A Partial Victory for AI Researchers
HackerOne has partnered with security and AI communities to advocate for stronger legal protections for independent researchers. Most recently, HackerOne participated in a workshop hosted by…
Category: Mix
Security Update: Ivanti Connect Secure (CVE-2025-0282)
A critical vulnerability (CVE-2025-0282) has been identified in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. This vulnerability could allow unauthenticated remote attackers to achieve…
Inside the tech that continuously monitors our customers’ attack surface
As part of our Detectify under the hood blog series, we recently introduced our new engine framework and how it helped us address a critical…
Triage in bug bounty | Intigriti
As we step into 2025, many of us are setting resolutions to improve, grow, and achieve more. At Intigriti, we’re doing the same—but with a…
ROI Isn’t Cutting It: 6 Questions to Help CISOs Better Quantify Security Investments
However, in cybersecurity, quantifying net profit becomes significantly more complex due to the intangible nature of its benefits and the absence of direct revenue generation.…
Effective API Throttling for Enhanced API Security
APIs are the backbone of modern digital ecosystems, but their misuse can expose systems to cyber threats. Effective API throttling not only optimizes performance but…
The OWASP Top 10 for LLMs 2025: How GenAI Risks Are Evolving
Here is HackerOne’s perspective on the Top 10 list for LLM vulnerabilities, how the list has changed, and what solutions can help secure against these…
AI-Powered Hacking · Joseph Thacker
In most domains, the best AI tools of our day reduce friction and speed up top-tier humans. Agents might take over later, but for now,…
Hunting for blind XSS vulnerabilities: A complete guide
Cross-site scripting (XSS) vulnerabilities are quite common and fun to find. They also carry great impact when chained with other vulnerabilities. But there’s another variant…
The Top 10 Data Breaches of 2024
2024 has been a tumultuous year in cybersecurity with numerous significant data breaches compromising sensitive information and affecting millions globally. While these breaches have caused…
Top Open Source API Security Tools
The modern world relies on Application Programming Interfaces (APIs). They allow applications to communicate with each other, servers, and consumers to facilitate data sharing and…
Testing JavaScript files for bug bounty hunters
You’ve with no doubt heard or seen other fellow bug bounty hunters find critical vulnerabilities thanks to JavaScript file enumeration, right? This article is all…