I've written before about the nascent WebMonetization Standard. It is a proposal which allows websites to ask users for passive payments when they visit. A visitor to this site could, if this standard is widely adopted, opt to send me cash for my very fine blog posts. All I need to do is add something like this into my site's source code: <link rel="monetization"…| Terence Eden’s Blog
I have previously blogged about the relatively new trend of AI slop in vulnerability reports submitted to curl and how it hurts and exhausts us. This trend does not seem to slow down. On the contrary, it seems that we have recently not only received more AI slop but also more human slop. The latter … Continue reading Death by a thousand slops →| daniel.haxx.se
Some months ago, while analyzing a […]| hn security
Microsoft Sets Passkeys Default for New Accounts Article Link: https://thehackernews.com/2025/05/microsoft-sets-passkeys-default-for-new.html Accenture: What We Learned When Our CEO Got Deepfaked Article Link: https://www.computing.co.uk/event/2025/accenture-what-we-learned-when-our-ceo-got-deepfaked Ghost Students Creating an ‘agonizing’ Problem for Calif. Colleges Article Link: https://www.sfgate.com/bayarea/article/ghost-students-creating-problem-calif-colleges-20311708.php AI-Dri...| Project Hyphae
Criminal Group Claims Responsibility for Cyberattack on Minnesota Casino Article Link: https://cdcgaming.com/brief/cybersecurity-incident-at-minnesota-tribal-community-casino-prompts-shutdown/ As CISA Downsizes, Where Can Enterprises Get Support? Article Link: https://www.darkreading.com/cybersecurity-operations/roundtable-cisa-downsizes-where-can-enterprises-look-support Oracle Privately Confirms Cloud Breach to Customers Article Link: https://www.bleepingcomputer.com/news/security/oracle-pr...| Project Hyphae
Some Apache Logging Services projects, such as Log4j, are participating in the YesWeHack bug bounty program.| Apache Software Foundation - Logging Services
“If you shame attack research, you […]| hn security
A case study in using AFL++, afl-cov and basic custom harnesses to find a bug in libsoup for a public bug bounty program.| Almond Offensive Security Blog
As AI continues to evolve, so do the threats against it. As these GenAI systems become more sophisticated and widely adopted, ensuring their security and ethical use becomes paramount. 0Din is a groundbreaking GenAI bug bounty program dedicated specifically to help secure GenAI systems and beyond. In this blog, you'll learn about 0Din, how it works, and how you can participate and make a difference in securing our AI future. The post 0Din: A GenAI Bug Bounty Program – Securing Tomorrow’s ...| Mozilla Hacks – the Web developer blog
On the 18th of November I submitted a ticket to the Monero HackerOne Bug Bounty program. This is the ticket regarding ‘GarlicRust’, a vulnerability I publicly disclosed in my previous b…| Eyal Itkin
Bug bounties prioritise the non-contributor’s worldview – the quality of the strip-mined commodity – and neglect the true community view – pooled innovation and shared costs.| Meshed Insights Ltd
Introduction Users often assume that known software is free of security flaws because it has been checked by a sufficient number of tools and security testers. However, this is not an assumption that a pentester or bug hunter can afford to make. Vulnerabilities may lurk in various places, and finding an interesting bug often requires ...| research.securitum.com
See how I could perform an XSS Injection with Envato Search Field. SerHack Blog, a blog about security researcher, development and reverse engineering.| SerHack – Security Research