Breaking Down the OWASP Top 10: Insecure Design
In the absence of these considerations, systems can be retrofitted with ineffective security controls or lack them entirely. This can...
Read more →News Archive
View All →
The OWASP Top 10 for LLMs 2025: How GenAI Risks Are Evolving
Here is HackerOne’s perspective on the Top 10 list for LLM vulnerabilities, how the list has changed, and what solutions...
Read more →
ROI Isn’t Cutting It: 6 Questions to Help CISOs Better Quantify Security Investments
However, in cybersecurity, quantifying net profit becomes significantly more complex due to the intangible nature of its benefits and the...
Read more →
A Partial Victory for AI Researchers
HackerOne has partnered with security and AI communities to advocate for stronger legal protections for independent researchers. Most recently, HackerOne...
Read more →
U.S. CISA adds JQuery flaw to its Known Exploited Vulnerabilities catalog
U.S. CISA adds JQuery flaw to its Known Exploited Vulnerabilities catalog Pierluigi Paganini January 23, 2025 U.S. Cybersecurity and Infrastructure...
Read more →
Introducing Lightspark’s Public Bug Bounty Program
Expanding Our Bug Bounty Program At Lightspark, we’ve always been focused on security that meets and exceeds industry standards. We’ve...
Read more →
U.S. CISA adds SonicWall SMA1000 flaw to its Known Exploited Vulnerabilities catalog
U.S. CISA adds SonicWall SMA1000 flaw to its Known Exploited Vulnerabilities catalog Pierluigi Paganini January 24, 2025 U.S. Cybersecurity and...
Read more →
Zyxel warns of bad signature update causing firewall boot loops
Zyxel is warning that a bad security signature update is causing critical errors for USG FLEX or ATP Series firewalls, including putting...
Read more →
Resurrecting Shift-Left With Human-in-the-loop AI
What’s Needed for Secure by Design Success We spent years understanding the culprits of why “shift-left” controls fail to identify...
Read more →
Microsoft to deprecate WSUS driver synchronization in 90 days
Microsoft has reminded Windows administrators that driver synchronization in Windows Server Update Services (WSUS) will be deprecated on April 18,...
Read more →
J-magic malware campaign targets Juniper routers
J-magic malware campaign targets Juniper routers Pierluigi Paganini January 24, 2025 Threat actors are targeting Juniper routers with a custom...
Read more →
Hope in the Fight Against Cyber Threats: A New Year’s Message to CISOs
Facing the Reality: Cybersecurity’s Mounting Pressures The cybersecurity landscape is evolving at an unprecedented pace. This past year, breaches resulting...
Read more →