Hacking, AppSec, and Bug Bounty newsletter

2019-02-20 | WordPress 5.0.0 RCE, Krebs dives deep on recent DNS hijacking attacks, and CERN reproduced the first browser in all its glory

Wednesday, February 20


  • Symantec published their internet security threat report. Highlights include formjacking as a “breakthrough” threat. Cryptojacking occurred 4x more than 2017, but trended down at the end of the year coinciding with cryptocurrency values tanking. Other high level stats include 78% increase in supply chain attacks, 100% increase in malicious powershell scripts and almost half of all malicious email attachments are Office files.



Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email:

Large organizations down to mom-and-pop entities are not paying attention to some very basic security practices, like multi-factor authentication. These days, if you have a sub-optimal security stance, you’re going to get owned. That’s the reality today. We’re seeing much more sophisticated adversaries now taking actions on the Internet, and if you’re not doing the basic stuff they’re going to hit you.

John Crain, chief security, stability and resiliency officer at ICANN