Pyrzout :vm:<p>How to get better results from bug bounty programs without wasting money <a href="https://www.helpnetsecurity.com/2025/10/07/bug-bounty-rewards-better-results/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">helpnetsecurity.com/2025/10/07</span><span class="invisible">/bug-bounty-rewards-better-results/</span></a> <a href="https://social.skynetcloud.site/tags/vulnerabilitydisclosure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilitydisclosure</span></a> <a href="https://social.skynetcloud.site/tags/AltaAssociates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AltaAssociates</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/Don" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Don</span></a>'tmiss <a href="https://social.skynetcloud.site/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugbounty</span></a> <a href="https://social.skynetcloud.site/tags/Intigriti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Intigriti</span></a> <a href="https://social.skynetcloud.site/tags/Features" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Features</span></a> <a href="https://social.skynetcloud.site/tags/Hotstuff" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hotstuff</span></a> <a href="https://social.skynetcloud.site/tags/strategy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>strategy</span></a> <a href="https://social.skynetcloud.site/tags/UpCloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UpCloud</span></a> <a href="https://social.skynetcloud.site/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Google</span></a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>News</span></a> <a href="https://social.skynetcloud.site/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISO</span></a> <a href="https://social.skynetcloud.site/tags/tips" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tips</span></a></p>
#VulnerabilityDisclosure
0 Beiträge0 Beteiligte0 Beiträge heute
Funding uncertainty may spell the end of MITRE’s CVE program https://www.helpnetsecurity.com/2025/04/16/funding-uncertainty-may-spell-the-end-of-mitres-cve-program/ #vulnerabilitydisclosure #vulnerabilitymanagement #CardinalOps #Don'tmiss #VulnCheck #Hotstuff #Edera #MITRE #News #CVE
Help Net Security · Funding uncertainty may spell the end of MITRE's CVE program - Help Net Security
Mehr von 
Zeljka Zorz
Killing Filecoin nodes - By Simone Monica
In January, we identified and reported a vulnerability in the Lot... https://blog.trailofbits.com/2024/11/13/killing-filecoin-nodes/ #vulnerabilitydisclosure #blockchain
Trail of Bits Blog · Killing Filecoin nodesBy Simone Monica In January, we identified and reported a vulnerability in the Lotus and Venus clients of the Filecoin network that allowed an attacker to remotely crash a node and trigger a denial…
Vulnerability advisory
Local file inclusion identified in Milesight DeviceHub
Our Joe Lovett discovered a flaw within the nginx docker container, enabling unauthenticated access to sensitive MQTT certificates, including private keys.
See more on our website:
https://www.pentestpartners.com/security-blog/unauthenticated-local-file-disclosure-on-milesight-devicehub/
We are still at the stage where the ISO standards body sells the document behind a paywall, and it cannot be redistributed.
#paywall #standard #infosec #vulnerability #vulnerabilitydisclosure #cvd #iso #ietf
ISO/IEC 30111:2019 Information technology — Security techniques — Vulnerability handling processes
Maybe it's time to use IETF to publish such standard and not ISO.
Out of the kernel, into the tokens - By Max Ammann and Emilio López
Our application security team leaves no stone untur... https://blog.trailofbits.com/2024/03/08/out-of-the-kernel-into-the-tokens/ #vulnerabilitydisclosure #applicationsecurity #linux
Trail of Bits Blog · Out of the kernel, into the tokensBy Max Ammann and Emilio López Our application security team leaves no stone unturned; our audits dive deeply into areas ranging from device firmware, operating system kernels, and cloud systems to…
Breaking the shared key in threshold signature schemes - By Fredrik Dahlgren
Today we are disclosing a denial-of-service vulnerability that affect... https://blog.trailofbits.com/2024/02/20/breaking-the-shared-key-in-threshold-signature-schemes/ #vulnerabilitydisclosure #cryptography
Trail of Bits Blog · Breaking the shared key in threshold signature schemesBy Fredrik Dahlgren Today we are disclosing a denial-of-service vulnerability that affects the Pedersen distributed key generation (DKG) phase of a number of threshold signature scheme implementati…
LeftoverLocals: Listening to LLM responses through leaked GPU local memory - By Tyler Sorensen and Heidy Khlaaf
We are disclosing LeftoverLocals: a vulnerabili... https://blog.trailofbits.com/2024/01/16/leftoverlocals-listening-to-llm-responses-through-leaked-gpu-local-memory/ #vulnerabilitydisclosure #machinelearning
Trail of Bits Blog · LeftoverLocals: Listening to LLM responses through leaked GPU local memoryBy Tyler Sorensen and Heidy Khlaaf We are disclosing LeftoverLocals: a vulnerability that allows recovery of data from GPU local memory created by another process on Apple, Qualcomm, AMD, and Imagi…
Billion times emptiness - By Max Ammann
Behind Ethereum’s powerful blockchain technology lies a lesser-known... https://blog.trailofbits.com/2023/12/29/billion-times-emptiness/ #vulnerabilitydisclosure #blockchain
Trail of Bits Blog · Billion times emptinessBy Max Ammann Behind Ethereum’s powerful blockchain technology lies a lesser-known challenge that blockchain developers face: the intricacies of writing robust Ethereum ABI (Application Binar…
I’m still surprised by some projects who complain about the burden to deal with security vulnerability disclosure. If a project used by many orgs has zero vulnerability documented and especially didn’t publish anything about security disclosure. There is maybe something to be fixed.
Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks.
The risk arises from “half-day” and “0.75-day” vulnerabilities.
https://www.helpnetsecurity.com/2023/11/09/open-source-vulnerability-disclosure-process-flaws/