Bug Disclosure News, Articles and Updates

MiTM and remote code vulnerabilities found in Trend Micro ServerProtect

Researchers from Core Security discovered multiple vulnerabilities in the web-based management console of Trend Micro ServerProtect.

Pen testers discover mega vulnerabilities in Uber

Portuguese pen testing team discover 14 flaws in Uber apps which would have enabled them to get free rides and disclose details of passengers' and drivers' journeys.

War of words as researchers reveal Kaspersky and FireEye zero-days

Researchers reveal zero-day vulnerabilities in FireEye and Kaspersky's security software during the US Labor Day holiday weekend.

PayPal patches stored XSS vulnerabilities discovered by bounty hunters

Stored XSS vulnerabilities exposed payments page and opened PayPal users to malicious file attacks, say researchers.

Unpatched 0-day threatens Apple Mac users

OS X flaw is exposed by teenage Italian security researcher without warning Apple - reigniting the debate about 'irresponsible' bug disclosure.

LinkedIn 'invitation-only' bug bounty programme pays out £41k

LinkedIn's director of information security confirms that its private bug bounty programme was formalised in October.