Latest bug bounty publications

HackerOne was left red-faced last week after it admitted a hacker exposed a vulnerability in its popular bug-bounty platform.

In November, a bug hunter was able to flick through HackerOne vulnerability reports at will after they were sent a session cookie by one of the platform’s security researchers, granting the hacker access to their privileged account.

The bug hunter, who goes by the name of haxta40ok00, received a tidy $20,000 for reporting the flaw, which exposed sensitive information such as vulnerability title, state, severity and assignee.