I just caught up with this one. In case you haven't seen it:

Security researcher quips maybe it's time to get 'a real job' after being paid meagre $1,000 bug bounty by Apple

https://www.pcgamer.com/hardware/security-researcher-quips-maybe-its-time-to-get-a-real-job-after-being-paid-meagre-usd1-000-bug-bounty-by-apple/

h/t, MSN

Microsoft paid a record $17M to 344 security researchers across 59 countries over the past year
1,469 valid reports helped fix 1,000+ security flaws across Windows, Azure, Xbox, 365 & more.
Highest single bounty: $200K.

AI & identity systems now see expanded bounty scopes.

@serghei
@BleepingComputer

https://www.bleepingcomputer.com/news/microsoft/microsoft-pays-record-17-million-in-bounties-over-the-last-12-months/

Are you located in the US/EU? Passionate about #appsec? Maybe you follow #bugbountytips or are an avid #ctf player and are ready to take the next step. If so, we're looking for our next #intern, so consider applying today - https://hackers.doyensec.com.
#doyensec #security #internship #bugbounty

#Microsoft pays record $17 million in bounties over the last 12 months

https://www.bleepingcomputer.com/news/microsoft/microsoft-pays-record-17-million-in-bounties-over-the-last-12-months/

OpenAI Releases gpt-oss AI Model, Offers Bounty For Vulnerabilities - OpenAI have just released gpt-oss, an AI large language model (LLM) available for ... - https://hackaday.com/2025/08/06/openai-releases-gpt-oss-ai-model-offers-bounty-for-vulnerabilities/ #artificialintelligence #bugbounty #openai #llm

Two criticals. Two known exploited. One a zero-day.
July saw a spike in high-severity vulnerabilities.

Here are CVE Crowd's Top 3 from the 624 CVEs discussed across the Fediverse last month.
For each CVE, I've included a standout post from the community.
Enjoy exploring!

#Microsoft now pays up to $40,000 for some .NET vulnerabilities

https://www.bleepingcomputer.com/news/microsoft/microsoft-now-pays-up-to-40-000-for-some-net-vulnerabilities/

Ricercatore scopre vulnerabilità critica in Safari, valutata 9.8/10, ma riceve solo $1.000 di bug bounty da Apple, nonostante il programma prometta fino a $2M. La falla permetteva l'accesso a iCloud e all'app Fotocamera.

Found critical vulns in Lovense (the biggest sex toy company) affecting 11M+ users. They ignored researchers for 2+ years, then fixed in 2 days after public exposure.

What I found:
- Email disclosure via XMPP (username→email)
- Auth bypass (email→account takeover, no password)

History of ignoring researchers:
- 2017: First recorded case of someone reporting XMPP email leak.
- 2022: Someone else reports XMPP email leak, ignored
- Sept 2023: Krissy reports account takeover + different email leak via HTTP API, paid only $350
- 2024: Another person reports XMPP email leak AND Account Takeover vuln, offered 2 free sex toys (accepted for the meme)
- March 2025: I report account takeover + XMPP email leak, paid $3000 (after pushing for critical)
- Told me fix for email vuln needs 14 months because "legacy support" > user security (had 1-month fix ready)
- July 28: I go public
- July 30: Both fixed in 48 hours

Same bugs, different treatment. They lied to journalists saying it was fixed in June, tried to get me banned from HackerOne after giving permission to disclose.

News covered it but my blog has the full technical details:
https://bobdahacker.com/blog/lovense-still-leaking-user-emails/

Remember I wanted to drop more bugs (Pre-Auth RCE, Cookie Forgery etc.) in June?

Unfortunately, I had to postpone the disclosure because there are still too many vulnerable instances online and the vendor apparently needs to manually patch each one...

Death by a thousand slops

https://daniel.haxx.se/blog/2025/07/14/death-by-a-thousand-slops/

CVE Crowd's Top 3 Vulnerabilities from June!

These stood out among the 528 CVEs actively discussed across the Fediverse.

For each CVE, I’ve included a standout post from the community.

Enjoy exploring!

I recently ran into an interesting discrepancy:

What you see below are 120-bit Session IDs, one printed as hex and one in the format of a #UUIDv4.

After validating their randomness, I would classify the first as secure but raise concerns about the second.

Why?

Well, according to RFC 4122:

"Do not assume that UUIDs are hard to guess; they should not be used as security capabilities (identifiers whose mere possession grants access), for example."

And that's exactly what a session ID is: an identifier whose possession grants access. As such, UUIDs should not be used in such a case.

What do you think? Is this nitpicking? Or a valid security nuance?

Does the format in which data is displayed have an impact on its security?

I'd love to hear your thoughts.

Something that’s been bothering me for years in the security world: why do researchers demand bug bounties for vulnerabilities in open source projects, when the very contributors maintaining and fixing those issues get nothing, just goodwill?

It feels deeply unfair. The burden falls on unpaid maintainers, yet bounty hunters get rewarded. If you want a paid bounty, maybe help fund the people who actually fix the mess too.

Looking for some help, boosts appreciated:

Anyone with a security contact at Disney or ABC Network?

I know Disney has a bug bounty program, but the issue is with a third-party software leaking data from multiple companies.

Found no information as to who owns the software online and would like some help figuring out who to notify.

<script>alert(1)</script> - 403 Forbidden
<img src=x onerror=console.log(1)> - 403 Forbidden
<svg onload=print()> - 403 Forbidden

I've recently encountered a web application firewall in a pentest, blocking all my attempts to insert an XSS payload.

In such cases, I love to use the #PortSwigger cross-site scripting cheat sheet: https://portswigger.net/web-security/cross-site-scripting/cheat-sheet

I copied all payloads to the clipboard, pasted them into the Intruder's word list and hit the "Start attack" button.

Within seconds, I had a working proof of concept.

How do you use the XSS cheat sheet? I'm keen to know!

New Open-Source Tool Spotlight

Scopify is a Python-based recon tool for pentesters, leveraging `netify.ai` to analyze CDNs, hosting, and SaaS infra of target companies. Optional OpenAI integration adds AI-guided insights for deeper testing. Built by @Jhaddix & Arcanum-Sec. #CyberSecurity #BugBounty

Project link on #GitHub https://github.com/Arcanum-Sec/Scopify

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking