Latest Bug Bounty Program news

Google now pays $250,000 for KVM zero-day vulnerabilities

Google has launched kvmCTF, a new vulnerability reward program (VRP) first announced in October 2023 to improve the security of the Kernel-based Virtual Machine (KVM) hypervisor that comes with $250,000 bounties for full VM escape exploits.
- Sergiu Gatlan
- July 02, 2024
- 02:06 PM
- 0
Google now pays up to $450,000 for RCE bugs in some Android apps

Google has increased rewards for reporting remote code execution vulnerabilities within select Android apps by ten times, from $30,000 to $300,000, with the maximum reward reaching $450,000 for exceptional quality reports.
- Sergiu Gatlan
- April 30, 2024
- 02:33 PM
- 0
US Defense Dept received 50,000 vulnerability reports since 2016

The Cyber Crime Center (DC3) of the U.S. Department of Defense (DoD) says it has reached the milestone of processing its 50,000th vulnerability report submitted by 5,635 researchers since its inception in November 2016.
- Bill Toulas
- March 19, 2024
- 05:13 PM
- 0
Google paid $10 million in bug bounty rewards last year

Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services.
- Bill Toulas
- March 12, 2024
- 12:00 PM
- 1
Microsoft launches Defender Bounty Program with $20,000 rewards

Microsoft has unveiled a new bug bounty program aimed at the Microsoft Defender security platform, with rewards between $500 and $20,000.
- Sergiu Gatlan
- November 21, 2023
- 02:13 PM
- 0
HackerOne paid ethical hackers over $300 million in bug bounties

HackerOne has announced that its bug bounty programs have awarded over $300 million in rewards to ethical hackers and vulnerability researchers since the platform's inception.
- Bill Toulas
- October 28, 2023
- 11:17 AM
- 0
New Microsoft bug bounty program focuses on AI-powered Bing

Microsoft announced a new AI bounty program focused on the AI-driven Bing experience, with rewards reaching $15,000.
- Sergiu Gatlan
- October 12, 2023
- 01:29 PM
- 0
Google launches bug bounty program for its Android applications

Google has launched the Mobile Vulnerability Rewards Program (Mobile VRP), a new bug bounty program that will pay security researchers for flaws found in the company's Android applications.
- Sergiu Gatlan
- May 22, 2023
- 05:18 PM
- 1
LayerZero launches record-breaking $15M crypto bug bounty program

LayerZero Labs has launched a bug bounty on the Immunefi platform that offers a maximum reward of $15 million for critical smart contract and blockchain vulnerabilities, a figure that sets a new record in the crypto space.
- Bill Toulas
- May 18, 2023
- 10:31 AM
- 2
OpenAI launches bug bounty program with rewards up to $20K

AI research company OpenAI announced today the launch of a new bug bounty program to allow registered security researchers to discover vulnerabilities in its product line and get paid for reporting them via the Bugcrowd crowdsourced security platform.
- Sergiu Gatlan
- April 11, 2023
- 04:32 PM
- 2
Google launches open-source software bug bounty program

Google will now pay security researchers to find and report bugs in the latest versions of Google-released open-source software (Google OSS).
- Sergiu Gatlan
- August 30, 2022
- 07:00 AM
- 2
Rogue HackerOne employee steals bug reports to sell on the side

A HackerOne employee stole vulnerability reports submitted through the bug bounty platform and disclosed them to affected customers to claim financial rewards.
- Ionut Ilascu
- July 02, 2022
- 11:36 AM
- 1
The Week in Ransomware - July 1st 2022 - Bug Bounties

It has been relatively busy this week with new ransomware attacks unveiled, a bug bounty program introduced, and new tactics used by the threat actors to distribute their encryptors.
- Lawrence Abrams
- July 01, 2022
- 03:35 PM
- 0
Google gives 50% bonus to Android 13 Beta bug bounty hunters

Google has announced that all security researchers who report Android 13 Beta vulnerabilities through its Vulnerability Rewards Program (VRP) will get a 50% bonus on top of the standard reward until May 26th, 2022.
- Sergiu Gatlan
- April 29, 2022
- 01:48 PM
- 0
'Hack DHS' bug hunters find 122 security flaws in DHS systems

The Department of Homeland Security (DHS) today revealed that bug bounty hunters enrolled in its 'Hack DHS' bug bounty program have found 122 security vulnerabilities in external DHS systems, 27 of them rated critical severity.
- Sergiu Gatlan
- April 22, 2022
- 04:05 PM
- 0
Microsoft increases awards for high-impact Microsoft 365 bugs

Microsoft has increased the maximum awards for high-impact security flaws reported through the Microsoft 365 and the Dynamics 365 / Power Platform bug bounty programs.
- Sergiu Gatlan
- April 14, 2022
- 03:10 PM
- 0
Microsoft adds on-premises Exchange, SharePoint to bug bounty program

Microsoft has announced that Exchange, SharePoint, and Skype for Business on-premises are now part of the Applications and On-Premises Servers Bounty Program starting today.
- Sergiu Gatlan
- April 05, 2022
- 11:53 AM
- 0
HackerOne kicks Kaspersky’s bug bounty program off its platform

Bug bounty platform HackerOne disabled Kaspersky's bug bounty program on Friday following sanctions imposed on Russia and Belarus after the invasion of Ukraine.
- Sergiu Gatlan
- March 25, 2022
- 12:16 PM
- 2
HackerOne apologizes to Ukrainian hackers for mistakenly blocking payouts

Today, Chris Evans, the CISO of bug bounty platform HackerOne, apologized to Ukrainian hackers after the company erroneously blocked their bug bounty payouts following sanctions imposed on Russia and Belarus in the wake of Ukraine's invasion.
- Sergiu Gatlan
- March 15, 2022
- 06:35 PM
- 1
Google almost doubles Linux Kernel, Kubernetes zero-day rewards

Google says it bumped up rewards for reports of Linux Kernel, Kubernetes, Google Kubernetes Engine (GKE), or kCTF vulnerabilities by adding bigger bonuses for zero-day bugs and exploits using unique exploitation techniques.
- Sergiu Gatlan
- February 15, 2022
- 03:38 PM
- 0