bug bounty Archives • Information Security News

WhatsApp Patches “NUL Byte” Flaw and AI Media Exploits Across Windows, iOS, and Android

WhatsApp NUL byte vulnerability NSO WhatsApp Appeal WhatsApp Scraping WhatsApp surveillance NSO Group Translate WhatsApp zero-day Supply Chain Attack WhatsApp Ban WhatsApp Russia

WhatsApp Patches “NUL Byte” Flaw and AI Media Exploits Across Windows, iOS, and Android

ddos May 4, 2026

WhatsApp has remediated two vulnerabilities within its messaging architecture following disclosures through Meta’s bug bounty program. Both...

The Poisoned Push: How a Hidden Flaw in Git Metadata Exposed GitHub to Remote Code Execution GitHub Social Network, eSafety Ban Supply chain security GitHub stars GitHub Fraudulent - security analysis tool

GitHub Social Network, eSafety Ban Supply chain security GitHub stars GitHub Fraudulent - security analysis tool

The Poisoned Push: How a Hidden Flaw in Git Metadata Exposed GitHub to Remote Code Execution

ddos April 30, 2026

The seemingly mundane git push command has emerged as a significantly more treacherous vector than conventionally presumed....

The Pentester’s Co-Pilot: Revolutionizing Security Audits with Burp AI Agent AI-powered penetration testing

The Pentester’s Co-Pilot: Revolutionizing Security Audits with Burp AI Agent

ddos April 2, 2026

Burp AI Agent Burp AI Agent is an extension for Burp Suite that integrates AI capabilities into...

The Bitwise Blunder: How a Single Typo in Firefox’s Engine Opened the Door to RCE Firefox Anti-Fingerprinting Firefox extension Firefox 144 Profile Management Firefox extension rollback Ad blockers Firefox Security Update

The Bitwise Blunder: How a Single Typo in Firefox’s Engine Opened the Door to RCE

ddos February 23, 2026

A critical Remote Code Execution (RCE) vulnerability has been unearthed within SpiderMonkey, the JavaScript engine powering Mozilla...

The Log Viewer Trap: How OpenAI’s Dashboard Can Leak Your Secrets

ddos January 23, 2026

Envision a scenario where your chatbot functions ostensibly as intended, preemptively suppressing a hazardous response, yet a...

Unmasking the Code: JS Analyzer Automates JavaScript Recon & Secret Discovery JavaScript static analysis

Unmasking the Code: JS Analyzer Automates JavaScript Recon & Secret Discovery

ddos January 7, 2026

JS Analyzer A powerful Burp Suite extension for JavaScript static analysis. Extracts API endpoints, URLs, secrets, and...

The Trojan Book: How a Malicious E-book Can Hijack Your Entire Amazon Account Botnet Surge GoAnywhere, ransomware Cybercrime XWorm Lazarus Group Moobot botnet Ransomware War

Botnet Surge GoAnywhere, ransomware Cybercrime XWorm Lazarus Group Moobot botnet Ransomware War

The Trojan Book: How a Malicious E-book Can Hijack Your Entire Amazon Account

ddos December 18, 2025

A security researcher has demonstrated how a “booby-trapped” e-book can turn an ordinary Kindle into a gateway...

Portugal Grants Legal Protection to Ethical Hackers for Vulnerability Disclosure BamboozlEDR China Vulnerability Pipeline South Korea data center fire TaskHound Neural Data Privacy Smart device hack RBI security vulnerability Vulnerability scoring AI bots HTTP/2 vulnerability Cyber Force Linux Security China Cybersecurity Cyber Warfare UN Cybersecurity macOS SMBClient

BamboozlEDR China Vulnerability Pipeline South Korea data center fire TaskHound Neural Data Privacy Smart device hack RBI security vulnerability Vulnerability scoring AI bots HTTP/2 vulnerability Cyber Force Linux Security China Cybersecurity Cyber Warfare UN Cybersecurity macOS SMBClient

Portugal Grants Legal Protection to Ethical Hackers for Vulnerability Disclosure

ddos December 9, 2025

Portugal has expanded its legal framework in the realm of digital security, formally establishing protections for good-faith...

Frogy: The New Recon Tool That Maps and Prioritizes Your Entire Attack Surface Attack Surface Management

Frogy: The New Recon Tool That Maps and Prioritizes Your Entire Attack Surface

ddos November 3, 2025

Frogy 2.0 is an automated external reconnaissance and Attack Surface Management (ASM) toolkit designed to map out an...

From Hobbyists to State Pipeline: China Centralizes Vulnerability Research and Bans Foreign Hacking Contests BamboozlEDR China Vulnerability Pipeline South Korea data center fire TaskHound Neural Data Privacy Smart device hack RBI security vulnerability Vulnerability scoring AI bots HTTP/2 vulnerability Cyber Force Linux Security China Cybersecurity Cyber Warfare UN Cybersecurity macOS SMBClient

From Hobbyists to State Pipeline: China Centralizes Vulnerability Research and Bans Foreign Hacking Contests

ddos October 17, 2025

Over the past two decades, China’s vulnerability research industry has evolved from a disorganized network of enthusiasts...

HackerOne Payouts Hit $81 Million: AI Vulnerability Reports Soar by Over 200%

ddos October 6, 2025

The vulnerability rewards platform HackerOne has announced that over the past twelve months, white-hat hackers around the...

