Wordfence Intelligence Weekly WordPress Vulnerability Report (September 1, 2025 to September 7, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...

2024 Annual WordPress Security Report by Wordfence

The 2024 WordPress security landscape saw significant changes, with new Bug Bounty Programs such as Wordfence’s creating opportunities for numerous researchers to earn a sustainable income by examining WordPress software. Despite another record year for disclosed vulnerabilities in 2025, the risi...

How MSRC coordinates vulnerability research and disclosure while building community

In an era where discovering and rapidly mitigating security vulnerabilities is more important than ever before, the Microsoft Security Response Center MSRC is at the center of this work. MSRC focuses on investigating vulnerabilities, coordinating their disclosure, and releasing security updates t...

HackerOne: Public GitHub repositories for multiple HackerOne managed triage team profiles contain private HackerOne reports information

Publicly available GitHub repositories for HackerOne-managed triage team profiles were found to contain private HackerOne vulnerability reports. Several repositories were identified that reproduced exploits for private bug bounty programs. The disclosed information included details such as access...

Denial of Service

This report is not public...

How AI hallucinations are making bug hunting harder

Bug bounty programs that pay people for finding bugs are a very useful tool for improving the security of software. But with the availability of artificial intelligence AI as seen in the popular large language models LLMs like ChatGPT, Bard, and others it looks like there is a new problem on the...

Nodesub - Command-Line Tool For Finding Subdomains In Bug Bounty Programs

Nodesub is a command-line tool for finding subdomains in bug bounty programs. It supports various subdomain enumeration techniques and provides flexible options for customization. Features Perform subdomain enumeration using CIDR notation Support input list. Perform subdomain enumeration using AS...

Probable_Subdomains - Subdomains Analysis And Generation Tool. Reveal The Hidden!

Online tool: https://weakpass.com/generate/domains TL;DR During bug bounties, penetrations tests, red teams exercises, and other great activities, there is always a room when you need to launch amass, subfinder, sublister, or any other tool to find subdomains you can use to break through - like...

Web-Hacking-Playground - Web Application With Vulnerabilities Found In Real Cases, Both In Pentests And In Bug Bounty Programs

Web Hacking Playground is a controlled web hacking environment. It consists of vulnerabilities found in real cases, both in pentests and in Bug Bounty programs. The objective is that users can practice with them, and learn to detect and exploit them. Other topics of interest will also be addresse...

6 of the Best Crypto Bug Bounty Programs

By Waqas Crypto bug bounty programs have become essential as the number of blockchain platforms grows exponentially, making it increasingly difficult for developers to keep up with all the necessary security protocols on their own. This is a post from HackRead.com Read the original post: 6 of the...

The right ASM tools include understanding where the real risk lies

While companies are just scratching the surface of understanding their Internet-facing architecture, hackers have been monitoring growing attack surfaces to find vulnerabilities where companies arent looking or maybe not prioritizing and reaping the reward through bug bounty programs...

An Examination of the Bug Bounty Marketplace

Heres a fascinating report: "Bounty Everything: Hackers and the Making of the Global Bug Marketplace." From a summary: …researchers Ryan Ellis and Yuan Stevens provide a window into the working lives of hackers who participate in “bug bounty” programs­ -- programs that hire hackers to discover an...

U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn

The launch of a standing offer to pay for Windows virtual private network VPN software zero-day exploits came to light this week, even as the U.S. mulls new regulations on the export of tools that could be used in cyberattacks against the U.S. or its interests. The developments signal that the U....

Where Bug Bounty Programs Fall Flat

Eavesdropping on the chatter of 600+ cybercriminal forums shows that cybercriminals have specific preferences, shown by the flavors of exploits they requisition, and that the bug bounty programs either are too slow, don’t pay enough or are just the start of profit-making. A year-long study into t...

How to Get into the Bug-Bounty Biz: The Good, Bad and Ugly

Zero-day disclosures, those known bugs without a fix, can have potentially catastrophic results. One of the best ways to combat them is by discovering them before the bad guys do. Some of the biggest tech brands on the planet have been pummeled by a rash of high-profile zero-day exploits. In the...

Bug-Bounty Awards Spike 26% in 2020

Cross-site scripting XSS remained the most impactful vulnerability and thus the one reaping the highest rewards for ethical hackers in 2020 for a second year running, according to a list of top 10 vulnerabilities released on Thursday by HackerOne. The vulnerability — which enables attackers to...

Microsoft Joins Open Source Security Foundation

Microsoft has invested in the security of open-source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation OpenSSF, a new cross-industry collaboration hosted at the Linux Foundation. The OpenSSF brings...

ssl.ctk.ne.jp Cross Site Scripting vulnerability OBB-1212648

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Verizon Media, PayPal, Twitter Top Bug-Bounty Rankings

Bug-bounty programs have become a popular way for vendors to root out security flaws in their platforms, attracting talented white-hats with the promise of big rewards. According to HackerOne’s 2020 List of the Top 10 Bug Bounty Programs on its platform, Verizon Media, PayPal and Uber are in the...

OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation Vulnerabilities

OX App Suite and OX Documents versions 7.10.3 and below suffer from server-side request forgery, cross site scripting, improper parameter validation, and XML injection vulnerabilities. Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in findi...