Bug bounties: The good, the bad, and the frankly ridiculous ways to do it

#### [Security](/security/)Bug bounties: The good, the bad, and the frankly ridiculous ways to do it=========================================================================For incentives remember the three Fs — finance, fame, and fixing it——————————————————————–[Iain Thomson](/Author/Iain-Thomson ‘Read more by this author’) Sun 24 Aug 2025 // 08:28 UTC [](https://www.reddit.com/submit?url=https://www.theregister.com/2025/08/24/bug_bounty_advice/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Bug%20bounties%3a%20The%20good%2c%20the%20bad%2c%20and%20the%20frankly%20ridiculous%20ways%20to%20do%20it) [](https://twitter.com/intent/tweet?text=Bug%20bounties%3a%20The%20good%2c%20the%20bad%2c%20and%20the%20frankly%20ridiculous%20ways%20to%20do%20it&url=https://www.theregister.com/2025/08/24/bug_bounty_advice/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister) [](https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2025/08/24/bug_bounty_advice/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook) [](https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2025/08/24/bug_bounty_advice/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Bug%20bounties%3a%20The%20good%2c%20the%20bad%2c%20and%20the%20frankly%20ridiculous%20ways%20to%20do%20it&summary=For%20incentives%20remember%20the%20three%20Fs%20%e2%80%93%20finance%2c%20fame%2c%20and%20fixing%20it) [](https://api.whatsapp.com/send?text=https://www.theregister.com/2025/08/24/bug_bounty_advice/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp) feature Thirty years ago, Netscape kicked off the first commercial bug bounty program. Since then, companies large and small have bought into the idea, with mixed results.Bug bounties seem simple: a flaw finder spots a vulnerability, responsibly discloses it, and then gets a reward for their labor. But over the past decades, they’ve morphed into a variety of forms for commercial and government systems, using different payment techniques and platforms, and some setups are a lot more effective than others.Commercial bug bounties spread slowly at first, and the idea was initially fraught with danger for researchers. Some companies sued outsiders who found problems with their software. ![](https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/front&sz=300×50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aKrizjNDlyTUTylQSrTKTAAAAE4&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0)In 2005, Internet Security Systems (ISS) researcher Michael Lynn and the organizers of the Black Hat security conference in Las Vegas were served with a [restraining order](https://www.theregister.com/2005/07/28/cisco_iss_sue_vuln_whistleblower/) over his planned talk on serious flaws in Cisco’s IOS router software. Lynn quit ISS and delivered the presentation anyway, while Cisco reps spent eight hours physically tearing pages describing the talk out of the conference handbook. ![](https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/front&sz=300×50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aKrizjNDlyTUTylQSrTKTAAAAE4&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0)But that same year, Tipping Point started the Zero Day Initiative, paying for high-impact vulnerabilities with working proof-of-concepts. The practice went into turbo mode when several tech giants picked up the practice, led by Google in 2010, Facebook a year later, and then the biggie — Microsoft — in 2013.While some companies chose to run their own bounty programs, others outsourced it to platforms like HackerOne and Bugcrowd, both started in 2012. But the choice of which one to pick depends very much on the size and focus of your organization.