Pwn2Own Berlin 2026 Closes With $1.3 Million in Zero-Day Payouts

Cybersecurity researchers successfully demonstrated 47 unique zero-day exploits at Pwn2Own Berlin 2026, targeting major enterprise software and AI platforms...

hunt-skill

/hunt — Bug Bounty Hunt Skill for Claude Code A complete bug...

MAL-2025-49391 Malicious code in payouts-report (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector becec2c60d20e2a05077102cbd8851073afafea45cec70202a05d3af32bb3ccc The package payouts-report was found to contain malicious code. Source: ossf-package-analysis...

EUVD-2025-38321

Malicious code in payouts-report npm...

Malicious code in payouts-report (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector becec2c60d20e2a05077102cbd8851073afafea45cec70202a05d3af32bb3ccc The package payouts-report was found to contain malicious code. Source: ossf-package-analysis...

CVE-2025-11895

The Binary MLM Plan plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 5.0. This is due to the bmpuserpayoutdetailofcurrentuser function selecting payout records solely by id without verifying ownership. This makes it possible for authenticate...

EUVD-2025-34875

The Binary MLM Plan plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 3.0. This is due to the bmpuserpayoutdetailofcurrentuser function selecting payout records solely by id without verifying ownership. This makes it possible for authenticate...

AT&T Reaches $177M Deal Over 2019 and 2024 Data Breaches

AT&T's $177M data breach settlement. Check eligibility for payouts from 2019 and 2024 incidents. Get claim details here...

Evaluating AI Cyber Capabilities with Crowdsourced Elicitation

As AI systems become increasingly capable, understanding their offensive cyber potential is critical for informed governance and responsible deployment. However, it's hard to accurately bound their capabilities, and some prior evaluations dramatically underestimated them. The art of extracting...

MAL-2025-2 Malicious code in payouts-banking-info (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d795b5a9cc9952f39cd020e529f31f96f837544ae12bdb31f13d66970d9824d4 Any computer that has this package install...

Malicious code in payouts-banking-info (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d795b5a9cc9952f39cd020e529f31f96f837544ae12bdb31f13d66970d9824d4 Any computer that has this package install...

Malicious code in payouts-link-ui (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9753 Malicious code in payouts-link-ui (npm)

--- -= Per source details. Do not edit below this line.=-...

PT-2024-12890 · Undefined · Undefined

ChatGPT помог заработать $28 000 на 0-day. Базовый XXE-пейлоад выглядит как-то так Можно залить файл с таким содержимым на сервер и, если у либы, которая его распарсит, включена поддержка внешних сущностей, на выходе мы получим содержимое /etc/passwd. Это касается библиотек, но не браузеров. Если...

Upgraded Q -> 2 from #19 [1700023001465]

Judge has assessed an item in Issue 19 as 2 risk. The relevant finding follows: Borrower can abuse enterMarkets to force liquidator can pay more fund --- The text was updated successfully, but these errors were encountered: All reactions...

Front-Running Vulnerability: Exploiting Reward Updates for Maximized Payouts

Lines of code Vulnerability details Impact Malicious users claim rewards at a higher rate than what was intended by front-running governance actions meant to reduce rewards. This allows them to claim rewards at a higher rate than what was intended, undermining the protocol's intended economic...

Ransomware review: August 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

Ransomware making big money through "big game hunting"

Ransomware generates big money for the groups behind it, with new research confirming some of the scale of the problem. Chainalysis, a blockchain research firm, looked at data from monitored cryptocurrency wallets, concluding that around $449 million has been taken from victims in the last six...

Malicious code in payouts-sdk-samples (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f3db91ea244189b9afd98f67f2aa7ce4dd00812c2ab83bba670a7f9d285cf167 The OpenSSF Package Analysis project identified 'payouts-sdk-samples' @ 99.20.20 npm as malicious. It is considered malicious because: - The...

Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts

Ransomware affiliates associated with the Qilin ransomware-as-a-service RaaS scheme earn anywhere between 80% to 85% of each ransom payment, according to new findings from Group-IB. The cybersecurity firm said it was able to infiltrate the group in March 2023, uncovering details about the...