HackerOne Blog

The latest from HackerOne

A Call for a New Cybersecurity Measurement Standard

February 26th, 2025

Cybersecurity initiatives provide financial value to organizations. Still, translating the benefits of cybersecurity into dollars and cents has long been a challenge for security teams.

Read Now

All

Cloud Security

Code Security

Crowdsourced Security

Culture & Talent

Defense in Depth

From the CEO

HackerOne News

Offensive Security

Public Policy

Return on Mitigation

Security Compliance

Security Research

Exposure Management

Exposure Management

6 Predictions Defining the Move to Always-On Cybersecurity in 2026

December 9th, 2025

Security leaders forecast 2026 as the year CTEM becomes essential, with AI-driven threats, agentic security, and continuous validation reshaping cyber risk.

Code Security

CVE-2025-55182: Unauthenticated React Exploit Affects Millions of Sites

December 5th, 2025

A critical CVE-2025-55182 React RCE flaw affects millions of sites. Get impact details, affected versions, indicators of compromise, and urgent remediation steps.

Crowdsourced Security

Offensive Security

Bug Bounty

What Are Bug Bounties and How Do They Work?

December 4th, 2025

Bug bounties give security researchers a structured way to report vulnerabilities. This guide explains how bug bounty programs work and why organizations use them.

Crowdsourced Security

Bug Bounty

A Decade of Defense: Celebrating Grab's 10th Year Bug Bounty Program

December 4th, 2025

Grab marks a decade of global bug bounty collaboration, engaging 850+ researchers to strengthen security for 187M users across Southeast Asia.

Code Security

Shai-Hulud 2.0: What Security Leaders Need to Do Now

November 26th, 2025

Shai-Hulud 2.0 is a self-replicating npm malware campaign exposing secrets and compromising CI/CD pipelines. Learn how to respond and reduce risk.

AI Red Teaming

How to Choose the Right AI Testing Approach: AI Penetration Testing, AI Red Teaming, and Beyond

November 25th, 2025

Choose the right AI testing method based on your risk maturity, from add-on LLM pentests to continuous AI assurance. Understand what each level provides.

AI Red Teaming

Hai

The AI Security Playbook: Match Your Testing to Your Maturity

November 20th, 2025

AI systems demand more than one-off testing. See how to mature from reactive fixes to continuous assurance with layered AI security, safety, and trust practices.

Culture & Talent

Bug Bounty

Built, Not Born: From Curiosity to Cybersecurity

November 19th, 2025

A Botswana-born researcher shows how persistence, curiosity, and steady practice—not early access or talent—can build a career in cybersecurity.

From the CEO

AI Red Teaming

AI Security vs. AI Safety: Two Pillars CISOs Must Operationalize

November 18th, 2025

With 8 in 10 security leaders now concerned about AI risk, CISOs must unify AI Safety and Security to protect users, systems, and brand trust.