📢 If you haven't heard by now, there's a new big security vulnerability: CVE-2024-3094 aka the libxz-utils backdoor. 😳 What's most shocking? The backdoor was introduced by none other than Jia Tan, a long-time maintainer of the XZ library. Per boehs.org/node/everythin… the

looking forward to tomorrow 🧡🧡🧡

One of the challenges that comes up in support bugcrowd: briefs changing while submissions are pending, which caused scope misunderstandings. Going forward, hackers, customers, and triagers will have access to the original brief at the time of submission. Additionally, we're

We've listened to your feedback - bugcrowd, you will no longer lose access to briefs and program data once the program ends. Our new engagement model keeps your brief history and more right at your fingertips. Big thanks to Charlie Eriksen, Nagli, Pяαкαѕн, djurado,

Today @bugcrowd, we're expanding our product line to offer VDP's for free bugcrowd.com/blog/introduci…, marking the next evolution of our VDP product, following our removal of incentives some time back. This marks a change in the industry, providing a no cost entry point for

Bugcrowd, the crowdsourced white-hat hacker platform, acquires Informer to ramp up its security chops | TechCrunch buff.ly/3K9ZEn4 🔥🔥🔥 Super excited to welcome Marios and the Informer team to the Bugcrowd family!!! 🚀

If a program policy doesn't apply, CVE-2024-24919 will be validated and sent to customers for review bugcrowd. We don't prevent CVE visibility; if customers were already patching or aware, it will be handled in triage and conversation between hacker/customer/Bugcrowd

truth

Love it!

3 events, 3 days, over $3m paid and a new bug bash industry record. If you’re not hacking on bugcrowd you’re missing out on the best events the industry has to offer. Love our crowd. You are all so incredible.

Tal_Bugcrowd love man😂🧐❤️ tal bugcrowd t.me/lostsec

The team we have at bugcrowd is what makes the difference. Whether it is our employees, the hacker community, or our partners, customers want to do business with people they like and respect. That's why bugcrowd continues to win the market. Today's announcement that ☁️Trey

Soooooo we hosted a huge hacking competition, and we're giving away $30,000 (plus bounties) to the winners. We've announced the winners below 👇👇👇

Bronxi's bringing you all the best tips on Web Cache Deception 101 📚 With real-life examples and everyday parallels, the method to understanding caching has never been easier. Watch now! 🤓 ⤵️ youtu.be/rPUt72QB_hg?si… #WebCache #WebCacheDeception #Bugcrowd #BugBounty

Some exciting personal news: I’ve leveled up to Staff ASE at bugcrowd from my previous role as Senior ASE. Huge thanks to my amazing colleagues and the researcher community! It’s an absolute pleasure doing what I do, and I’m already pumped to tackle the next set of goals!

Bishop Fox OWASP® Foundation HAHWUL 🎉 Celebrate Xion gifts $462K Google VRP (Google Bug Hunters) bounty to picoCTF Vivek Verma received $10K bounty from Google VRP (Google Bug Hunters) tal promoted to Staff ASE at bugcrowd @Samm0uda and team received $250K bounties from Meta (Philippe Harewood, Josip Franjković, and Dzmitry Lukyanenko)

Ever had triage issues after losing the final CRLF when copying an HTTP request? I discussed this with James Kettle a while ago, and the latest Burp release now flags missing blank lines automatically! #bugbounty

Every vulnerability report matters—and we act like it. Bugcrowd’s Triage team is fast, communicative, and growing stronger every day. 💪 Thanks for the props, darkieduck!

Many don’t realize they already have a powerful, fully autonomous, free hackbot on their computer. If you’re using Cursor, you’ve got it. Here's Cursor solving a PortSwigger webacademy SQL injection lab! #bugbounty

TOOL RELEASE🔥🚀 Clear reports and good communication with the teams can make the difference in the outcome of your report, including the final bounty/bonus. To assist you in the reporting and communication, here is CrowdAssist ✨. bugcrowd compatible. 🧵👇 #BugBounty #AI