Bug Bounty and Cybersecurity Updates: YesWeHack News Hub

EU flag features in a story about how the European Commission’s latest bug bounty tender was won by YesWeHack

US court ruling on Uber breach slammed, red teamers cautious on AI, OffSec offers ‘strategic edge’ – OffSec roundup for CISOs

Read More ->

US court ruling on Uber breach slammed, red teamers cautious on AI, OffSec offers ‘strategic edge’ – OffSec roundup for CISOs

Read More ->

YesWeHack completes first-ever acquisition with purchase of Sekost, French cybersecurity audit specialist

Read More ->

YesWeHack completes first-ever acquisition with purchase of Sekost, French cybersecurity audit specialist

Read More ->

Disk cache in the context of a nonce CSP bypass

Nonce CSP bypass using disk cache, ‘quiet side channel’ for request smuggling, Amazon Q and the malicious pull request – ethical hacker news roundup

Read More ->

Nonce CSP bypass using disk cache, ‘quiet side channel’ for request smuggling, Amazon Q and the malicious pull request – ethical hacker news roundup

Read More ->

Chunked-body parsing flaws, making self-XSS great again, using HTTP redirect loops to achieve non-blind SSRFs – ethical hacker news roundup

Read More ->

Chunked-body parsing flaws, making self-XSS great again, using HTTP redirect loops to achieve non-blind SSRFs – ethical hacker news roundup

Read More ->

Robot gazes satisfyingly at the ladybird he has found – signifying discovery of security bugs by AI models

OpenAI VDP for bugs found by AI, CVE funding fears persist, ‘shift left’ towards vulnerability overload – OffSec roundup for CISOs

Read More ->

OpenAI VDP for bugs found by AI, CVE funding fears persist, ‘shift left’ towards vulnerability overload – OffSec roundup for CISOs

Read More ->

A double-clickjacking attack, exploit or vulnerability

Ultimate double-clickjacking exploit, novel HTTP/2 request tunnelling techniques, when encryption makes matters worse – ethical hacker news roundup

Read More ->

Ultimate double-clickjacking exploit, novel HTTP/2 request tunnelling techniques, when encryption makes matters worse – ethical hacker news roundup

Read More ->

‘AI slop’ bug reports and outsourcing triage, OpenPGP.js signature-spoofing bug, race to combat zero-day exploits – OffSec roundup for CISOs

Read More ->

‘AI slop’ bug reports and outsourcing triage, OpenPGP.js signature-spoofing bug, race to combat zero-day exploits – OffSec roundup for CISOs

Read More ->

News

MINDEF Launches Next Bug Bounty Programme with YesWeHack

YesWeHack marks first year of partnership with Singapore’s Government Bug Bounty Programmes

Why ‘HTTP/1.1 must die’, Intel exploits, C# Random hack with no maths – ethical hacker news roundup

European Commission’s latest Bug Bounty tender won by YesWeHack

European Commission’s latest Bug Bounty tender won by YesWeHack

YesWeHack authorised as a CVE Numbering Authority (CNA)

YesWeHack authorised as a CVE Numbering Authority (CNA)

US court ruling on Uber breach slammed, red teamers cautious on AI, OffSec offers ‘strategic edge’ – OffSec roundup for CISOs

US court ruling on Uber breach slammed, red teamers cautious on AI, OffSec offers ‘strategic edge’ – OffSec roundup for CISOs

European Commission’s latest Bug Bounty tender won by YesWeHack

YesWeHack completes first-ever acquisition with purchase of Sekost, French cybersecurity audit specialist

YesWeHack completes first-ever acquisition with purchase of Sekost, French cybersecurity audit specialist

Nonce CSP bypass using disk cache, ‘quiet side channel’ for request smuggling, Amazon Q and the malicious pull request – ethical hacker news roundup

Nonce CSP bypass using disk cache, ‘quiet side channel’ for request smuggling, Amazon Q and the malicious pull request – ethical hacker news roundup

Chunked-body parsing flaws, making self-XSS great again, using HTTP redirect loops to achieve non-blind SSRFs – ethical hacker news roundup

Chunked-body parsing flaws, making self-XSS great again, using HTTP redirect loops to achieve non-blind SSRFs – ethical hacker news roundup

YesWeHack completes first-ever acquisition with purchase of Sekost, French cybersecurity audit specialist

OpenAI VDP for bugs found by AI, CVE funding fears persist, ‘shift left’ towards vulnerability overload – OffSec roundup for CISOs

OpenAI VDP for bugs found by AI, CVE funding fears persist, ‘shift left’ towards vulnerability overload – OffSec roundup for CISOs

Ultimate double-clickjacking exploit, novel HTTP/2 request tunnelling techniques, when encryption makes matters worse – ethical hacker news roundup

Ultimate double-clickjacking exploit, novel HTTP/2 request tunnelling techniques, when encryption makes matters worse – ethical hacker news roundup

‘AI slop’ bug reports and outsourcing triage, OpenPGP.js signature-spoofing bug, race to combat zero-day exploits – OffSec roundup for CISOs

‘AI slop’ bug reports and outsourcing triage, OpenPGP.js signature-spoofing bug, race to combat zero-day exploits – OffSec roundup for CISOs

OpenAI VDP for bugs found by AI, CVE funding fears persist, ‘shift left’ towards vulnerability overload – OffSec roundup for CISOs

Products

Researchers

Resources

Company

Follow us