

AI & identity systems now see expanded bounty scopes.

@serghei
@BleepingComputer

bleepingcomputer.com/news/micr

Two criticals. Two known exploited. One a zero-day.
July saw a spike in high-severity vulnerabilities.

Here are CVE Crowd's Top 3 from the 624 CVEs discussed across the Fediverse last month.
For each CVE, I've included a standout post from the community.
Enjoy exploring! 👇