Hacker News with Generative AI: Bug Bounties

Firefox Security Response to pwn2own 2025 (mozilla.org)
At Mozilla, we consider security to be a paramount aspect of the web. This is why not only does Firefox have a long running bug bounty program but also mature release management and security engineering practices. These practices combined with well-trained and talented Firefox teams are also the reason why we respond to security bugs as quickly as we do. This week at the security hacking competition pwn2own, security researchers demonstrated two new content-process exploits against Firefox.

Security, Web Browsers, Mozilla, Bug Bounties, Security Research

13 points by todsacerdoti 6 days ago | 1 comments

AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports (socket.dev)
Bug bounty programs, once celebrated for incentivizing independent researchers to report real-world vulnerabilities, are now under siege from a new, low-effort grift: AI-generated fake vulnerability reports, a phenomenon that falls under the broader category of “AI slop.

Artificial Intelligence, Security, Bug Bounties

8 points by Marceltan 9 days ago | 1 comments

How I made $64k from deleted files – a bug bounty story (medium.com)
I built an automation that cloned and scanned tens of thousands of public GitHub repos for leaked secrets. For each repository I restored deleted files, found dangling blobs and unpacked .pack files to search in them for exposed API keys, tokens, and credentials. Ended up reporting a bunch of leaks and pulled in around $64k from bug bounties 🔥.

Bug Bounties, Security, GitHub, Automation, Data Recovery

36 points by giuliomagnifico 29 days ago | 1 comments

Hackers get $886,250 for 49 zero-days at Pwn2Own Automotive 2025 (bleepingcomputer.com)
The Pwn2Own Automotive 2025 hacking contest has ended with security researchers collecting $886,250 after exploiting 49 zero-days.

Cybersecurity, Hacking, Automotive, Bug Bounties

90 points by LinuxBender 119 days ago | 43 comments

Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (bleepingcomputer.com)
On the first day of Pwn2Own Automotive 2025, security researchers exploited 16 unique zero-days and collected $382,750 in cash awards.

Cybersecurity, Automotive Security, Zero-Day Exploits, Hacking, Bug Bounties

44 points by speckx 120 days ago | 10 comments

How to find exploits in video games (shalzuth.com)
In this guide, I'll walk you through how I create tools to find exploits in video games for bug bounty programs. Specifically, I'll focus on my research into the game Sword of Convallaria.

Video Games, Bug Bounties, Security Research

188 points by shalzuth 196 days ago | 32 comments

Zendesk: Email user verification bug bounty report retrospective (zendesk.com)
This summer, Zendesk identified a vulnerability through our bug bounty program which we worked with a researcher to address.

Security, Bug Bounties, Software, Zendesk

11 points by mmsc 223 days ago | 3 comments

1 bug, $50k in bounties, a Zendesk backdoor (github.com)
hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

Security, Bug Bounties, Programming, Fortune 500, Zendesk

1637 points by mmsc 223 days ago | 417 comments

Earn $200K by Fuzzing for a Weekend (secret.club)
By applying well-known fuzzing techniques to a popular target, I found several bugs that in total yielded over $200K in bounties. In this article I will demonstrate how powerful fuzzing can be when applied to software which has not yet faced sufficient testing.

Security, Bug Bounties, Software Testing

11 points by udev4096 244 days ago | 0 comments

Coinbase awarded a $500k bug bounty (hackerone.com)

Bug Bounties, Cybersecurity, Cryptocurrency

210 points by alexcos 295 days ago | 159 comments

Sei pays out $2M bug bounty (usmannkhan.com)

Security, Bug Bounties, Cryptocurrency

230 points by sygma 340 days ago | 114 comments

Ask HN: How do you find developers for open source bug bounties? (ycombinator.com)

Open Source, Bug Bounties, Recruiting, Software Development

64 points by freedomben 343 days ago | 67 comments