HackerOne Blog

Exposure Management

7 Predictions Defining the Move to Always-On Cybersecurity in 2026

December 9, 2025

Security leaders forecast 2026 as the year CTEM becomes essential, with AI-driven threats, agentic security, and continuous validation reshaping cyber risk.

Read Now

All

Cloud Security

Code Security

Crowdsourced Security

Culture & Talent

Defense in Depth

From the CEO

HackerOne News

Offensive Security

Public Policy

Return on Mitigation

Security Compliance

Security Research

Exposure Management

Exposure Management

5 Questions to Assess Your Organization’s Bug Bounty Readiness

December 2, 2024

Is your organization ready for a bug bounty program? These 5 questions will help you find out.

Exposure Management

Why Retail and E-commerce Organizations Trust Security Researchers During the Holiday Shopping Season

November 27, 2024

Security leaders at REI, AS Watson, and Mercado Libre explain why retail and e-commerce organizations trust security researchers.

Exposure Management

Breaking Down the OWASP Top 10: Injection

November 21, 2024

Gain insights into injection vulnerabilities, the different classifications, and potential security bypass techniques.

Exposure Management

How Inadequate Authentication Logic Led to an MFA Bypass and Account Takeover

November 20, 2024

Learn how inadequate authentication logic led to an MFA bypass, plus 11 authentication best practices to prevent vulnerabilities like these.

Exposure Management

How REI Strengthens Security with HackerOne’s Global Security Researcher Community

November 18, 2024

REI's senior application security engineer discusses their program success, evolving goals, and the value of the security researcher community.

Exposure Management

How HackerOne Disproved an MFA Bypass With a Spot Check

November 13, 2024

Read how HackerOne's internal security team disproved an alleged MFA bypass with a targeted Spot Check.

Ethical hackers fixing improper access control vulnerabilities

Exposure Management

How an Improper Access Control Vulnerability Led to Account Theft in One Click

November 6, 2024

Let’s look more closely at the improper access control vulnerability type — what it is, how it’s used, and how to remediate it.

Exposure Management

How an Information Disclosure Vulnerability Led to Critical Data Exposure

November 5, 2024

Information disclosure is the #2 most common security vulnerability. Learn what information disclosure is, its impacts, and how to prevent it.

Ethical hacker finding XSS vulnerabilities

Exposure Management

How a Cross-Site Scripting Vulnerability Led to Account Takeover

November 4, 2024

Cross-site scripting (XSS) is the number one most common security vulnerability. Learn what XSS is, its impacts, and how to prevent it.