Hacker News with Generative AI: Bug Bounty

AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports (socket.dev)
Bug bounty programs, once celebrated for incentivizing independent researchers to report real-world vulnerabilities, are now under siege from a new, low-effort grift: AI-generated fake vulnerability reports, a phenomenon that falls under the broader category of “AI slop.
AI, Security, Bug Bounty, Software Development, Cybercrime
11 points by feross 17 days ago | 2 comments
$1000 bug bounty for better healthcare with the FDA, CDC, and Kaiser Permanente (ycombinator.com)
I'm offering a $1000 bug bounty toward fixing a computer problem that's interfering with healthcare workers getting RSV vaccines. I'm in the group at risk and highly motivated.
Healthcare, Bug Bounty, Public Health, Vaccines
27 points by jph 116 days ago | 8 comments
I accidentally found an IDOR bug in Google slides and rewarded $3,133.70 (medium.com)
It was a lazy afternoon at the office. After lunch, I was sitting at my desk, preparing slides for an event speech on Google Slides. Once the slides were ready, I clicked on Presenter View to preview them. During the event, I wanted to do a live Q&A session with the audience, so I started searching online to see if Google Slides had such a feature. That’s when I stumbled upon Audience Tools.
Security, Bug Bounty, Google Slides
4 points by wslh 138 days ago | 1 comments
How to Hack the Breakthrough Prize (Ft. Session Confusion) (varun.ch)
In 2023, I discovered a critical vulnerability in the Breakthrough Challenge website. After over one year since it was patched, I am disclosing the bug for the sake of transparency. I believe this class of vulnerability, which I am introducing as 'Session Confusion', is often overlooked.
Security, Web Security, Bug Bounty, Transparency
29 points by varun_ch 240 days ago | 8 comments
Advice sought regarding HackerOne and vulnerability submission (ycombinator.com)
Security, Bug Bounty, HackerOne
3 points by Max-Ganz-II 300 days ago | 8 comments
Google now pays $250k for KVM zero-day vulnerabilities (bleepingcomputer.com)
Security, Google, Vulnerability, Bug Bounty
38 points by kungfudoi 325 days ago | 7 comments