Bidding War: A New Firm Is Offering a Record $20 Million for Zero-Day Exploits Vulnerability Market

Bidding War: A New Firm Is Offering a Record $20 Million for Zero-Day Exploits

ddos August 24, 2025

A new entrant from the United Arab Emirates has shaken up the tightly controlled vulnerability market. Advanced...

From Nuggets to Breaches: A Hacker Exposes Critical Flaws in McDonald’s Systems University Cyberattacks Hacktivism Hanoi convention IT inspection Asterisk telephony Medical Data Breach Zero Trust Flaws MI6 Silent Courier Jaguar Land Rover cyberattack Clear NDR Zeppelin ransomware FTC encryption McDonald's security AI agents Radio Encryption

University Cyberattacks Hacktivism Hanoi convention IT inspection Asterisk telephony Medical Data Breach Zero Trust Flaws MI6 Silent Courier Jaguar Land Rover cyberattack Clear NDR Zeppelin ransomware FTC encryption McDonald's security AI agents Radio Encryption

From Nuggets to Breaches: A Hacker Exposes Critical Flaws in McDonald’s Systems

ddos August 24, 2025

The story of an enthusiast hacker breaching McDonald’s digital infrastructure in pursuit of free chicken nuggets has...

“Automated and Dangerous”: A New AI Framework Can Run 150+ Hacking Tools Autonomously

ddos August 20, 2025

The HexStrike AI repository has released HexStrike AI MCP Agents v6.0—a powerful framework for automating penetration tests....

Human Hackers Dethroned: An AI Takes Top Spot on HackerOne AI Cyber Warfare Sundar Pichai AI Caution Conversational Prompting South Korea Deepfake Scandal Eufy Video Bounty AI psychology AI impersonation drug discovery AI in hiring AI Developers AI Bug Bounty AI Vulnerability Reports AI Terminal Tools AI Nudification AI Protein Design Vibe-Coding AI Image Deception WPP CEO Deepfake Scam

AI Cyber Warfare Sundar Pichai AI Caution Conversational Prompting South Korea Deepfake Scandal Eufy Video Bounty AI psychology AI impersonation drug discovery AI in hiring AI Developers AI Bug Bounty AI Vulnerability Reports AI Terminal Tools AI Nudification AI Protein Design Vibe-Coding AI Image Deception WPP CEO Deepfake Scam

Human Hackers Dethroned: An AI Takes Top Spot on HackerOne

ddos August 7, 2025

The top spot in HackerOne’s global ranking is no longer held by a human, but by a...

Microsoft Revamps .NET Bug Bounty Program, Offering Up to $40K for Critical Flaws File Explorer HTTP smuggling Patch Tuesday Zero-Days Edge IE Mode Zero-Day Windows CLFS RC4 vulnerability MadeYouReset MSI repair MAPP Exchange Server AI Malware Analysis Microsoft Bug Bounty Zero-Day Leak Microsoft DoD Cloud Patch Tuesday Microsoft Researcher

File Explorer HTTP smuggling Patch Tuesday Zero-Days Edge IE Mode Zero-Day Windows CLFS RC4 vulnerability MadeYouReset MSI repair MAPP Exchange Server AI Malware Analysis Microsoft Bug Bounty Zero-Day Leak Microsoft DoD Cloud Patch Tuesday Microsoft Researcher

Microsoft Revamps .NET Bug Bounty Program, Offering Up to $40K for Critical Flaws

ddos August 4, 2025

Microsoft has announced sweeping enhancements to its vulnerability rewards program for the .NET platform, significantly broadening its...

bug bounty

WhatsApp Patches “NUL Byte” Flaw and AI Media Exploits Across Windows, iOS, and Android

The Poisoned Push: How a Hidden Flaw in Git Metadata Exposed GitHub to Remote Code Execution

The Pentester’s Co-Pilot: Revolutionizing Security Audits with Burp AI Agent

The Bitwise Blunder: How a Single Typo in Firefox’s Engine Opened the Door to RCE

The Log Viewer Trap: How OpenAI’s Dashboard Can Leak Your Secrets

Unmasking the Code: JS Analyzer Automates JavaScript Recon & Secret Discovery

Portugal Grants Legal Protection to Ethical Hackers for Vulnerability Disclosure

Frogy: The New Recon Tool That Maps and Prioritizes Your Entire Attack Surface

From Hobbyists to State Pipeline: China Centralizes Vulnerability Research and Bans Foreign Hacking Contests

HackerOne Payouts Hit $81 Million: AI Vulnerability Reports Soar by Over 200%

Bidding War: A New Firm Is Offering a Record $20 Million for Zero-Day Exploits

From Nuggets to Breaches: A Hacker Exposes Critical Flaws in McDonald’s Systems

“Automated and Dangerous”: A New AI Framework Can Run 150+ Hacking Tools Autonomously

Human Hackers Dethroned: An AI Takes Top Spot on HackerOne

Microsoft Revamps .NET Bug Bounty Program, Offering Up to $40K for Critical Flaws

You may have missed

The War for Your Documents: Why The Document Foundation is Challenging Microsoft’s OOXML Monopoly

Urgent Patch: Microsoft Defender Update Fixes Critical SYSTEM-Level Privilege Escalation Flaw

The Pre-Boot Breach: Microsoft Releases Critical Emergency Script to Defend Against “YellowKey” BitLocker Bypass

The Reddit Clone: Meta Secretly Launches “Forum” App to Unbundle Facebook Groups