Skip to content
The Nexus
DossierENTITY

HackerOne

Coverage of HackerOne in the Nexus archive.

Earliest in view: Apr 8 · 19:47 UTCMost recent: Jul 8 · 09:00 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJul 8 · 09:00 UTCCYBERSCOOP
    Found fast, fixed slow: The gap the AI clearinghouse must close

    President Donald Trump's executive order mandated the creation of an AI cybersecurity clearinghouse within 30 days to coordinate vulnerability discovery and patching in critical infrastructure. The article highlights risks that the clearinghouse may become a stalled committee rather than an effective solution, emphasizing the bottleneck between AI-driven vulnerability detection and the slower human processes required for validation, patching, and deployment.

  • SECURITYMay 21 · 19:27 UTCTHE REGISTER
    HackerOne takes an axe to its bug bounty rewards

    HackerOne has drastically reduced bug bounty rewards through its Internet Bug Bounty (IBB) program, cutting payouts by 68-88% across all severity levels. The program remains paused while the platform evaluates adjustments, leaving security researchers waiting for payments on previously submitted vulnerabilities.

  • SECURITYMay 20 · 20:34 UTCTHE REGISTER
    Even Claude agrees: hole in its sandbox was real and dangerous

    Two now-patched bypass bugs in Claude Code's network sandbox put users at risk, allowing attackers to send private data to any server on the internet. The flaws were reported by Aonan Guan, a researcher who leads cloud and AI security at Wyze Labs. Anthropic has silently fixed the vulnerabilities without issuing a CVE or security advisory.

  • SECURITYMay 13 · 22:56 UTCTHE REGISTER
    AWS to Quick admins: The access control didn't work, but you weren't using it anyway, so what's the problem?

    AWS responded to a security vulnerability in Amazon Quick, claiming no customer data was at risk after Fog Security disclosed an authorization bypass, which allowed access to AI Chat Agents despite explicit denial of access. The issue was fixed between March 11 and 12. AWS classified the severity as 'none' and issued no customer notification. The vulnerability was reported via HackerOne, a bug bounty platform.

  • SECURITYApr 25 · 17:49 UTCR/DEFI
    Warning: Deribit silently patches critical security flaws and ghosts the researchers. Can we trust an exchange that hides its vulnerabilities?

    A security researcher reported critical vulnerabilities to Deribit through its bug bounty program, but the exchange silently patched the issues and ignored the researcher for 70+ days, refusing to communicate or pay. Deribit's 'unmanaged' HackerOne program status prevents forced resolution, raising concerns about transparency and trust in its security practices.

  • SECURITYApr 25 · 16:37 UTCR/CRYPTOMARKETS
    Warning: Deribit silently patches critical security flaws and ghosts the researchers. Can we trust an exchange that hides its vulnerabilities?

    An independent security researcher reported critical vulnerabilities to Deribit via its bug bounty program, but the exchange silently patched the flaws and ignored the researcher for over 70 days without communication or payment. The researcher raised concerns about Deribit's lack of transparency and trustworthiness, as the exchange is listed as an 'unmanaged' program on HackerOne, preventing forced resolution.

  • SECURITYApr 22 · 06:57 UTCCOINTELEGRAPH
    AI drives surge in ‘bug bounty’ reports, but the ‘slop’ is rising too

    HackerOne reported a 7% increase in valid bug bounty submissions in 2025, reaching 85,000 cases, driven by AI advancements, though concerns about rising 'slop' (low-quality reports) persist.

  • SECURITYApr 20 · 23:26 UTCTHE REGISTER
    Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus

    Vibe coding platform Lovable denied allegations of a data leak where users' sensitive information could be accessed, initially blaming 'intentional behavior' and unclear documentation. The company later shifted blame to HackerOne, a bug-bounty service, amid criticism for mishandling vulnerability reports.

  • SECURITYApr 8 · 19:47 UTCDARK READING
    AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties

    HackerOne has paused bug bounties due to an AI-led remediation crisis, where remediation has become the bottleneck for open source bug fixes rather than discovery. Automated tools now outpace manual discovery, leaving bounties ineffective in addressing remediation challenges.

HackerOne · Dossier · The Nexus