Bug Bounty
Microsoft now pays up to $40,000 for some .NET vulnerabilities
Microsoft has expanded its .NET bug bounty program and increased rewards to $40,000 for some .NET and ASP.NET Core vulnerabilities. Madeline Eckert, a senior program manager for Researcher Incentives and Bounty at Microsoft, stated that these changes aim to more accurately reflect the complexity involved in discovering and exploiting .NET vulnerabilities. “We’re excited to announce […]
Microsoft now pays up to $30,000 for some AI vulnerabilities
Microsoft announced an increase in bug bounty payouts to $30,000 for AI vulnerabilities found in Dynamics 365 and Power Platform services and products. Power Platform includes applications designed to help companies analyze data and automate processes, while Dynamics 365 is a set of business apps that connect customers, products, people, and operations. Eligible AI vulnerability […]
EncryptHub’s dual life: Cybercriminal vs Windows bug-bounty researcher
EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling the line between cybercrime and security research. The reported vulnerabilities are CVE-2025-24061 (Mark of the Web bypass) and CVE-2025-24071 (File Explorer spoofing), which Microsoft addressed during the March 2025 Patch Tuesday updates, acknowledging the […]
OpenAI now pays researchers $100,000 for critical vulnerabilities
Artificial intelligence company OpenAI has announced a fivefold increase in the maximum bug bounty rewards for “exceptional and differentiated” critical security vulnerabilities from $20,000 to $100,000. OpenAI says its services and platforms are used by 400 million users across businesses, enterprises, and governments worldwide every week. “We are significantly increasing the maximum bounty payout for […]
Google paid $12 million in bug bounties last year to security researchers
Google paid almost $12 million in bug bounty rewards to 660 security researchers who reported security bugs through the company’s Vulnerability Reward Program (VRP) in 2024. Among last year’s highlights, the company revamped the VRP’s reward structure, bumping rewards up to a maximum of $151,515, while its Mobile VRP now offers up to $300,000 for critical vulnerabilities […]
Microsoft raises rewards for Copilot AI bug bounty program
Microsoft announced over the weekend that it has expanded its Microsoft Copilot (AI) bug bounty program and increased payouts for moderate severity vulnerabilities. To further secure its Copilot consumer products against attacks, Redmond added a broader range of Copilot consumer products and services to the scope of the program, including Copilot for Telegram, Copilot for […]
Microsoft launches Zero Day Quest hacking event with $4 million in rewards
Microsoft announced today at its Ignite annual conference in Chicago, Illinois, that it’s expanding its bug bounty programs with Zero Day Quest, a new hacking event focusing on cloud and AI products and platforms. The Zero Day Quest starts today with a research challenge where submissions of vulnerabilities for specific scenarios can earn multiplied bounty awards and […]
Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault
Samsung has launched a new bug bounty program for its mobile devices with rewards of up to $1,000,000 for reports demonstrating critical attack scenarios. The new ‘Important Scenario Vulnerability Program (ISVP)’ program focuses on vulnerabilities related to arbitrary code execution, the unlocking of devices, data extraction, arbitrary application installation, and bypassing device protections. Highlighted payouts […]