Hacking, AppSec, and Bug Bounty newsletter

2018-05-18 | Telegrab malware, Bitcoin is an electricity hog, and How to read privacy policies

Friday, May 18


  • Talos reports on the emergence of a malware that collects cache and key files from end-to-end encrypted instant messaging service Telegram. Discovered by Cisco’s Talos, the malware is dubbed “Telegrab”.


You can see all the latest and greatest disclosures and bounties on  


  • North Korea’s Sun Team is still actively trying to implant spyware on defecting citizens devices per new McAfee report.

  • How to read privacy policies: Read the headlines and search the keywords. Advice by WSJ's Joanna Stern.

  • Bitcoin power use has doubled in the past 6-months, using about 2.55 gigawatts, or about as much as the entire country of Ireland per recent research. At this rate, researchers estimate cryptocurrencies could account for 5% of the world’s electricity.

  • Ari Schwartz & John Banghart (former top officials with the Obama administration) are working on a plan to disclose vulnerabilities in hardware.

  • Customers of tracking firm LocationSmart had their data leaked without their consent (in real time via the companies website) Krebs reports.  

  • What will you buy at the quantum computing algorithm store?


Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email:

Get this email forwarded to you? Click here to subscribe to the Zero Daily

Do you have cloud, distributed environments, laptops, mobile? All those things create what we call an attack surface… It’s just portfolio management -- you’re choosing where you’re going to make your investments.

Rich Baich, CISO, Wells Fargo


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.