News • Insights • Analysis
This week, over 150 new packages have been published to the npm open-source repository named after private components being internally used by major companies. These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who Read More …
Bug bounty programs have gained increased momentum and interest from the security research community for their role in promoting security awareness and responsible vulnerability disclosure. But they are not without their fair share of problems. Bug bounty platforms fill a Read More …
A group of ethical hackers cracked open Apple’s infrastructure and systems and, over the course of three months, discovered 55 vulnerabilities, a number of which would have given attackers complete control over customer and employee applications. Of note, a critical, Read More …
Bug bounty platform pioneer Zero-Day Initiative (ZDI) said it awarded more than $25 million in bounty rewards to security researchers over the past decade and a half. In an anniversary post celebrating its 15-year-old birthday, ZDI said the bounty rewards Read More …
Bug-bounty programs have become a popular way for vendors to root out security flaws in their platforms, attracting talented white-hats with the promise of big rewards. According to HackerOne’s 2020 List of the Top 10 Bug Bounty Programs on its Read More …
Apple has awarded a bug bounty hunter $100,000 for finding and reporting a severe security issue that could lead to the takeover of third-party user accounts. As reported by Hacker News, researcher Bhavuk Jain discovered the vulnerability in the “Sign in Read More …
Facebook has awarded a security researcher $20,000 for discovering a cross-site scripting (XSS) vulnerability in the Facebook Login SDK, which is used by developers to add a “Continue with Facebook” button to a page as an authentication method. Exploitation could Read More …
We recently noticed a Twitter post by MalwareHunterTeam that showed a Java downloader with a low detection rate. Its name, “Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar”, suggests it may have been used in a Covid-19-themed phishing campaign. Running this file Read More …
A security researcher has disclosed vulnerabilities in Apple’s Safari browser that can be used to snoop on iPhones, iPads and Mac computers using their microphones and cameras. To exploit the flaws in a real-world attack, all an attacker would need Read More …
Google has awarded its inaugural annual top prize for the Google Cloud Platform (GCP), for vulnerabilities found in the Google Cloud Shell. The find — a container escape that leads to host root access and the ability to use privileged Read More …
