Friday, June 30
Gearing up for the holiday weekend! fyi - there will be no Zero Daily on 07-03 or 07-04, but we’ll be back in black on Wed 07-05!
TOP STORY
Citizen Lab revisits the NSO-driven Pegasus targeting of Mexican politicians in Reckless Redux: Senior Mexican Legislators and Politicians Targeted with NSO Spyware.
HACKTIVITY
Missing Access Control(IDOR) To Know LinkedAccounts [10 upvotes] - $100 bounty for this report to Dashlane by @xkiraak-boy.
If you’re going to have one bug, make it a good one!
Congrats to @qasuar, whose $150 bounty pushed us over the $18M in bounties paid to hackers on HackerOne. He’s got some epic swag in his future!
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
Even minor issues can be vulnerabilities at scale - @find_evil
Two tweets of the day this week for @find_evil. It’s almost like we need a tweet of the day award (insert thinking emoji here)
OTHER ARTICLES WE’RE READING
Wind turbine hack. Physical access is total access.
In LA? See you at Flame Wars
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Companies could be prohibited from fixing existing vulnerabilities, or required to introduce new ones in forthcoming products.
EFF on the Investigatory Powers Act
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.