### Sorting it out in-house or outsourcing?For the biggest organizations with a large user base, the best option is to primarily run their own scheme.Katie Moussouris, who convinced Microsoft to [go down](https://www.theregister.com/2013/06/19/microsoft_bug_bounty_black_hat/) the bug bounty route after a three-year fight (a process she described akin to ‘boiling a frog’), ran the Pentagon’s first hacking competition, and was chief policy officer at HackerOne. She’s now the CEO of Luta Security, a bug bounty consultancy. ![](https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/front&sz=300×50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aKrizjNDlyTUTylQSrTKTAAAAE4&t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0)’If you are somebody like an Apple, Google, or Microsoft, where the sensitivity of your bugs is so high, you do not want -[third-party-] platforms triaging your bugs,’ she told us. ‘You also don’t really want them housing the bugs at all. Any vulnerability in that third-party platform exposes your bugs.’Larger organizations have a number of other advantages, she explained. Most bug bounty programs throw up a huge number of false positives or minor flaws that aren’t really serious, and the biggest organizations, or those with a security bent, have the IT staff to sort out the wheat from the chaff.In addition, they have legal departments to handle the non-disclosure agreements that are an essential part of bug bounty programs. With Microsoft, she explained, the company originally set up a pilot called Project Tango (because it takes two to) where individual researchers would work for Redmond under an NDA not to release findings until Microsoft had checked them and issued a fix.In-house bug-bounty programs can also create a nice recruiting pipeline.’I used to run the one for Barracuda Networks,’ Eric Escobar, red team leader at Sophos Advisory Services, told us. ‘And in quality, 90 percent is trash, but the 10 percent that you got were like gold, it’s incredible.’He continued, ‘We hired several people out of the bug bounty program because they were finding such good stuff regularly. We did the cost analysis and thought if this person’s finding this many bugs consistently per month, we’re losing money if we don’t hire them; they’re making more than a solid AppSec engineer’s salary would be for just finding bugs.’* [Curl creator mulls nixing bug bounty awards to stop AI slop](https://www.theregister.com/2025/07/15/curl_creator_mulls_nixing_bug/)* [Curl project founder snaps over deluge of time-sucking AI slop bug reports](https://www.theregister.com/2025/05/07/curl_ai_bug_reports/)* [Russia, hotbed of cybercrime, says nyet to ethical hacking bill](https://www.theregister.com/2025/07/10/russia_ethical_hacking_bill/)* [Microsoft wouldn’t look at a bug report without a video. Researcher maliciously complied](https://www.theregister.com/2025/03/17/microsoft_bug_report_troll/)But hiring dedicated bug finders isn’t really an option for smaller software companies that don’t have the budget.’It’s very rare that you have an entirely research-focused security person, you want them doing other things,’ Moussouris said. ‘These people might not be programmers. They might not be able to tell the developers how to prevent those bugs in the future. They might just be really good at finding them.’There’s also a cultural issue, she said, since not everyone in the field wants to work in a corporate environment with endless meetings and team sessions. A lot of people like finding security holes but relish their independence.Increasingly, companies are hiring skilled pentesters on a per-contract basis for specific jobs. This solves the NDA issue, since non-disclosure would be part of the contract, the researcher gets money without having to make it a full-time career, and management is usually happy because they don’t have to take on the financial overhead of a new staff member.The other alternative is to use a commercial platform like HackerOne or Bugcrowd. For smaller companies, or those less focused on security, this provides a way to get bugs in, screen them, and pay the finder’s fee with minimal fuss, Moussouris said.HackerOne CEO Kara Sprague explains one big strength of the platform approach is the breadth of talent out there.’Going to a proven provider is not a bad idea for a company whose core competency is not offensive security,’ she told us. ‘The global independent researcher community is a phenomenal source of talent,’ she said, explaining that self-motivated bug finders are often more effective than in-house red teams or pentesters.In practice, many companies take a hybrid approach, running their own bug bounty programs internally but also using the platforms.Moussouris also warned that some companies were rushing into bug bounty programs for the wrong reasons — particularly public relations. Last month, when Paradox.ai was caught using ‘123456’ as an admin password that would allow an attacker to access the personal details of about 64 million McDonald’s job applicants, it apologized and [promised](https://www.paradox.ai/blog/responsible-security-update) to set up a bug bounty program.’I call that bug bounty botox, when they just want to be pretty on the outside,’ Moussouris joked.### Motivation for hunters: Fortune, fame, and fixing thingsOne common misconception is that flaw finders are just in it for the money, but it’s more complicated than that.It’s true that money is a factor. In the last decade, the amount of money up for grabs for bugs has exploded. At ZDI’s forthcoming Pwn2Own contest, a lucky hacker can [earn $1 million](https://www.zerodayinitiative.com/blog/2025/7/30/pwn2own-returns-to-ireland-with-a-one-million-dollar-whatsapp-target) for a zero-click remote code execution attack on WhatsApp. And despite its initial reluctance Microsoft has become a firm supporter of the bounty system, and paid out $17 million last year to independent security researchers, Tom Gallagher, head of the Microsoft Security Response Center (MSRC), told *The Register*.A few vulnerability hunters have become millionaires from these platforms, and others have made a lot of money selling to third-party businesses who harvest high-value flaws to either exploit for government-sanctioned spyware or to sell premium detection services.The tactics to earn big bucks aren’t what you might think, Moussouris opined.’The first hacker to make a million dollars total on HackerOne was asked ‘did you just find a bunch of criticals? He’s like, no, I don’t look for criticals at all, they’re too hard and take too long. I go for automation to get more efficient low- and medium-severity bugs.’ The mediums are the sweet spot, because they pay more.’But it’s a long tail situation — most people don’t make a massive amount of money, and the majority of bug hunters don’t use it as a main source of income, Escobar explained.Microsoft’s Gallagher explained that fame is another very effective way to attract bug hunters. MSRC maintains a league of the most useful flaw finders and competition is fierce, even if it’s just for a t-shirt, which he kindly modeled for *The Register*. ![MSRC top hackers tshirt](https://regmedia.co.uk/2025/08/21/msrc.jpg?x=648&y=486&infer_y=1 ‘MSRC’)Head of MSRC shows his love for hackersCompanies also court top vulnerability researchers with access to in-house engineers and exclusive forums that are designed to woo the best talent into investigating their code.’One of the things that we try to do through the bounty program is we build a relationship with the researchers,’ he told us.’We try to build a community around it. We have a program where we call the most valuable researchers, and so we’ll work with them. There are some people that are interested in working full time, there are other people that have a full time job. It may not even be security, and so it really depends on the individual.’The other, often overlooked, motivation is the desire to get things fixed. A few security researchers still submit bug reports, not especially for the money, but to make sure that applications and processes are safe.’There are some researchers who care more about the bug being fixed than care about the payout, and that’s still true,’ Moussouris opined. ‘Some researchers are like, ‘No, I just want you to fix this bug,’ that’s their motivation.’These unicorns are few and far between, however, and any company relying on the goodwill of such strangers as a primary source of fixes is foolish, she suggested.### AI slopping over?As with many jobs in the tech industry, there’s the spectre of machine learning and AI doing tasks previously reserved for humans.So far, AI is a mixed blessing. Yes, it’s finding more flaws, faster, but on the other hand, machine-generated flaws and the reporting on them are flooding out bug analysis.As industry veteran Mikko Hyppönen [pointed out](https://www.theregister.com/2025/08/11/ai_security_offense_defense/) at this year’s Black Hat security shindig, there’s been a huge increase in volume of reports, often written by script kiddies with prompt skills.’They call it [AI slop](https://www.theregister.com/2025/07/15/curl_creator_mulls_nixing_bug/),’ Moussouris commented. ‘It creates a lot of noise for maintainers, especially in the open source world, who can’t afford the triage services. That’s going to hurt all of us in the ecosystem long term.’