Hacking, AppSec, and Bug Bounty newsletter

2017-06-26 | Ru5514, 32TB of MSFT core (maybe), and Brutal Kangaroo

Monday, June 26

Make it a great week!



  • local file disclosure via FFmpeg hls processing [53 upvotes] - $1,000 bounty for this report to by @neex. Continuing with our Russia-theme today, ironically the top disclosed report on hacktivity over the weekend was this report by @neex. This issue was disclosed among others at Phdays conference 2017 (slides).

Lots of new reports this weekend including bounties from Slack, Dashlane, BadooRockstar, and Shopify.  

You can see all the latest and greatest disclosures and bounties on  



Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties

Have a news tip / story to highlight? We’d love to hear about it. Email:

Get this email forwarded to you? Click here to subscribe to the Zero Daily


Good day to be an attorney, or a Maserati salesman

The Register


*Note, earlier version incorrectly stated that it was 1.2TB of data. This error has been corrected to reflect the actual claim of 1.2GB. Thank you to @it2o12 for pointing out the mistake.


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.