New research: One reason the early years of squids has been such a mystery is because squids’ lack of hard shells made their fossils hard to come by. Undeterred, the team instead focused on finding ancient squid beaks—hard mouthparts with high fossilization potential that could help the team figure out how squids evolved. With that in mind, the team developed an advanced fossil discove [...]
Long article on the difficulty (impossibility?) of human spying in the age of ubiquitous digital surveillance. [...]
curl disclosed a bug submitted by monkey_dee: https://hackerone.com/reports/3246519 [...]
Authorities in the United Kingdom this week arrested four people aged 17 to 20 in connection with recent data theft and extortion attacks against the retailers Marks & Spencer and Harrods, and the British food retailer Co-op Group. The breaches have been linked to a prolific but loosely-affiliated cybercrime group dubbed “Scattered Spider,” whose other recent victims include multip [...]
Good tutorial by Micah Lee. It includes some nonobvious use cases. [...]
Legislative, regulatory, and advisory bodies the world over are waking up to the importance of API security. Most recently, the UK’s National Cyber Security Centre (NCSC) has published detailed guidance on best practices for building and maintaining secure APIs. In this blog, we’ll break down that guidance and explore how Wallarm’s platform can help you align with each one. Inside the NC [...]
What are duplicate submissions? Within the bug bounty industry, duplicate submissions refer to when two or more researchers report the same issue or vulnerability. When a researcher, who works with a bug bounty platform, identifies a vulnerability, they submit a report to the platform, such as Intigriti, where it is reviewed. If the issue has already been reported, then it is m… [...]
Learn more about the emerging vulnerability affecting Git. [...]
curl disclosed a bug submitted by brobagazzzx: https://hackerone.com/reports/3242005 [...]
This time it’s the Swedish prime minister’s bodyguards. (Last year, it was the US Secret Service and Emmanuel Macron’s bodyguards. in 2018, it was secret US military bases.) This is ridiculous. Why do people continue to make their data public? [...]
curl disclosed a bug submitted by mr_tufan: https://hackerone.com/reports/3242087 [...]
Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited to seize control over vulnerable Windows PCs with little or no help [...]
TikTok disclosed a bug submitted by eneri: https://hackerone.com/reports/3027478 [...]
Ruby disclosed a bug submitted by ooooooo_q: https://hackerone.com/reports/1485717 [...]
Ruby disclosed a bug submitted by ooooooo_q: https://hackerone.com/reports/1487889 [...]
curl disclosed a bug submitted by haydradz: https://hackerone.com/reports/3241304 [...]
curl disclosed a bug submitted by haydradz: https://hackerone.com/reports/3241308 [...]
Sony disclosed a bug submitted by trapedev: https://hackerone.com/reports/2642615 [...]
Posted by David Adrian, Javier Castro & Peter Kotwicz, Chrome Security Team Android recently announced Advanced Protection, which extends Google’s Advanced Protection Program to a device-level security setting for Android users that need heightened security—such as journalists, elected officials, and public figures. Advanced Protection gives you the ability to activate Google’s strongest sec [...]
IBM disclosed a bug submitted by devire: https://hackerone.com/reports/2402842 [...]
Lichess disclosed a bug submitted by psfauzi: https://hackerone.com/reports/3230359 [...]
AI has officially moved out of the novelty phase. What began with people messing around with LLM-powered GenAI tools for content creation has rapidly evolved into a complex web of agentic AI systems that form a critical part of the modern corporate landscape. However, this transformation has given new life to old threats, transforming the API security landscape all over again. I recently sat [...]
Deptective, our new open-source tool, automatically finds the packages needed to install software dependencies. It does so not based on the software’s self-reported requirements, but by observing what the software needs at runtime. [...]
Las Vegas. August. Protocols are getting torn apart. This summer, PortSwigger returns to Black Hat USA and DEF CON 33 with a host of new talks, events and ways to meet PortSwigger and the the teams be [...]
Academic papers were found to contain hidden instructions to LLMs: It discovered such prompts in 17 articles, whose lead authors are affiliated with 14 institutions including Japan’s Waseda University, South Korea’s KAIST, China’s Peking University and the National University of Singapore, as well as the University of Washington and Columbia University in the U.S. Most of the pap [...]
curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/2859735 [...]
curl disclosed a bug submitted by haithamzakaria: https://hackerone.com/reports/2853023 [...]
curl disclosed a bug submitted by rono_07: https://hackerone.com/reports/2841436 [...]
curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/2831558 [...]
curl disclosed a bug submitted by mdakh404: https://hackerone.com/reports/2861797 [...]
curl disclosed a bug submitted by aadityaathehacker: https://hackerone.com/reports/2864414 [...]
curl disclosed a bug submitted by spongebhav: https://hackerone.com/reports/2864859 [...]
curl disclosed a bug submitted by bulter: https://hackerone.com/reports/2904921 [...]
curl disclosed a bug submitted by tefa_: https://hackerone.com/reports/2915426 [...]
curl disclosed a bug submitted by extramayoextracheeseextrafries: https://hackerone.com/reports/3238249 [...]
Nintendo disclosed a bug submitted by crazy_man123: https://hackerone.com/reports/1813453 [...]
curl disclosed a bug submitted by zzq1015: https://hackerone.com/reports/2981303 [...]
New research. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy. [...]
curl disclosed a bug submitted by skrcprst: https://hackerone.com/reports/3235428 [...]
In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But a new report finds the accused continues to operate a slew of established accounts at American tech companies — including Facebook, Github, PayPal and Twitter/X. On May 29, the U.S. Department of the Treasur [...]
