Hacking, AppSec, and Bug Bounty newsletter

2019-01-14 | Zero Daily is back! Your Infosec catch up Dec + Jan

Monday, January 14

Hello again, friends. Missed us? We missed you. <3

What’s been going on since we last published all the way back in December 2018?

Marriott had a breach and China’s playing the long game,

someone deliberately attacked the printing infrastructure of the LA Times,

OWASP dropped their 2018 edition of the top 10 IoT vulnerabilities,

it took less than 1-day into 2019 for a data breach to be reported,

@viss wished you all a happy birthday,

zseano found the coolest CSRF ‘bypass’ ever,

there was a Windows 10 sighting - in the White House Situation Room,

Joseph Cox has a tip for journos,

Motherboard reported that some big cell phone co’s are selling customers’ location data,

Signal Science’s Andrew Peterson crowdsourced infosec book recommendations,

Chris Roberts says there’s no such thing as security, just the measurement of risk,   

The US Government shutdown affecting well, a lot of people including the DOJ’s cyber crime attorneys and Senator Ron Wyden is concerned about the shutdown’s impact of the IRS’ ability to defend against cyber criminals,

Stok asked #bugbounty twitterites what their top 3 tips for the next gen of bounty hunters are,

There’s a DNS hijacking wave targeting companies at a pretty fast clip,  

And we’re sure we missed our share of spits and spats on Twitter (I mean, why do we; can’t we not, wouldn’t it be better if…). It’s like the philosopher 0daySimpson said:

Don't let infosec distract you from hacking.

2019, let’s do this.


Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email:

HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.