HackerOne Bug Bounty Disclosure: information-disclosure-via-logback-configuration-injection-in-gocd-agent-aigirl - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-information-disclosure-via-logback-configuration-injection-in-gocd-agent-aigirl/
#hackerone
HackerOne Bug Bounty Disclosure: user-enumeration-via-timing-attack-in-django-mod-wsgi-authentication-backend-leads-to-account-discovery-stackered - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-user-enumeration-via-timing-attack-in-django-mod-wsgi-authentication-backend-leads-to-account-discovery-stackered/
HackerOne Bug Bounty Disclosure: previous-commentor-on-post-can-still-comment-even-after-comment-permission-is-changed-to-disabled-allenjo - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-previous-commentor-on-post-can-still-comment-even-after-comment-permission-is-changed-to-disabled-allenjo/
HackerOne Bug Bounty Disclosure: improper-access-control-access-to-active-hiring-premium-feature-filter-results-minex - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-improper-access-control-access-to-active-hiring-premium-feature-filter-results-minex/
@FlohEinstein @CryptoLek @turkusec As I didn't see you posting one, (missed in timeline) I thought it would be as reply here. it wasn't. So here you go - another one.
My Swiss brain is so tuned to associate stuff that ends in "...one" with certain chocolate products that I just mispronounced Hackerone (thereby confusing my colleagues).
#hackerone #toblerone #justswissthings #chocolate #Switzerland #infosec #photoshopped #notaigenerated
#hackerone #toblerone #justswissthings #chocolate #Switzerland #infosec #photoshopped #notaigenerated
📬 Wegen KI-Spam: curl stellt Bug-Bounty ein
#ITSicherheit #Kommentar #KünstlicheIntelligenz #Apache #BugBounty #curl #hackerone #kispam #log4j https://sc.tarnkappe.info/22820d
@bagder personally, I find that platforms like @Hacker0x01 don't move things much further.
- Neither are companies on there more receptible nor do things get fixed quicker as far as I can see, tho my sample size is not scientific.
Either a company / organization / project has a "#SecurityCulture" or not.
- For most corpos #HackerOne is just a checkbox to tick when it comes to "vulnerability managment"…
Der Entwickler des Kommandozeilenprogramms und der Bibliothek "curl" gab bekannt, dass das Projekt sein HackerOne-Bug-Bounty-Programm zum Ende dieses Monats einstellen wird. Grund dafür ist die Flut an minderwertigen, KI-generierten Schwachstellenberichten.
#curl #hackerone #bugbounty #aislop #aigenerated #vulnerabilityreport #itsecurity #cybersecurity #ai #ki
cURL kończy program bug bounty – czy to koniec jakości zgłoszeń?
Co się dzieje, gdy program bug bounty zamienia się w call center dla prompt-inżynierów? cURL właśnie pokazał, gdzie jest granica.
Czytaj dalej:
https://pressmind.org/curl-konczy-program-bug-bounty-czy-to-koniec-jakosci-zgloszen/
#PressMindLabs #bugbounty #curl #danielstenberg #generatywnaai #hackerone
HackerOne Bug Bounty Disclosure: spam-clearance-checks-disabled-with-existing-referenced-message-id-northeastprince - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-spam-clearance-checks-disabled-with-existing-referenced-message-id-northeastprince/
HackerOne Bug Bounty Disclosure: -critical-unauthorized-cross-tenant-data-access-in-stripo-ai-hub-campaign-via-deleted-project-srcode - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-critical-unauthorized-cross-tenant-data-access-in-stripo-ai-hub-campaign-via-deleted-project-srcode/
HackerOne Bug Bounty Disclosure: crossorigin-cookies-leak-and-injection-risk-when-using-a-custom-host-header-ichise - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-crossorigin-cookies-leak-and-injection-risk-when-using-a-custom-host-header-ichise/
HackerOne Bug Bounty Disclosure: internal-logs-info-leaked-via-endpoint-hxxps-server-status-dexter - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-internal-logs-info-leaked-via-endpoint-hxxps-server-status-dexter/
HackerOne Bug Bounty Disclosure: ssl-options-issuercert-ec-curves-and-crlfile-silently-ignored-by-non-openssl-backends-foobar - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-ssl-options-issuercert-ec-curves-and-crlfile-silently-ignored-by-non-openssl-backends-foobar/
HackerOne Bug Bounty Disclosure: memory-exhaustion-in-cometbft-v-via-malicious-proposalmessage-leads-to-network-wide-denial-of-service--xjam - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-memory-exhaustion-in-cometbft-v-via-malicious-proposalmessage-leads-to-network-wide-denial-of-service-xjam/
HackerOne Bug Bounty Disclosure: cookie-replacement-use-after-free-vulnerability-bhaskar-ram - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-cookie-replacement-use-after-free-vulnerability-bhaskar-ram/
HackerOne Bug Bounty Disclosure: cookie-max-age-integer-overflow-vulnerability-bhaskar-ram - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-cookie-max-age-integer-overflow-vulnerability-bhaskar-ram/
HackerOne Bug Bounty Disclosure: disclose-hidden-comments-on-media-section-of-hub-vroid-com-giwadaoud - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-disclose-hidden-comments-on-media-section-of-hub-vroid-com-giwadaoud/
HackerOne Bug Bounty Disclosure: clickjacing-can-lead-to-account-takeover-hyk-n - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-clickjacing-can-lead-to-account-takeover-hyk-n/
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst