HackerOne Bug Bounty Disclosure: security-check-up-ejejohn - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-security-check-up-ejejohn/

HackerOne Bug Bounty Disclosure: security-check-up-ejejohn - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-security-check-up-ejejohn/
HackerOne Bug Bounty Disclosure: use-after-free-or-assert-triggered-with-failed-allocations-in-openssl-catenacyber - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-use-after-free-or-assert-triggered-with-failed-allocations-in-openssl-catenacyber/
HackerOne Bug Bounty Disclosure: mint-oauth-access-token-for-targeted-user-timothyleung - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-mint-oauth-access-token-for-targeted-user-timothyleung/
HackerOne Bug Bounty Disclosure: gnutls-curlinfo-tls-session-curlinfo-tls-ssl-ptr-type-confusion-nyymi - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-gnutls-curlinfo-tls-session-curlinfo-tls-ssl-ptr-type-confusion-nyymi/
HackerOne Bug Bounty Disclosure: arbitrary-file-read-via-file-protocol-in-curl-mr-tufan - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-arbitrary-file-read-via-file-protocol-in-curl-mr-tufan/
HackerOne Bug Bounty Disclosure: use-after-free-in-openssl-keylog-callback-via-ssl-get-ex-data-in-libcurl-brobagazzzx - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-use-after-free-in-openssl-keylog-callback-via-ssl-get-ex-data-in-libcurl-brobagazzzx/
Be interesting if #HackerOne could tag AI slop reports as "Delusory Hallucinations Made Obnoxiously".
aka #DHMO
HackerOne Bug Bounty Disclosure: csrf-at-network-feature-psfauzi - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-csrf-at-network-feature-psfauzi/
HackerOne Bug Bounty Disclosure: information-disclosure-identified-on-ibm-endpoint-devire - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-information-disclosure-identified-on-ibm-endpoint-devire/
XBOW's AI pentester ranked #1 on HackerOne with 1,060 vulnerabilities found, raising $75M. The kicker? 45% of bugs are still unfixed. We've automated finding problems in hours, but fixing them still takes... time. Progress!
#AI is now the "best" #hacker on #HackerOne, because why should humans have all the fun of pretending they understand security?
Congratulations, XBOW, for completing #CTF #challenges nobody else cares about, and for setting a new standard in achieving #virtual #glory in virtual battles.
https://xbow.com/blog/top-1-how-xbow-did-it/ #Security #HackerNews #ngated
"A lot of #HackerOne notifications that we're getting, are #AI generated garbage" says the director of #OpenSource @mghaught from @rubygems / @rubycentral at @balticruby.
If you have followed the rant of @bagder (the maintainer of #curl) about #AI generated reports on #hackerone (https://www.linkedin.com/posts/danielstenberg_hackerone-curl-activity-7324820893862363136-glb1/) and you agree with him, this discussion on #GitHub might be for you https://github.com/orgs/community/discussions/159749
The #FOSS world might get flooded even more with #Copilot generated issues and PRs. All powered by GitHub
The image is a screenshot of a post from "Daniel Stenberg, curl CEO. Code Emitting Organism" with a timestamp of "16h", showing that it was edited:
That's it. I've had it. I'm putting my foot down on this craziness.
1. Every reporter submitting security reports on #Hackerone for #curl now needs to answer this question:
"Did you use an Al to find the problem or generate this submission?"
(continued in next post)
Why does the #AISlop problem exist at #hackerone (and likely other bug bounty platforms)?
Because apparently it works: https://hackerone.com/evilginx/hacktivity?type=user
It seems that some projects pay bounties for such AI Slop reports.
Marking them as spam now. #curl #hackerone (AI slop as "security vulnerability reports")
Sharing my new writeup. :)
Getting email address of any @Hacker0x01 user worth $7,500