#bug-bounty — Public Fediverse posts

｢ Finding a critical security vulnerability should get you rewarded, not stiffed. AMD’s auto-updater was downloading software over insecure HTTP connections, letting network attackers slip malicious code onto your system during routine updates. The researcher who found this remote code execution flaw expected a $10,000 bounty. Instead, AMD fixed the problem after four months and paid nothing ｣

https://www.gadgetreview.com/amd-stiffs-researcher-10000-bug-bounty-after-critical-security-flaw-takes-124-days-to-fix

#bugbounty #cybersecurity

｢ Finding a critical security vulnerability should get you rewarded, not stiffed. AMD’s auto-updater was downloading software over insecure HTTP connections, letting network attackers slip malicious code onto your system during routine updates. The researcher who found this remote code execution flaw expected a $10,000 bounty. Instead, AMD fixed the problem after four months and paid nothing ｣

https://www.gadgetreview.com/amd-stiffs-researcher-10000-bug-bounty-after-critical-security-flaw-takes-124-days-to-fix

#bugbounty #cybersecurity

What do you think security researchers will do the next time they find a critical vulnerability in AMD?

AMD Stiffs Researcher $10,000 Bug Bounty After Critical Security Flaw, Takes 124 Days to Fix

https://www.gadgetreview.com/amd-stiffs-researcher-10000-bug-bounty-after-critical-security-flaw-takes-124-days-to-fix

#bugbounty #vulnerability

What do you think security researchers will do the next time they find a critical vulnerability in AMD?

AMD Stiffs Researcher $10,000 Bug Bounty After Critical Security Flaw, Takes 124 Days to Fix

https://www.gadgetreview.com/amd-stiffs-researcher-10000-bug-bounty-after-critical-security-flaw-takes-124-days-to-fix

#bugbounty #vulnerability

[DEMO] Sn1per Professional 2026 Released: A New Era for Attack Surface Management

https://sn1persecurity.com/wordpress/sn1per-professional-2026-release/?utm_source=mastodon&utm_medium=social&utm_campaign=pro2026-launch

#offsec #offensivesecurity #netsec #infosec #bugbounty #pentesting #ai

[DEMO] Sn1per Professional 2026 Released: A New Era for Attack Surface Management

https://sn1persecurity.com/wordpress/sn1per-professional-2026-release/?utm_source=mastodon&utm_medium=social&utm_campaign=pro2026-launch

#offsec #offensivesecurity #netsec #infosec #bugbounty #pentesting #ai

👍 The RCE that AMD wouldn’t fix!

https://mrbruh.com/amd2/

#rce #bugbounty #cybersecurity

👍 The RCE that AMD wouldn’t fix!

https://mrbruh.com/amd2/

#rce #bugbounty #cybersecurity

I was tired of digging through endless random cybersecurity lists, so naturally I built another random cybersecurity list - just cleaner, prettier and actually organized.

Hack Hub is a curated directory of useful security resources.

https://hackhub.fyi

#CyberSecurity #InfoSec #Hacking #EthicalHacking #Pentesting #RedTeam #BlueTeam #DFIR #OSINT #ThreatIntel #MalwareAnalysis #BugBounty #CloudSecurity #MobileSecurity #OpenSource #SecurityTools #SecurityResearch #Linux #Hackers #Tech

I was tired of digging through endless random cybersecurity lists, so naturally I built another random cybersecurity list - just cleaner, prettier and actually organized.

Hack Hub is a curated directory of useful security resources.

https://hackhub.fyi

#CyberSecurity #InfoSec #Hacking #EthicalHacking #Pentesting #RedTeam #BlueTeam #DFIR #OSINT #ThreatIntel #MalwareAnalysis #BugBounty #CloudSecurity #MobileSecurity #OpenSource #SecurityTools #SecurityResearch #Linux #Hackers #Tech

Цепочка атаки на ИТ-инфраструктуру компании через AD CS: от CVE-2024-4577 до компрометации домена

Привет, Хабр! Меня зовут Евгений Кабаргин (aka kiberjen). Я капитан KiberS, команды энтузиастов и профессионалов в области кибербезопасности. Любим наступательные техники и постоянно развиваемся в этом направлении, специализируемся на веб-пентесте, тестировании инфраструктуры и Red Team. В этой статье я разберу, как в рамках задания на платформе Standoff 365 был скомпрометирован контроллер домена компании Carbon. По легенде, инцидент обнаружила служба информационной безопасности во время планового аудита: специалисты выявили подозрительную активность в сети. Выяснилось, что нарушители получили доступ к контроллеру домена Carbon. Компания вернула контроль над инфраструктурой и сосредоточилась на устранении последствий, но информация об атаке уже просочилась в сеть. Клиенты Carbon в шоке... Этот кейс представляет учебный интерес с точки зрения того, что была проведена многоуровневая атака: точка входа через уязвимость CVE-2024-4577 в PHP CGI, последовательная эскалация привилегий и финальная компрометация домена через некорректно настроенную инфраструктуру сертификатов (AD CS, ESC7).

https://habr.com/ru/companies/pt/articles/1042936/

#standoff #bugbounty #багхантинг #килчейн #esc7 #activedirectory #взлом #кибератака #киберучения #киберполигон

Quando o bug bounty é ignorado e a plataforma é hackeada

E se o bug report fosse ignorado... e no final quem lucra é o hacker? 😱

- 🔍 Contexto: alguém reportou a falha via bug bounty
- ❌ Foi ignorado — ninguém pagou pelo disclosure
- 💥 A falha foi explorada e a plataforma foi hackeada
- 🤑 Resultado: quem está ganhando bem é quem sequestra os fundos
- 💡 Lições: paga bem a área de segurança —...

#segurança #hack #bugbounty #infosec #cybersecurity #crypto #segurancadainformacao #MorningCrypto

Wordfence Bug Bounty Program Monthly Report - March 2026

In March 2026, the Wordfence Bug Bounty Program received 1,718 vulnerability submissions from 321 active researchers, awarding $62,174 in total bounties.

https://www.wordfence.com/blog/2026/05/wordfence-bug-bounty-program-monthly-report-march-2026

#BugBounty