1009 matches found
Vulnerability Reports Are Not Special Anymore
A requirement for staying sane while working in public as an open source maintainer is realizing that every issue, PR, and piece of feedback is a present, not an obligation. You can accept it, ignore it, and use it partially or not at all. Except… For years, as lead of the Go Security team at the...
Exploit-POC
🛡️ Exploit-POC A curated collection of Proof-of-Concept Po...
AutoStrike
Gemini Bug Bounty Find security vulnerabilities, get paid...
Why Security Researchers and Red Teams Are Turning to Workflow Automation
Security researchers and red teams adopt workflow automation to cut alert fatigue, enrich data, and scale operations across SOC, intel and recon tasks...
Stable Channel Update for Desktop
The Stable channel has been updated to 146.0.7680.164/165 for Windows/Mac and 146.0.7680.164 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept...
Wordfence Bug Bounty Program Monthly Report – January 2026
Last month in January 2026, the Wordfence Bug Bounty Program received 897 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfenc...
Stable Channel Update for Desktop
The Stable channel has been updated to 144.0.7559.132/.133 for Windows/Mac and 144.0.7559.132 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...
JS Secret Hunter 2
JS Secret Hunter is an advanced Python tool designed for security researchers to automate the detection of hardcoded secrets in client-side JavaScript. Unlike simple scanners, V2 includes a dynamic crawler that parses the HTML of the target website to extract all loaded JavaScript files...
curl: A quiet New Year wish for security researchers
Hi curl Security Team and fellow security researchers, Sorry in advance if this isn’t a traditional security report. I know your time is valuable, and I truly respect the work you all do. I just wanted to take a quiet moment to wish every security researcher here those who report issues, those wh...
Wordfence Bug Bounty Program Monthly Report – November 2025
Last month in November 2025, the Wordfence Bug Bounty Program received 746 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfen...
Exploit for Deserialization of Untrusted Data in Facebook React
🛡️ RSC Sentinel Pro Advanced React Server Components R...
WhatsApp closes loophole that let researchers collect data on 3.5B accounts
Messaging giant WhatsApp has around three billion users in more than 180 countries. Researchers say they were able to identify around 3.5 billion registered WhatsApp accounts thanks to a flaw in the software. That higher number is possible because WhatsApp’s API returns all accounts registered to...
cve-poc-garage
Curated collection of CVE Proof of Concepts — reproducib...
EUVD-2025-18674
Malicious code in bioql PyPI...
Janusec-Application-Gateway
It is an offensive tool for web application security testing. The repository contains a tool for testing web application security, specifically for identifying vulnerabilities in web applications. The tool is designed to test for various types of vulnerabilities, including SQL injection, cross-si...
gadgetinspector
This is a Java-based tool for finding deserialization gadget chains in Java applications. The tool is called "Gadget Inspector" and is presented as a project that was showcased at Black Hat USA 2018. The tool is designed to automatically discover possible gadget chains in an application's...
PocCollect
This repository is an offensive tool for vulnerability scanning and exploitation, specifically targeting various web applications and services. The primary vulnerability class targeted is SQL injection, with specific examples of exploits for Struts2, 08CMS, and ASPCMS. The tool is written in Pyth...
Microsoft Bounty Program year in review: $17 million in rewards
We’re thrilled to share that this year, the Microsoft Bounty Program has distributed $17 million to 344 security researchers from 59 countries, the highest total bounty awarded in the program’s history. In close collaboration with the Microsoft Security Response Center MSRC, these security...
.NET Bounty Program now offers up to $40,000 in awards
We’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers. The .NET Bounty Program now offers awards up to $40,000 USD for vulnerabilities impactin...
.NET Bounty Program now offers up to $40,000 in awards
We’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers. The .NET Bounty Program now offers awards up to $40,000 USD for vulnerabilities impactin...