63 matches found
AI Security Research Should Better Incentivize Defense Research
This work examines an imbalance in artificial intelligence AI security research: the field tends to produce more work on attacking AI systems than on defending them. Drawing on related academic papers, we find biased attack-to-defense ratios across subfields, including federated learning, speech...
Is “Hackback” Official US Cybersecurity Strategy?
The 2026 US "Cyber Strategy for America" document is mostly the same thing we've seen out of the White House for over a decade, but with a more aggressive tone. But one sentence stood out: "We will unleash the private sector by creating incentives to identify and disrupt adversary networks and...
Social Engineering Attacks: A Systemisation of Knowledge on People against Humans
Our systematisation of knowledge on Social Engineering Attacks SEAs, identifies the human, organisational, and adversarial dimensions of cyber threats. It addresses the growing risks posed by SEAs, highly relevant in the context physical cyber places, such as travellers at airports and residents ...
Malicious code in erick-gandul71-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9628fe3cedac6ce0ba7f283c9da0510355ec13875be4c4d1872b07eaae626956 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-99546 Malicious code in arif-brengkes80-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b916e22f36dae6714714b97718256a9d4b6c4a73c15966562bf439ab7a82941 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-94443 Malicious code in fascinating_dolphin_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5c73c86cbec141e6098c06d31a3281ee2582a85793f21203e8b60d8cca328b4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-51419 Malicious code in citra-lodeh79-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 587d0d14e2db7de43f6d99a10dcbded09509b0e7e55db21e26dcb0609587c5d0 The package citra-lodeh79-sukiwir was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that...
Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives
October marks Cybersecurity Awareness Month, a time when the developer community reflect on the importance of security in the evolving digital landscape. At GitHub, we understand that protecting the global software ecosystem relies on the commitment, skill, and ingenuity of the security research...
Incentives and Outcomes in Bug Bounties
Bug bounty programs have contributed significantly to security in technology firms in the last decade, but little is known about the role of reward incentives in producing useful outcomes. We analyze incentives and outcomes in Google's Vulnerability Rewards Program VRP, one of the world's largest...
Referral Beware, Your Rewards are Mine (Part 1)
The post Referral Beware, Your Rewards are Mine Part 1 appeared first on Rhino Security Labs...
PromptChain: a Decentralized Web3 Architecture for Managing AI Prompts As Digital Assets
We present PromptChain, a decentralized Web3 architecture that establishes AI prompts as first-class digital assets with verifiable ownership, version control, and monetization capabilities. Current centralized platforms lack mechanisms for proper attribution, quality assurance, or fair...
Privacy-Preserving and Reward-Based Mechanisms of Proof of Engagement
Proof-of-Attendance PoA mechanisms are typically employed to demonstrate a specific user's participation in an event, whether virtual or in-person. The goal of this study is to extend such mechanisms to broader contexts where the user wishes to digitally demonstrate her involvement in a specific...
SoK: Stablecoin Designs, Risks, and the Stablecoin LEGO
Stablecoins have become significant assets in modern finance, with a market capitalization exceeding USD 246 billion May 2025. Yet, despite their systemic importance, a comprehensive and risk-oriented understanding of crucial aspects like their design trade-offs, security dynamics, and...
More AIs Are Taking Polls and Surveys
I already knew about the declining response rate for polls and surveys. The percentage of AI bots that respond to surveys is also increasing. Solutions are hard: 1. Make surveys less boring. We need to move past bland, grid-filled surveys and start designing experiences people actually want to...
Proof-Of-Social-Capital: Privacy-Preserving Consensus Protocol Replacing Stake for Social Capital
Consensus protocols used today in blockchains often rely on computational power or financial stakes - scarce resources. We propose a novel protocol using social capital - trust and influence from social interactions - as a non-transferable staking mechanism to ensure fairness and decentralization...
Exploring the Susceptibility to Fraud of Monetary Incentive Mechanisms for Strengthening FOSS Projects
Free and open source software FOSS is ubiquitous on modern IT systems, accelerating the speed of software engineering over the past decades. With its increasing importance and historical reliance on uncompensated contributions, questions have been raised regarding the continuous maintenance of FO...
OpenAI Bug Bounty Program Increases Top Reward to $100,000
OpenAI Bug Bounty program boosts max reward to $100,000, expanding scope and offering new incentives to enhance AI security and reliability...
Enhancing the Wordfence Bug Bounty Program: New Incentives & a Stronger Focus on High-Impact Research
Last year was a year of growth and refinement for the Wordfence Threat Intelligence team. In December of 2023, we launched our Bug Bounty Program, rewarding security researchers for identifying and reporting in-scope vulnerabilities to further our mission of Securing the Web while contributing to...
Exciting updates to the Copilot (AI) Bounty Program: Enhancing security and incentivizing innovation
At Microsoft, we are committed to fostering a secure and innovative environment for our customers and users. As part of this commitment, we are thrilled to announce significant updates to our Copilot AI Bounty Program. These changes are designed to enhance the program's effectiveness, incentivize...
CISA: Incentivizing Facility Security: a Nonregulatory Approach
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...