Security News

Microsoft has unveiled a new bug bounty program aimed at the Microsoft Defender security platform, with rewards between $500 and $20,000.Currently, the Microsoft Defender Bounty Program is limited in scope and will focus solely on Microsoft Defender for Endpoint APIs.

Google has expanded its bug bounty program, aka Vulnerability Rewards Program, to cover threats that could arise from Google's generative AI systems. Following the voluntary commitment to the Biden-⁠Harris Administration to develop responsible AI and manage its risks, Google has added AI-related risks to its bug bounty program, which gives recognition and compensation to ethical hackers who successfully find and disclose vulnerabilities in Google's systems.

Google has announced that it's expanding its Vulnerability Rewards Program (VRP) to reward researchers for finding attack scenarios tailored to generative artificial intelligence (AI) systems in...

Microsoft is offering up to $15,000 to bug hunters that pinpoint vulnerabilities of Critical or Important severity in its AI-powered "Bing experience"."The new Microsoft AI bounty program comes as a result of key investments and learnings over the last few months, including an AI security research challenge and an update to Microsoft's vulnerability severity classification for AI systems," says Lynn Miyashita, a technical program manager with the Microsoft Security Response Center.

Microsoft announced a new AI bounty program focused on the AI-driven Bing experience, with rewards reaching $15,000. AI-powered Bing experiences on bing.com in Browser AI-powered Bing integration in Microsoft Edge, including Bing Chat for Enterprise.

The NIST elliptic curves that power much of modern cryptography were generated in the late '90s by hashing seeds provided by the NSA. How were the seeds generated? Rumor has it that they are in turn hashes of English sentences, but the person who picked them, Dr. Jerry Solinas, passed away in early 2023 leaving behind a cryptographic mystery, some conspiracy theories, and an historical password cracking challenge. So there's a $12K prize to recover the hash seeds.

A bounty of $12,288 has been announced for the first person to crack the NIST elliptic curves seeds and discover the original phrases that were hashed to generate them. In Elliptic Curve Cryptography, seeds are values or sets of values used as the initial input for an encryption algorithm or process to produce cryptographic keys.

Criminal IP, an OSINT-based CTI search engine provided by AI SPERA, has recently announced the introduction of a bug bounty program aimed at strengthening the safety of its services and protecting its users. The bug bounty program introduced by Criminal IP encourages security researchers to identify and report potentially exploitable vulnerabilities within its systems.

The U.S. State Department's Rewards for Justice program announced up to a $10 million bounty yesterday for information linking the Clop ransomware attacks to a foreign government. "Do you have info linking CL0P Ransomware Gang or any other malicious cyber actors targeting U.S. critical infrastructure to a foreign government? Send us a tip. You could be eligible for a reward," tweeted the Rewards for Justice Twitter account.

Google has launched the Mobile Vulnerability Rewards Program, a new bug bounty program that will pay security researchers for flaws found in the company's Android applications. As the company said, the main goal behind the Mobile VRP is to speed up the process of finding and fixing weaknesses in first-party Android apps, developed or maintained by Google.