Hacking, AppSec, and Bug Bounty newsletter

2017-05-01 | Ransomware is the new black, DOK is no joke, and Burp’s gone mobile

Monday, May 1

A new week, a new month!


  • Ransomware costs are rising. And fast. Symantec’s latest Internet Security Threat Report has them up by over 3x. Somebody calling themselves, thedarkoverlord, recently released Netflix shows ahead of their release after Netflix refused to pay the requested ransom. Apparently, this hacker loves Orange is The New Black.


  • Bypassing Digits bridge origin validation [39 upvotes] for this report to Twitter by @filedescriptor. Issue in the bridge proxy in Digits allowed an attacker to retrieve the OAuth credential data of an application a victim had authorized. Old report that was just disclosed in the last 24-hours. Check out the “for example” graph. Love it!

In case you were curious, there was a $10K+ bounty paid over the weekend (no public details, sorry). But this hacker got paid $7K for their account takeover exploit on Flickr.

You can see all the latest and greatest disclosures and bounties on


  • If teleconf tools like Google Hangouts & Zoom made "# of minutes to coordinate/start a meeting" a KPI, the world would be a better place. - @lpolovets



Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email:

Get this email forwarded to you? Click here to subscribe to the Zero Daily


“The Onion routing protocol is not as anonymous as you think it is. Whoever controls the exit nodes is the one who controls the traffic, which makes me… the one in control.”

Elliot Alderson


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.