Fair and Transparent Hacker Invitations
We’re happy to share that, based on your feedback, we’ve improved the hacker invitation system for private vulnerability coordination and bug bounty programs. With this…
Month: May 2023
Exploit released for RCE flaw in popular ReportLab PDF library
A researcher has published a working exploit for a remote code execution (RCE) flaw impacting ReportLab Toolkit, a popular Python library used by numerous projects…
Improving Public Bug Bounty Programs with Signal Requirements
HackerOne has added two improvements that increase vulnerability report quality for public disclosure and bug bounty programs: Signal Requirements and an updated Rate Limiter. Signal…
Crypto Discord Communities Targeted by Malicious Bookmarks & JavaScript
Several crypto-based Discord communities, including Aura Network, MetrixCoin, and Nahmii, have already fallen victim to the attack. Discord communities have become prime targets for cybercriminals,…
Open Source Hacking | Creating the Best Open Source Environment
In 2014, HackerOne launched their first open source project and two years in, we have 50 contributors, received over 450 stars on GitHub, and are…
Amazon faces $30 million fine over Ring, Alexa privacy violations
Amazon will pay $30 million in fines to settle allegations of privacy violations related to the operation of its Ring video doorbell and Alexa virtual…
Kali Linux 2023.2 released with 13 new tools, pre-built HyperV image
Kali Linux 2023.2, the second version of 2023, is now available with a pre-built Hyper-V image and thirteen new tools, including the Evilginx framework for…
6 Ways to Build Great Relationships with Security Teams
One of the most common questions we get from new hackers is “How can I get along better with security teams and bounty administrators?” We…
Terminator antivirus killer is a vulnerable Windows driver in disguise
A threat actor known as Spyboy is promoting a tool called “Terminator” on a Russian-speaking hacking forum that can allegedly terminate any antivirus, XDR, and…
Shadow Data Concerns, Public Cloud Breaches Remain Sky-High: Here’s How Organizations Can Protect Themselves
By Andy Smith, Chief Marketing Officer, The same technologies powering cloud transformation and data democratization are also introducing the greatest risks to data security, data…
Hacker Blogs We Love Reading
UPDATED: Please note that we updated this post on 5/5 with even more blogs our hackers suggested. Thank you! Hackers in our community often share…
Hackers exploit critical Zyxel firewall flaw in ongoing attacks
Hackers are performing widespread exploitation of a critical-severity command injection flaw in Zyxel networking devices, tracked as CVE-2023-28771, to install malware. The flaw, which is…