The cloud-focused program will pay out $10,000 as its top reward.
The app purported to stream music – but actually siphoned victims’ device contacts and files.
Microsoft released the beta of its new Chromium-based Edge – and it is offering rewards of up to $30,000 for researchers to hunt out vulnerabilities in the browser.
VideoLAN has released an updated version of its VLC Player to fix over a dozen bugs.
A patch does not yet exist for a critical buffer overflow vulnerability in VLC Media Player that could enable remote code execution.
Popular media player receives 33 security bug fixes, two of which are rated high severity.
The vulnerable kits also offer a point of entry to compromise legitimate website servers.
Researchers have released a proof-of-concept showing how a XXE vulnerability can be exploited to attack Ghidra project users.
Between operational technology and open source, the supply chain is rapidly expanding – and companies that can’t keep up will be the next security targets, said experts at RSA Conference 2019.
Threatpost talks to HackerOne CEO Marten Mickos on the EU’s funding of open source bug bounty programs, how a company can start a program, and the next generation of bounty hunters.