bugcrowd

@herrmann1001 P1s in the wild

@Bugcrowd #bugbounty #p1

Crossed 14K reputation on @Bugcrowd✅

@krishnsec congrats!! big accomplishment! 👏

A long time ago, in a shell far, far away… 🌌 A red teamer decided it was time to prove they were ready. CrowdForce is Bugcrowd’s elite red team, and we’re looking for hackers with the skills to execute the greatest attack simulations, adapt under pressure, and collaborate with some of the smartest minds in offensive security. Think you’re ready? 🦸 May the force be with you. Learn how to join CrowdForce: bugcrowd.com/blog/how-to-jo…

The value of Shodan in bug bounty is often overlooked, if you haven't already you should check it out - especially the advanced operators. Here's a blog with some quick tips 👇 bugcrowd.com/blog/shodan-th…

Asked the dev to lock this down. Is it secure? Reply with your answer👇

When the new program notifications start hitting the inbox on a Friday afternoon. 🍽️

Don't forget to be curious ‼️ Satyam’s spending this year going deeper into hardware, wi-fi, iot, and web3 security while continuing to build, research, and teach along the way. He’s also looking to work with other hackers on meaningful security projects, sooooo who wants to collab? 👀 Read our latest hacker spotlight: bugcrowd.com/blog/hacker-sp…

staying in scope

Bugcrowd Chief AI and Science Officer @thedavidbrumley is heading to Carnegie Mellon University on Monday for the Agentic AI Evaluation and Governance Workshop. 📌 Hosted by CMU, the Brookings Institution, and UC Berkeley, the workshop brings together leaders working through big AI questions. Learn more here: mailchi.mp/ce6db5ee926a/s…

The Coast Guard’s new cybersecurity rules for maritime facilities have some universal lessons for every industry. Trey Ford mentions that these rules get one big thing right: they assume failure. Instead of just trying to keep people out, the focus is on segmentation and secure design so you can spot an adversary before they act. It is a leading indicator for what we can expect to see in other regulated sectors soon. 🔗 Read the full piece in @DarkReading: darkreading.com/cybersecurity-…

NIST is changing how they prioritize CVEs in the National Vulnerability Database after a huge surge in submissions. They are moving to a model that prioritizes vulnerabilities already being exploited in the wild or those affecting critical software. This marks a shift for defenders who used to rely on one complete database for everything. 🖊️ Now, the move is to focus on known exploited vulnerabilities instead of trying to chase every single CVE. Get the details in Security Magazine: securitymagazine.com/articles/10225…

If you want hackers to hunt on your program, make the scope worth hunting. Broad and clear beats restrictive and confusing every time 🙌 Learn more about how to build a successful program hackers want to hunt on in the full clip: bugcrowd.com/webinar/?commi…{{lead.Id}}&utm_source=x

Want to win some Bugcrowd stickers?  1️⃣ Join our Reddit: reddit.com/r/Bugcrowd/ 2️⃣ Reply to this post with an emoji! The winner will be randomly selected. Good luck!🐞

Copy Fail puts a few uncomfortable questions on the table ⤵️ 🤔 How much of your isolation story depends on shared-kernel containers? 🤔 How quickly can your team validate a credible exploit? 🤔 Is your disclosure intake ready for more reports that look real, and some that actually are? CVE-2026-31431 is a Linux kernel LPE affecting major distributions since 2017. A public exploit is already available, and according to Theori (theori.io), AI surfaced the bug in about an hour of scan time. @thedavidbrumley, our Chief AI & Science Officer, breaks down the bug, the container impact, and why the way it was found is important to know: bugcrowd.com/blog/what-we-k…

@hakluke we'd love that

I really need to make an updated version of this!

You can’t scan your way out of every startup security risk. ✋ not when teams are moving fast ✋ not when shadow IT creeps in ✋ not when old test environments are still hanging around ✋ not when AI speeds up code and risk at the same time Startups need coverage that’s as flexible as they are. This breaks down where automated tools miss the mark and what to do instead: bugcrowd.com/blog/how-autom…

The headlines are full of the rivalry between AI giants like Anthropic and OpenAI, but... There's a bigger conversation happening in security 💬 Trey Ford notes that the bottleneck for most companies isn’t the AI models. 🚧 The hurdle is the human coordination needed to fix the volume of bugs these models are helping find. For security leaders, focusing on frontier model access might be the wrong priority when the struggle is simply keeping up with remediation. Check out the analysis in @CRN: crn.com/news/security/…

How to CRUSH bug bounties in the first 12 months!  The most viewed video on our YouTube channel is a LevelUp talk that @hakluke did on this topic 5 years ago, and it's still relevant! youtube.com/watch?v=AbebbJ…

Successful bug bounty programs are usually built on the basics done well 👌 When program teams take the time to explain decisions, stay consistent, and build trust with researchers, the whole program gets stronger. What’s the biggest thing you look for before hunting on a program? 🎯 Watch the full discussion: bugcrowd.com/webinar/