Hacking, AppSec, and Bug Bounty newsletter

2017-10-09 | GCHQ and NCSC, PureVPN’s FBI assist, and Flickr mass upload bug

Monday, October 9

Did you miss us?

A lot happened over the past 2-weeks…Deloitte was breached, Showtime mining crypto coins, 702 has more than one meaning, The Chamber of Commerce (yep) has a cybersecurity summit and said cyber crime costs $450B per year, that high Sierra rarified bug air, but do update, please. Over The Air - Vol. 2 was published by Project Zero, Shopify paid a $20K bounty, Whole Foods was breached, Equifax’s former CEO blamed an IT worker for failing to patch - classy. Bloomberg said it was China (re: Equifax), my oh my yahoo, U.S. Senators want the DHS to have a bug bounty program, Senator Ron Wyden says SSA needs U2F, and the NSA was breached by Russian hackers.  



You can see all the latest and greatest disclosures and bounties on



Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email:

Get this email forwarded to you? Click here to subscribe to the Zero Daily

"'Country-1 has disabled auto-updates on software from Country-2' is the new 'Country-1 has recalled their ambassadors from Country-2'"

Haroon Meer


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.