bug bounty

GitHub Security Lab aims to make open source software more secure
GitHub, the world’s largest open source code repository and leading software development platform, has launched GitHub Security Lab. “Our team will lead by …

Google will pay for data abuse reports related to popular Android apps, Chrome extensions
Google is expanding the Google Play Security Reward Program (GPSRP) to include all apps in Google Play with 100 million or more installs, and is launching a new Developer Data …

Apple expands bug bounty program, opens it to all researchers, raises rewards
Three years ago at the Black Hat conference, Apple announced its first bug bounty program, which was invite-only and limited to iOS. At this year’s edition of the con, …

Microsoft sets up isolated environment for bug hunters to test attacks against Azure
Microsoft has some very good news for bug hunters: not only has the company doubled the top bounty reward for vulnerabilities discovered in its Azure cloud computing service, …

Google increases bounties for Chrome, Google Play bugs
Bug hunters searching for security flaws in Google’s offerings are now vying for higher bounties. Microsoft has launched a new bug bounty program. Google’s changes …

Microsoft launches Azure DevOps bug bounty program
Microsoft has launched yet another bug bounty program and is urging security researchers to look into the security of Azure DevOps, its cloud service for collaborating on code …

Zerodium offers $2 million for remote iOS jailbreak, $1 million for WhatsApp RCE
Zero-day exploit broker Zerodium has raised again the payouts it offers for most desktops/servers and mobile exploits. A “zero click” iOS remote jailbreak is now …

EU launches bug bounties on free and open source software
After setting up a bug bounty program for VLC Media Player in late 2017, the European Commission (EC) has announced the launch of 14 new ones that will cover other free and …

Why are some vulnerabilities disclosed responsibly while others are not?
EU’s cybersecurity agency ENISA has delved into the problematics of vulnerability disclosure and has released a report that addresses economic factors, incentives and …

DJI plugs security flaws that could have enabled access to users’ data and drone images
Researchers at Check Point and DJI today shared details of a potential vulnerability that could have impacted DJI’s infrastructure. Vulnerability impact If exploited, the …

Crowdfense launches Vulnerability Research Hub for top security researchers
Crowdfense officially launched the Vulnerability Research Hub out of beta. After being internally developed and fine-tuned for several months, Crowdfense opened their …

Facebook offers bounties for user token bugs in third-party apps, websites
Facebook is expanding its bug bounty program to include vulnerabilities in third-party apps and websites that involve improper exposure of Facebook user access tokens. …
Featured news
Resources
Don't miss
- Redis patches critical “RediShell” RCE vulnerability, update ASAP! (CVE-2025-49844)
- Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882)
- How to get better results from bug bounty programs without wasting money
- Hackers launch data leak site to extort 39 victims, or Salesforce
- Cl0p exploits Oracle E-Business Suite zero-day in data theft, extortion campaign (CVE-2025-61882)