BugCrowd Bug Bounty Disclosure: P3 - Critical Identity and Communication Data Exposed in Unprotected NASA Hangar Demolition Doc Vulnerability - Black_charon - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-critical-identity-and-communication-data-exposed-in-unprotected-nasa-hangar-demolition-doc-vulnerability/
Microsoft paid a record $17M to 344 security researchers across 59 countries over the past year
1,469 valid reports helped fix 1,000+ security flaws across Windows, Azure, Xbox, 365 & more.
Highest single bounty: $200K.
AI & identity systems now see expanded bounty scopes.
BugCrowd Bug Bounty Disclosure: P1 - Authentication Bypass + exposure of PII + reflected XSS - snillx - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-authentication-bypass-exposure-of-pii-reflected-xss/
Are you located in the US/EU? passionate about #appsec? Maybe you follow #bugbountytips or are an avid #ctf player and are ready to take the next step. If so, we're looking for our next #intern, so consider applying today - https://hackers.doyensec.com.
#doyensec #security #internship #bugbounty
#Microsoft pays record $17 million in bounties over the last 12 months
I'm in Vegas for DEF CON and Google 0x0g this week. Hit me up if you want to chat about browser/web/extension security and privacy.
Two criticals. Two known exploited. One a zero-day.
July saw a spike in high-severity vulnerabilities.
Here are CVE Crowd's Top 3 from the 624 CVEs discussed across the Fediverse last month.
For each CVE, I've included a standout post from the community.
Enjoy exploring!
BugCrowd Bug Bounty Disclosure: P2 - Graphql API exposes all groups and goups users leaking internal stucture, full names and emails - vinax - https://www.redpacketsecurity.com/bugcrowd-bugbounty-disclosure-graphql-api-exposes-all-groups-and-goups-users-leaking-internal-stucture-full-names-and-emails/