90% of code will be writen by AI, they say...
And Bug Bounty Hunters...
Recent searches
Search options
#bugbounty
3 posts3 participants0 posts today
There is now a (limited) bug bounty for several Fediverse projects.
$250 for HIGH
$500 for CRITICAL
https://nivenly.org/blog/2025/04/01/nivenly-fediverse-security-fund/
nivenly.org · Nivenly Fediverse Security FundSecurity bounty fund to sponsor contributors who responsibly disclose security vulnerabilities in popular open source Fediverse software.
A new security fund opens up to help protect the #fediverse
https://techcrunch.com/2025/04/02/a-new-security-fund-opens-up-to-help-protect-the-fediverse/
TechCrunch · A new security fund opens up to help protect the fediverse | TechCrunchA new security fund aims to help apps in the fediverse — like Mastodon, Threads, and Pixelfed — to pay researchers for disclosing security bugs.
#OpenAI now pays researchers $100,000 for critical vulnerabilities
#Google paid $12 million in bug bounties last year to security researchers
BleepingComputer · Google paid $12 million in bug bounties last year to security researchers
I'm excited to share CVE Crowd's Top 5 Vulnerabilities from February 25!
These five stood out among the 352 CVEs actively discussed across the Fediverse.
For each CVE, I’ve included a standout post from the community.
Enjoy exploring! 
I've just published my first article on my security research; starting things off light with a fun little content injection. :)
(This also happens to be the debut of a basic site generator I whipped up in Lua — long live the #IndieWeb, long live static HTML!)
Bálint MagyarText injection but make it spicy: Rendering QR codes with Unicode block characters
More from 
Bálint Magyar
Hey scripting folks! I'm trying to get started with rescript-react-native and I'm having a bit of trouble, so I put a hundred dollars on it.
Come take my money!
https://github.com/rescript-react-native/rescript-react-native/issues/827
Être récompensé pour signaler des failles de sécurité et hacker des produits de l’État ?
Avec @yeswehack, la DINUM augmente ses plafonds de primes pour #Tchap, #FranceConnect/+ et #ProConnect.
https://www.numerique.gouv.fr/espace-presse/bug-bounty-les-hackers-ethiques-invites-a-participer-au-renforcement-de-la-securite-des-services-numeriques-de-letat/
#BugBounty
https://www.numerique.gouv.fr/espace-presse/bug-bounty-les-hackers-ethiques-invites-a-participer-au-renforcement-de-la-securite-des-services-numeriques-de-letat/
www.numerique.gouv.frBug Bounty : les hackers éthiques invités à participer au renforcement de la sécurité des services numériques de l’État.La direction interministérielle du numérique (DINUM), en charge de la transformation numérique de l’État, annonce aujourd’hui la mise à jour de ses programmes de Bug Bounty pour Tchap, la messagerie instantanée sécurisée du service public ; et FranceConnect, FranceConnect+, et ProConnect, le système d’authentification unique des services et agents publics en France. En partenariat avec YesWeHack, ces programmes visent à renforcer la sécurité de ces services en encourageant les hackers éthiques à signaler les failles de sécurité qu’ils pourraient identifier.
Has anybody experience with the Vatican Responsible Disclosure Policies?
Hey, we even have a #Bugbounty Program, we are so secure!
The Bugbounty program:
Earlier this year, #google's Patch Rewards Program rewarded me with a generous $5k #bugbounty for fixing a denial-of-service vector in #golang most popular third-party CORS middleware library: rs/cors. I only had to port the implementation from my own library; a one-hour job. 
GitHubbughunters/patch-rewards-program/rewarded-patches/rs/cors/336848281.md at main · google/bughuntersContribute to google/bughunters development by creating an account on GitHub.
Ok, so junk ChatGPT vulnerability reports are a thing now. That only works because somewhere a company is accepting these submissions as valid #bugbounty reports and offering rewards, and by doing this, further incentivizing that practice. So, wohever this is, for the sake of everyone: please stop.
Here's my #introduction long overdue!
Hi! I'm a software engineer during the day and #music #math #planners #stationery nerd during after hours :D
My interests:
- I play the guitar, now I'm moving to playing the bass guitar.
- #emacs and #orgmode. #lisp is growing on me.
- #machinelearning and #jupyter in general
- #statistics
- Mostly #manga nowadays and some #anime. And then I started to learn Japanese as a result.
- #drawing
- Recently got into #lockpicking and #locksport. Tried my hand at #bugbounty in the beginning of last year.
- #cooking
- #fashion
- #chess
I'm a big fan of #irc and #rss feeds as well. I like using Matrix too btw.
What is an API? What makes them special? And what kind of APIs are out there? #apisecurity #apis #bugbountytips #BugBounty
Are all the bugs really gone? How should you approach an application if you're done with recon? Here are my top 5 tips for approaching the main program and finding bugs #bugbountytip #BugBounty 1/7
#AI #bugbounty program yields 34 flaws in #opensource tools
Nearly three dozen flaws in open-source AI and #machinelearning (ML) tools were disclosed Tuesday as part of #ProtectAI's #huntr bug bounty program.
Protect AI's #security researchers point out these open-source tools are "downloaded thousands of times a month to build enterprise AI Systems."
The three critical #vulnerabilties have already been addressed by their respective companies, according to the article.
https://www.scworld.com/news/ai-bug-bounty-program-yields-34-flaws-in-open-source-tools
SC Media · AI bug bounty program yields 34 flaws in open-source tools
Very cool tool for #BugBounty folks, The Bug Bounty radar shows recently launched programs across different platforms https://bbradar.io/
bbradar.io | The Bug Bounty RadarThe Bug Bounty Radar - The Latest Public Bug Bounty ProgramsDiscover the Latest Public Bug Bounty Programs from various platforms. The Programs are always updated ever 5 mins.