HackerOne Blog

The latest from HackerOne

7 Predictions Defining the Move to Always-On Cybersecurity in 2026

December 9th, 2025

Security leaders forecast 2026 as the year CTEM becomes essential, with AI-driven threats, agentic security, and continuous validation reshaping cyber risk.

Read Now

All

Cloud Security

Code Security

Crowdsourced Security

Culture & Talent

Defense in Depth

From the CEO

HackerOne News

Offensive Security

Public Policy

Return on Mitigation

Security Compliance

Security Research

Exposure Management

Exposure Management

How HackerOne Disproved an MFA Bypass With a Spot Check

November 13th, 2024

Read how HackerOne's internal security team disproved an alleged MFA bypass with a targeted Spot Check.

Culture & Talent

Unlocking Engagement with Employee Feedback

November 6th, 2024

Since 2018, HackerOne has maintained an employee engagement survey participation rate of over 80%, with...

Ethical hackers fixing improper access control vulnerabilities

Exposure Management

How an Improper Access Control Vulnerability Led to Account Theft in One Click

November 6th, 2024

Let’s look more closely at the improper access control vulnerability type — what it is, how it’s used, and how to remediate it.

Exposure Management

How an Information Disclosure Vulnerability Led to Critical Data Exposure

November 5th, 2024

Information disclosure is the #2 most common security vulnerability. Learn what information disclosure is, its impacts, and how to prevent it.

Ethical hacker finding XSS vulnerabilities

Exposure Management

How a Cross-Site Scripting Vulnerability Led to Account Takeover

November 4th, 2024

Cross-site scripting (XSS) is the number one most common security vulnerability. Learn what XSS is, its impacts, and how to prevent it.

Hacker discovering a business logic vulnerability

Exposure Management

How a Business Logic Vulnerability Led to Unlimited Discount Redemption

November 1st, 2024

Learn about the impact, severity, and a real-world example of business logic vulnerabilities.

Who Should Own AI Risk at Your Organization?

October 30th, 2024

Explore who is accountable for AI risk within organizations and how to empower them to own the responsibility.

Public Policy

Securing Our Elections Through Vulnerability Testing and Disclosure

October 28th, 2024

Learn how security researchers are securing election technology though vulnerability testing and disclosure.

Exposure Management

Measure, Compare, and Enhance Security Programs with HackerOne Benchmarks

October 24th, 2024

HackerOne Benchmarks is a set of features designed to provide insights for optimizing your security program’s performance.