HackerOne Blog

The latest from HackerOne

A Call for a New Cybersecurity Measurement Standard

February 26th, 2025

Cybersecurity initiatives provide financial value to organizations. Still, translating the benefits of cybersecurity into dollars and cents has long been a challenge for security teams.

Read Now

All

Cloud Security

Code Security

Crowdsourced Security

Culture & Talent

Defense in Depth

From the CEO

HackerOne News

Offensive Security

Public Policy

Return on Mitigation

Security Compliance

Security Research

Exposure Management

Code Security

CVE-2025-55182: Unauthenticated React Exploit Affects Millions of Sites

December 5th, 2025

A critical CVE-2025-55182 React RCE flaw affects millions of sites. Get impact details, affected versions, indicators of compromise, and urgent remediation steps.

Crowdsourced Security

Offensive Security

Bug Bounty

What Are Bug Bounties and How Do They Work?

December 4th, 2025

Bug bounties give security researchers a structured way to report vulnerabilities. This guide explains how bug bounty programs work and why organizations use them.

Crowdsourced Security

Bug Bounty

A Decade of Defense: Celebrating Grab's 10th Year Bug Bounty Program

December 4th, 2025

Grab marks a decade of global bug bounty collaboration, engaging 850+ researchers to strengthen security for 187M users across Southeast Asia.

Code Security

Shai-Hulud 2.0: What Security Leaders Need to Do Now

November 26th, 2025

Shai-Hulud 2.0 is a self-replicating npm malware campaign exposing secrets and compromising CI/CD pipelines. Learn how to respond and reduce risk.

AI Red Teaming

How to Choose the Right AI Testing Approach: AI Penetration Testing, AI Red Teaming, and Beyond

November 25th, 2025

Choose the right AI testing method based on your risk maturity, from add-on LLM pentests to continuous AI assurance. Understand what each level provides.

AI Red Teaming

Hai

The AI Security Playbook: Match Your Testing to Your Maturity

November 20th, 2025

AI systems demand more than one-off testing. See how to mature from reactive fixes to continuous assurance with layered AI security, safety, and trust practices.