GitHub's Bug Bounty had a strong end to summer! 😎Here are our September bug bounty stats: 👫 110 hackers participated in our program ✅ Closed 246 reports 💰 Awarded $90,519 in bounties

The below is a big problem at any company where there is high internal mobility: it’s super easy to change teams, often right after promo. You know a company that suffers far less from this “promo driven development”? Apple. It’s also the company with little internal mobility.

Start Cybersecurity Awareness month B̸U̷Y̶ ̸M̷Y̴ ̴P̷R̵O̴D̶U̸C̴T̸ on the right foot with B̷̠͍̬͎̠̓̍̓Ǔ̶̗͕͈̫͊̿͜Y̵̲̙̞͐ ̵̹͚͈̪̿Ṁ̷̪͐͐̔̊Y̵͉̅ ̵̼̎̑͂P̶̧̻̜̗̀̈́́R̵̭̬͈͍̐̀̂O̶̤̖͂D̴̝̉U̵̞̖̳̾͒͌͜C̶̙̣͊̇̓͜͠T̶͓̬͛̐ͅ the latest in technology and innovation B̵̳̭̑̓̀Ũ̶̩̓͊͋͌͑Ỹ̸͎̣̠̋̓͝ ̸̱̃̏͛̆̔͝M̷̛̭̓̈́̑̈́̎Ỷ̸

The streaming landscape is terrible for audiences and illegal downloading and streaming is a symptom of just how bad it is. eff.org/deeplinks/2022…

I'm sorry but this is hilarious theverge.com/2022/10/9/2339…

We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel. Worse, it leaks DNS requests. #Apple services that escape the VPN connection include Health, Maps, Wallet. We used Proton VPN and #Wireshark. Details in the video: #CyberSecurity #Privacy

IDOR Checklist

🚨 ¡Volvió el Main CTF de la #Eko2022! Otra vez en formato PRESENCIAL, vuelve el Main CTF de la Eko de la mano de NULL Life CTF Team y con el apoyo de GitHub Security Lab 💪 ¡Hay 2000 USD para el Primer Puesto! + Swag + Goodies Inscribí a tu equipo: ctf.ekoparty.org

Extremely valuable advice!

TikTok in a nutshell.

Did you know that GitHub doesn’t just encrypt data at rest but also encrypts specific database columns? Read about our column encryption strategy and our decision to adopt the #Rails column encryption standard. github.blog/2022-10-26-why…

Check out the latest researcher interview in GitHub's Bug Bounty Researcher Spotlight series github.blog/2022-10-28-cyb…

Are you attending Ekoparty | Hacking everything ? Go stop by the GitHub Security booth and say hello to s2jeff from our Bounty Team.

Marty Stratton, id Software Studio Director, lied about DOOM Eternal's OST events in a Reddit post that used disinformation to blame me entirely for its failure Later, he offered me a six-figure sum to never speak about it The truth is more important. link.medium.com/USjGbPeBOub

The team at OpenAI just fixed a critical account takeover vulnerability I reported few hours ago affecting #ChatGPT. It was possible to takeover someone's account, view their chat history, and access their billing information without them ever realizing it. Breakdown below 👇

In this post I'll use CVE-2023-6241, a vulnerability in the Arm Mali GPU that I reported last November to gain arbitrary kernel code execution from an untrusted app on a Pixel 8 with MTE enabled. github.blog/2024-03-18-gai…

Is authing the Rabbit R1 against any of your accounts actually secure? I'm not so sure

A lot of the AI stuff Google showed was cool. But I find myself unable to care. - Their products are far harder to use - They have a “throw it at the wall” feel - If I like it they’ll probably cancel it They’ve simply lost my trust.

Exciting news! The Bug Bounty Village website is live! 🚀🌐 Join us at DEF CON for everything bug bounty. Explore our speakers, presentations, sponsors, events, and more. Visit bugbountydefcon.com #BugBountyVillage #DEFCON #CyberSecurity #BugBounty #HackerCommunity

Don't miss "Hunters and Gatherers: The Realities of Bug Bounty Life" by Logan MacLaren (Logan), Jeffrey Guerra (s2jeff), Johnathan Kuskos, Katie Noble, Sam Erb (erbbysam ㋬)! 📅 Saturday, Aug 10 ⏰ 11:30 AM 📍 Creator Stage 4 #BugBounty #DEFCON