HackerOne Blog

The latest from HackerOne

6 Predictions Defining the Move to Always-On Cybersecurity in 2026

December 9th, 2025

Security leaders forecast 2026 as the year CTEM becomes essential, with AI-driven threats, agentic security, and continuous validation reshaping cyber risk.

Read Now

All

Cloud Security

Code Security

Crowdsourced Security

Culture & Talent

Defense in Depth

From the CEO

HackerOne News

Offensive Security

Public Policy

Return on Mitigation

Security Compliance

Security Research

Exposure Management

Public Policy

Security Research

A Safer Future for Security Research: Landmark Moves in Portugal and the UK

December 18th, 2025

Portugal’s Article 7 and the UK’s proposed statutory defence mark major steps toward protecting good-faith security research. Explore how these reforms reduce risk and strengthen coordinated vulnerability disclosure.

Offensive Security

Stanford’s Test Proves the Point: Agentic AI Is Transforming Offensive Security, but Real Defense Still Requires a Hybrid of AI and Human Expertise

December 17th, 2025

Independent research shows where agentic AI excels and where human judgment remains essential in penetration testing, underscoring the need for a hybrid security model.

Hai

How We Reached 91% Automated Routing Accuracy in Exposure Management

December 11th, 2025

Reliable, 91% accurate routing helps teams cut manual effort, reduce triage overhead, and strengthen vulnerability management across exposure workflows.

Public Policy

What the UK’s New Cyber Security and Resilience Bill Means for Your Organization

December 11th, 2025

The UK’s Cyber Security and Resilience Bill expands NIS obligations, updates incident reporting, and raises expectations for resilience across digital services.

Exposure Management

6 Predictions Defining the Move to Always-On Cybersecurity in 2026

December 9th, 2025

Security leaders forecast 2026 as the year CTEM becomes essential, with AI-driven threats, agentic security, and continuous validation reshaping cyber risk.

Code Security

CVE-2025-55182: Unauthenticated React Exploit Affects Millions of Sites

December 5th, 2025

A critical CVE-2025-55182 React RCE flaw affects millions of sites. Get impact details, affected versions, indicators of compromise, and urgent remediation steps.

Crowdsourced Security

Offensive Security

Bug Bounty

What Are Bug Bounties and How Do They Work?

December 4th, 2025

Bug bounties give security researchers a structured way to report vulnerabilities. This guide explains how bug bounty programs work and why organizations use them.

Crowdsourced Security

Bug Bounty

A Decade of Defense: Celebrating Grab's 10th Year Bug Bounty Program

December 4th, 2025

Grab marks a decade of global bug bounty collaboration, engaging 850+ researchers to strengthen security for 187M users across Southeast Asia.

Code Security

Shai-Hulud 2.0: What Security Leaders Need to Do Now

November 26th, 2025

Shai-Hulud 2.0 is a self-replicating npm malware campaign exposing secrets and compromising CI/CD pipelines. Learn how to respond and reduce risk.