bugcrowd.com/blog/savant-bug… so the bug bounty community freaked out a few weeks ago when hackerone had a single slide that talked about using AI agents for testing based off our reports. bugcrowd's new strategy sounds even more brazen, sly and egregious. submit reports -> your "signals" (aka creative thought process and work) feed into their AI agents -> AI agents find bugs without you (unclear incentive structure). that's if the technology even works though lol. these days I have trouble even adding collaborators in reports without the app erroring out. the messaging is so much more slick too. "connect those signals" - does that mean they are training on our reports? at least whoever did this PR release was careful to not blatantly say that they are training on our reports. but lol what does connecting those signals actually mean at the end of the day? extremely unclear if they train on our reports. this requires actual transparency from both platforms, not just marketing, and messaging tactics that you use when you're trying to convince you're not a wolf in a sheeps clothing.

➭ New Bounty PlayStation on H1 [hackerone] 🤔

PortSwigger Web Security disclosed a bug submitted by @Kawakatz: hackerone.com/reports/371227… - Bounty: $5,000 #hackerone #bugbounty

HackerOne Bro. Sign up and start hunting

Did you submit them to Roblox Support? Have you tried the new HackerOne stuff?

Um dos workflows mais legais que temos hoje no Livvay: Todo dia, uma pipeline roda flutter pub upgrade e flutter pub outdated --no-dev-dependencies --no-dependency-overrides em um ambiente totalmente isolado. Se aparece uma nova atualização de dependência, ela abre uma Issue automaticamente. A cada 1h, meu Hermes verifica se há novas Issues. Quando encontra, cria uma história de implementação, já avaliando se existem Breaking Changes ou não. Com a história aprovada, ela é descrita no Linear, que dispara um trigger de implementação no @orca_build. Depois da implementação, a CI/CD entra em campo: o Patrol roda os testes end-to-end, hoje com 95% de CC. Se estiver tudo certo, vai para homologação e embalagem. Passando por essa etapa, o fluxo chega no PR final, onde a @Hacker0x01 faz o code review via PullRequest.com. Depois do review e das correções, enviamos para TestFlight. Em cerca de uma semana, está em produção. Parece bizarrice, mas humano só entra na fase de PullRequest/HackerOne. Eu não atualizo dependências manualmente no Livvay há meses, e estamos na ultima versão de tudo. #bolhadev #buildinpublic

hackerone da son 2 günde 7 tane bug bildirmişim bari birine adam gibi ödeme yapın da bi tatile çıkayım amına çaktıklarım

This isn't done anymore since they launched the Hackerone bug bounty program

I was told from a reputable source that they stopped giving out the Boss White Hats from reporting on HackerOne hence the last awarded hats were years ago. Not sure how true it is but there hasn't been any "recent" awards for the Boss White Hat series.

Day 08/365 on the road to $103,000 📤 Reports Submitted: 1 🟢 Valid: 0 🟡 Triaged: 0 🔴 Duplicate: 1 ⚪ Informative: 0 💰 Earnings: $0 ⏱ Hunting Time: 8h 30m ☕ Support me: ko-fi.com/phoenixcatalan #BugBounty #HackerOne #CyberSecurity

Someone should report bugcrowd and hackerone too that they are using research from American hackers and selling it to adversaries.

I just found a fail/bug @coinbase hackerone post is made, PoC is made, all is legit and sent. - Details: Bypass anyone tx trade fee. - Never pay fee - Buy 5613€ BTC on @coinbase = 226€ of fee, but bypassable and direclty buyable without any fee. Same for sell.

they arnt wrong... it is likely a windows issue in their eyes because it wasnt directly messing with their hardware. this happens on stuff like playstation with hackerone that ive seen too.

One day, in early March 2022, I unlocked my office PC, logged into my Kaspersky HackerOne account, and noticed that the paid program was blocked. No warning. No migration window. No explanation.