vulnerability disclosure
Google wants bug hunters to probe popular Android apps for bugs
Google has started another bug bounty initiative: the Google Play Security Reward Program. While the name of the program might suggest that bug hunters will be after …
Unpatched SQLi vulnerability in SmartVista e-commerce suite
Companies using SmartVista, the popular e-commerce/payment management product suite developed by Swiss company BPC Banking Technologies, are urged to put limit access to its …
The Internet Bug Bounty offers rewards for bugs in data processing libraries
The Internet Bug Bounty (IBB), a project aimed at finding and fixing vulnerabilities in core internet infrastructure and free open source software, has announced that it will …
Drone maker DJI launches bug bounty program
Chinese consumer drone maker DJI has announced that it’s starting a bug bounty program and has invited researchers to discover and responsibly disclose issues that could …
Google Chrome remote code execution flaw detailed, PoC released
Vulnerability broker Beyond Security has released details about and Proof of Concept code for a remote code execution bug affecting Google Chrome. “The [type confusion] …
US DOJ publishes guidelines for setting up a vulnerability disclosure program
Instituting a vulnerability disclosure program (aka bug bounty program) that won’t blow up in the organization’s face can be a daunting task. Some will prefer to …
Security vulnerabilities in radiation monitoring devices
IOActive researcher Ruben Santamarta has uncovered a number of cybersecurity vulnerabilities in widely deployed Radiation Monitoring Devices (RDMs), and has presented his …
EFF offers legal advice to researchers at Black Hat, B-Sides and DEF CON
Not all security researchers have someone to talk to and ask specific advice about the legal challenges that they could be faced while doing their work. If you are one of …
For timely vulnerability information, unofficial sources are a better bet
From over 12,500 disclosed Common Vulnerabilities and Exposures (CVEs), more than 75% were publicly reported online before they were published to the NIST’s centralized …
Microsoft to governments: Stop hoarding vulnerabilities
Microsoft is full of surprises lately: first they issued patches for unsupported versions of Windows, then they publicly criticized the NSA for hoarding knowledge about …
WordPress admins, take note: RCE and password reset vulnerabilities revealed
Independent security researcher Dawid Golunski has released a proof-of-concept exploit code for an unauthenticated remote code execution vulnerability in WordPress 4.6 …
QNAP NAS devices open to remote command execution
If you’re using one of the many QNAP NAS devices and you haven’t yet upgraded the QTS firmware to version 4.2.4, you should do so immediately if you don’t …
Featured news
Resources
Don't miss
- Exposed training apps are showing up in active cloud attacks
- Unbounded AI use can break your systems
- Fully patched FortiGate firewalls are getting compromised via CVE-2025-59718?
- RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045)
- RansomHub claims alleged breach of Apple partner Luxshare