* [Microsoft expands Copilot bug bounty targets, adds payouts for even moderate messes](https://www.theregister.com/2025/02/20/microsoft_copilot_bug_bounty_updated/)* [Samsung boosts bug bounty to a cool million for cracks of the Knox Vault subsystem](https://www.theregister.com/2024/08/08/samsung_microsoft_big_bug_bounty/)* [Microsoft paid Tenable a bug bounty for an Azure flaw it says doesn’t need a fix, just better documentation](https://www.theregister.com/2024/06/05/tenable_azure_flaw/)* [Poking holes in Google tech bagged bug hunters $10M](https://www.theregister.com/2024/03/13/google_2023_bug_bounties/)The bounty platforms are on the front lines of this trend, and HackerOne’s Sprague says two-thirds of the reports they are getting these days ‘end up being valid vulnerabilities.’ To filter out the spam, the platform will be using AI moderation to examine reports and determine if they are valid exploits.But she said that software slipup seekers are gearing up as well, investing in automated scanning kit that will take a lot of the fingerwork out of scanning code.’We do see many of the bug hunters that I meet with have already adopted some amount of automation to facilitate their hunting,’ she said. ‘There’s even other researchers that have developed their own hack bots, or are contributing to commercially developed bots. So we’re seeing the researcher community increasingly invest in these sources of automation to scale their capacity.’Will AI eclipse the human hacker? This hack doubts it. LLMs work on past information, and the intuitive leaps needed to spot serious problems appear to be beyond it, for now. ® **Get our** [Tech Resources](https://whitepapers.theregister.com/) Share [](https://www.reddit.com/submit?url=https://www.theregister.com/2025/08/24/bug_bounty_advice/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Bug%20bounties%3a%20The%20good%2c%20the%20bad%2c%20and%20the%20frankly%20ridiculous%20ways%20to%20do%20it) [](https://twitter.com/intent/tweet?text=Bug%20bounties%3a%20The%20good%2c%20the%20bad%2c%20and%20the%20frankly%20ridiculous%20ways%20to%20do%20it&url=https://www.theregister.com/2025/08/24/bug_bounty_advice/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister) [](https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2025/08/24/bug_bounty_advice/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook) [](https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2025/08/24/bug_bounty_advice/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Bug%20bounties%3a%20The%20good%2c%20the%20bad%2c%20and%20the%20frankly%20ridiculous%20ways%20to%20do%20it&summary=For%20incentives%20remember%20the%20three%20Fs%20%e2%80%93%20finance%2c%20fame%2c%20and%20fixing%20it) [](https://api.whatsapp.com/send?text=https://www.theregister.com/2025/08/24/bug_bounty_advice/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp) #### More about* [Bug Bounty](/Tag/Bug%20Bounty/)* [Security](/Tag/Security/)* [Software](/Tag/Software/) More like these × ### More about* [Bug Bounty](/Tag/Bug%20Bounty/)* [Security](/Tag/Security/)* [Software](/Tag/Software/) ### Narrower topics* [2FA](/Tag/2FA/)* [AdBlock Plus](/Tag/AdBlock%20Plus/)* [Advanced persistent threat](/Tag/Advanced%20persistent%20threat/)* [App](/Tag/App/)* [Application Delivery Controller](/Tag/Application%20Delivery%20Controller/)* [Audacity](/Tag/Audacity/Audio%20Editor/ ‘Disambiguation: Audio Editor’)* [Authentication](/Tag/Authentication/)* [BEC](/Tag/BEC/)* [Black Hat](/Tag/Black%20Hat/)* [BSides](/Tag/BSides/)* [CHERI](/Tag/CHERI/)* [CISO](/Tag/CISO/)* [Common Vulnerability Scoring System](/Tag/Common%20Vulnerability%20Scoring%20System/)* [Confluence](/Tag/Confluence/)* [Cybercrime](/Tag/Cybercrime/)* [Cybersecurity](/Tag/Cybersecurity/)* [Cybersecurity and Infrastructure Security Agency](/Tag/Cybersecurity%20and%20Infrastructure%20Security%20Agency/)* [Cybersecurity