Mozilla disclosed a bug submitted by northsea: https://hackerone.com/reports/2686750 [...]
Mozilla disclosed a bug submitted by northsea: https://hackerone.com/reports/2261577 [...]
Once you build a surveillance system, you can’t control who will use it: A hacker working for the Sinaloa drug cartel was able to obtain an FBI official’s phone records and use Mexico City’s surveillance cameras to help track and kill the agency’s informants in 2018, according to a new US justice department report. The incident was disclosed in a justice department inspector general’s audit [...]
Mozilla disclosed a bug submitted by martinvw: https://hackerone.com/reports/2899858 - Bounty: $500 [...]
The US government has taken another significant step towards strengthening cloud security with the release of CISA’s Binding Operational Directive (BOD) 25-01. Aimed at improving the security posture of federal cloud environments, BOD 25-01 mandates robust configuration, visibility, and control across cloud-based services. While the directive doesn’t explicitly name API security, securing mo [...]
curl disclosed a bug submitted by stogusho: https://hackerone.com/reports/3000639 [...]
curl disclosed a bug submitted by justlikebono_official: https://hackerone.com/reports/2941920 [...]
curl disclosed a bug submitted by voggerloops: https://hackerone.com/reports/2946924 [...]
A whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. Speculative execution was a way to speed up CPUs, and removing those enhancements resulted in significant performance drops. Now, people are rethinking the trade-off. Ubuntu has disabled some protections, resulting in 20% performance boost. A [...]
Our CRS (Cyber Reasoning System), Buttercup, is now competing in the one and only scored round of DARPA’s AI Cyber Challenge (AIxCC) against six other teams to see which autonomous AI-driven system can find and patch the most software vulnerabilities. [...]
curl disclosed a bug submitted by catenacyber: https://hackerone.com/reports/3023139 [...]
curl disclosed a bug submitted by alphox: https://hackerone.com/reports/3231321 [...]
curl disclosed a bug submitted by evilginx1: https://hackerone.com/reports/3124490 [...]
curl disclosed a bug submitted by demsese: https://hackerone.com/reports/3226502 [...]
curl disclosed a bug submitted by freak_coding: https://hackerone.com/reports/3156384 [...]
curl disclosed a bug submitted by wolfsage: https://hackerone.com/reports/3135673 [...]
curl disclosed a bug submitted by wolfsage: https://hackerone.com/reports/3133253 [...]
Dozens of accounts on X that promoted Scottish independence went dark during an internet blackout in Iran. Well, that’s one way to identify fake accounts and misinformation campaigns. [...]
curl disclosed a bug submitted by oicus: https://hackerone.com/reports/3120969 [...]
curl disclosed a bug submitted by oicus: https://hackerone.com/reports/3120987 [...]
curl disclosed a bug submitted by redfoxsec: https://hackerone.com/reports/3118915 [...]
curl disclosed a bug submitted by tdp3kel9g: https://hackerone.com/reports/3045390 [...]
curl disclosed a bug submitted by cyberguardianrd: https://hackerone.com/reports/3037583 [...]
curl disclosed a bug submitted by agent_0: https://hackerone.com/reports/3230082 [...]
Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and phone calls impersonating her to U.S. lawmakers. But in a letter this week to the FBI, one of the Sena [...]
Yelp disclosed a bug submitted by 0xold: https://hackerone.com/reports/2947762 [...]
Cosmos disclosed a bug submitted by unknown_feature: https://hackerone.com/reports/2914705 [...]
Cosmos disclosed a bug submitted by unknown_feature: https://hackerone.com/reports/2917368 [...]
Tools for Humanity disclosed a bug submitted by polem4rch: https://hackerone.com/reports/3136790 - Bounty: $300 [...]
American democracy runs on trust, and that trust is cracking. Nearly half of Americans, both Democrats and Republicans, question whether elections are conducted fairly. Some voters accept election results only when their side wins. The problem isn’t just political polarization—it’s a creeping erosion of trust in the machinery of democracy itself. Commentators blame ideological tr [...]
curl disclosed a bug submitted by geeknik: https://hackerone.com/reports/3229490 [...]
curl disclosed a bug submitted by catenacyber: https://hackerone.com/reports/3089595 [...]
Cosmos disclosed a bug submitted by unknown_feature: https://hackerone.com/reports/2976481 [...]
It's been a few years since Log4Shell, an injection attack in Log4J Apache logging software, has struck thousands of companies around the world. And despite all the efforts organisations took to patch this critical flaw in their systems, some web services running in 2025 are still vulnerable to Log4Shell, often due to legacy systems still relying on vulnerable versions, (hidden… [...]
curl disclosed a bug submitted by evilginx1: https://hackerone.com/reports/3125820 [...]
curl disclosed a bug submitted by ziad616: https://hackerone.com/reports/3100073 [...]
curl disclosed a bug submitted by deep-hackerone: https://hackerone.com/reports/3101127 [...]
curl disclosed a bug submitted by tdp3kel9g: https://hackerone.com/reports/3037326 [...]
curl disclosed a bug submitted by irfanmughal1122: https://hackerone.com/reports/3030158 [...]
curl disclosed a bug submitted by oblivionsage: https://hackerone.com/reports/3153971 [...]
curl disclosed a bug submitted by behindtheblackwall: https://hackerone.com/reports/3225565 [...]
TikTok disclosed a bug submitted by z3phyrus: https://hackerone.com/reports/2921830 [...]