As part of our Secure Future Initiative and to further the security of our customers, ourselves, and the world, today we are introducing the most transparent security research event in history: The Zero Day Quest. This new hacking event will be the largest of its kind, with an

2/ Security is our top priority, and today we’re building on that commitment with Zero Day Quest, a new hacking event with $4 million in rewards focused on securing cloud and AI—the highest of any public hacking event in the industry: msrc.microsoft.com/blog/2024/11/s…

Excited to announce that I’ll be presenting NULLCON this year about research I did on the Google VRP (Google Bug Hunters) program. I will be disclosing some of my top findings and provide some tips to help researchers find similar types of bugs :) look forward to seeing everyone!

Ever wonder how it was possible to edit other user's apps on the Google Play store? 🤔 Join Cam at #NullconGoa2025 and discover how to hunt for authorization and logic vulnerabilities across multiple Google products. 👉 nullcon.net/goa-2025/speak… #Google #bugbounty

Shoutout to the Google VRP (Google Bug Hunters) as well! They were amazing to work with and fixed everything quickly! I’m excited to share some of my techniques for hunting on Google.

Join MSRC and special guest Scott Gorlick, Principal Security Architect at Microsoft, next week for a virtual session on Security Research in Copilot Studio. The Copilot ecosystem allows enterprises to develop Copilot Agents using resources and integrations that span services in

This week's Patch Tuesday included 8 CVEs that Rohit Mothe and I found! We've been focusing on findings ways to bypass MapUrlToZone and found several very interesting ways to confuse it. This is an API we've seen a lot of interest in lately, so good to have it locked down!

🚀 Bug bounty hunters, this one’s for you! Cam, Security Engineer, Microsoft is on stage at #NullconGoa2025. From hunting down vulnerabilities in Google's vast ecosystem to the art of responsible disclosure, this session is packed with jaw-dropping security finds.

Cameron Vincent Cam, Security Researcher at Microsoft, gave a talk about IDOR vulnerabilities to a packed room at NULLCON #Goa. Cameron discussed how broken access control has been the top problem across the ecosystem for a while. Camerons research into IDOR

We had a wonderful evening connecting with some of the incredible security researchers participating in the Microsoft Zero Day Quest Onsite Hacking Event. It’s always inspiring to meet those who dedicate their skills to uncovering and reporting critical vulnerabilities—whether

Now that the smoke has settled wanted to tweet about the amazing Zero Day Quest event the Microsoft Security Response Center held. The planning, coordination, and effort all the teams put into making it an amazing event for our top researchers was truly admirable. It was great seeing everyone!

I’m horrible at photos but here are some from the event at the space needle and mariners game! Again truly amazing event and look forward to future research from everyone! Microsoft Security Response Center thank you for including me!

If you wanna see some interesting Google vulns I found my Nullcon talk covers them ;) Shoutout the Google VRP (Google Bug Hunters) team!

Microsoft DevOps on Azure Microsoft Security Visual Studio Microsoft Security Response Center [5/7] 🛡️ MITIGATION: Microsoft states "This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take." The fix corrects how the Visual Studio updater handles pipeline tokens. Credit to Cameron Vincent at Microsoft for this

My first 10.0 CVE ;)

At DEF CON 33, George Hughey (George Hughey) and Rohit Mothe (Rohit Mothe), Senior Security Research Managers at MSRC, took us back to the 90s with their talk on the ghost of Internet Explorer in Windows: MapUrlToZone. They uncovered how this legacy API, used by Outlook, Office,

We’re excited to announce our next BlueHat Asia speakers: Brian McNulty (Brian McNulty) and Cameron Vincent (Cam)! Cameron is a Senior Security Researcher at Microsoft, specializing in vulnerabilities and mitigation within MSRC. From reproducing bug reports to

We hosted a pre-BlueHat Asia welcome reception this evening, giving our speakers, MSRC MVRs, and Microsoft team members a great opportunity to connect. A huge thank you to our presenters and MVRs for their role in making #BlueHatAsia a success! We can’t wait to kick off BlueHat

At BlueHat Asia, Cameron Vincent (Cam), Senior Security Researcher, Microsoft, and Brian McNulty (Brian McNulty), MSRC Summer Intern and University of Michigan graduate student, shared their journey hunting security variants across the Microsoft ecosystem.

In our latest blog, Cameron Vincent (Cam), Senior Security Researcher at MSRC, features the work of MSRC intern and security researcher, Brian McNulty (Brian McNulty), who uncovered 22+ critical vulnerabilities in just two months. Learn how the MSRC team leverages