Security News

Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers
2025-04-25 08:57

Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files,...

A pot of $250K is now available to ransomware researchers, but it feeds a commercial product
2025-04-22 17:08

Security bods can earn up to $10K per report Ransomware threat hunters can now collect rewards of $10,000 for each piece of intel they file under a new bug bounty that aims to squash extortionists.…

EncryptHub's dual life: Cybercriminal vs Windows bug-bounty researcher
2025-04-07 21:39

EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure...

BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability
2025-03-29 03:52

In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial...

OpenAI now pays researchers $100,000 for critical vulnerabilities
2025-03-28 17:54

Artificial intelligence company OpenAI has announced a fivefold increase in the maximum bug bounty rewards for "exceptional and differentiated" critical security vulnerabilities from $20,000 to...

Researchers Uncover 46 Critical Flaws in Solar Power Systems From Sungrow, Growatt, and SMA
2025-03-28 13:21

Cybersecurity researchers have disclosed 46 new security flaws in products from three solar power system vendors, Sungrow, Growatt, and SMA, that could be exploited by a bad actor to seize control...

Researchers Uncover ~200 Unique C2 Domains Linked to Raspberry Robin Access Broker
2025-03-25 13:39

A new investigation has unearthed nearly 200 unique command-and-control (C2) domains associated with a malware called Raspberry Robin. "Raspberry Robin (also known as Roshtyak or Storm-0856) is a...

Microsoft wouldn't look at a bug report without a video. Researcher maliciously complied
2025-03-17 09:30

Maddening techno loop, Zoolander reference, and 14 minutes of time wasted A vulnerability analyst and prominent member of the infosec industry has blasted Microsoft for refusing to look at a bug...

Google paid $12 million in bug bounties last year to security researchers
2025-03-10 15:36

Google paid almost $12 million in bug bounty rewards to 660 security researchers who reported security bugs through the company's Vulnerability Reward Program (VRP) in 2024. [...]

Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials
2025-03-10 14:47

Cybersecurity researchers have demonstrated a novel technique that allows a malicious web browser extension to impersonate any installed add-on. "The polymorphic extensions create a pixel perfect...