Information Sharing Act](/Tag/Cybersecurity%20Information%20Sharing%20Act/)* [Database](/Tag/Database/)* [Data Breach](/Tag/Data%20Breach/)* [Data Protection](/Tag/Data%20Protection/)* [Data Theft](/Tag/Data%20Theft/)* [DDoS](/Tag/DDoS/)* [DEF CON](/Tag/DEF%20CON/)* [Digital certificate](/Tag/Digital%20certificate/)* [Encryption](/Tag/Encryption/)* [End Point Protection](/Tag/End%20Point%20Protection/)* [Exploit](/Tag/Exploit/)* [Firewall](/Tag/Firewall/)* [FOSDEM](/Tag/FOSDEM/)* [FOSS](/Tag/FOSS/)* [Grab](/Tag/Grab/)* [Graphics Interchange Format](/Tag/Graphics%20Interchange%20Format/)* [Hacker](/Tag/Hacker/)* [Hacking](/Tag/Hacking/)* [Hacktivism](/Tag/Hacktivism/)* [IDE](/Tag/IDE/)* [Identity Theft](/Tag/Identity%20Theft/)* [Image compression](/Tag/Image%20compression/)* [Incident response](/Tag/Incident%20response/)* [Infosec](/Tag/Infosec/)* [Infrastructure Security](/Tag/Infrastructure%20Security/)* [Jenkins](/Tag/Jenkins/)* [Kenna Security](/Tag/Kenna%20Security/)* [Legacy Technology](/Tag/Legacy%20Technology/)* [LibreOffice](/Tag/LibreOffice/)* [Map](/Tag/Map/)* [Microsoft 365](/Tag/Microsoft%20365/)* [Microsoft Office](/Tag/Microsoft%20Office/)* [Microsoft Teams](/Tag/Microsoft%20Teams/)* [Mobile Device Management](/Tag/Mobile%20Device%20Management/)* [NCSAM](/Tag/NCSAM/)* [NCSC](/Tag/NCSC/)* [OpenOffice](/Tag/OpenOffice/)* [Palo Alto Networks](/Tag/Palo%20Alto%20Networks/)* [Password](/Tag/Password/)* [Personally Identifiable Information](/Tag/Personally%20Identifiable%20Information/)* [Phishing](/Tag/Phishing/)* [Programming Language](/Tag/Programming%20Language/)* [QR code](/Tag/QR%20code/)* [Quantum key distribution](/Tag/Quantum%20key%20distribution/)* [Ransomware](/Tag/Ransomware/)* [Remote Access Trojan](/Tag/Remote%20Access%20Trojan/)* [Retro computing](/Tag/Retro%20computing/)* [REvil](/Tag/REvil/)* [RSA Conference](/Tag/RSA%20Conference/)* [Search Engine](/Tag/Search%20Engine/)* [Software bug](/Tag/Software%20bug/)* [Software License](/Tag/Software%20License/)* [Spamming](/Tag/Spamming/)* [Spyware](/Tag/Spyware/)* [Surveillance](/Tag/Surveillance/)* [Text Editor](/Tag/Text%20Editor/)* [TLS](/Tag/TLS/)* [Trojan](/Tag/Trojan/)* [Trusted Platform Module](/Tag/Trusted%20Platform%20Module/)* [User interface](/Tag/User%20interface/)* [Visual Studio](/Tag/Visual%20Studio/)* [Visual Studio Code](/Tag/Visual%20Studio%20Code/)* [Vulnerability](/Tag/Vulnerability/)* [Wannacry](/Tag/Wannacry/)* [WebAssembly](/Tag/WebAssembly/)* [Web Browser](/Tag/Web%20Browser/)* [WordPress](/Tag/WordPress/)* [Zero trust](/Tag/Zero%20trust/) #### More aboutShare [](https://www.reddit.com/submit?url=https://www.theregister.com/2025/08/24/bug_bounty_advice/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Bug%20bounties%3a%20The%20good%2c%20the%20bad%2c%20and%20the%20frankly%20ridiculous%20ways%20to%20do%20it) [](https://twitter.com/intent/tweet?text=Bug%20bounties%3a%20The%20good%2c%20the%20bad%2c%20and%20the%20frankly%20ridiculous%20ways%20to%20do%20it&url=https://www.theregister.com/2025/08/24/bug_bounty_advice/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister) [](https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2025/08/24/bug_bounty_advice/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook) [](https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2025/08/24/bug_bounty_advice/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Bug%20bounties%3a%20The%20good%2c%20the%20bad%2c%20and%20the%20frankly%20ridiculous%20ways%20to%20do%20it&summary=For%20incentives%20remember%20the%20three%20Fs%20%e2%80%93%20finance%2c%20fame%2c%20and%20fixing%20it) [](https://api.whatsapp.com/send?text=https://www.theregister.com/2025/08/24/bug_bounty_advice/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp) POST A COMMENT #### More about* [Bug Bounty](/Tag/Bug%20Bounty/)* [Security](/Tag/Security/)* [Software](/Tag/Software/) More like these × ### More about* [Bug Bounty](/Tag/Bug%20Bounty/)* [Security](/Tag/Security/)* [Software](/Tag/Software/) ### Narrower topics* [2FA](/Tag/2FA/)* [AdBlock Plus](/Tag/AdBlock%20Plus/)* [Advanced persistent threat](/Tag/Advanced%20persistent%20threat/)* [App](/Tag/App/)* [Application Delivery Controller](/Tag/Application%20Delivery%20Controller/)* [Audacity](/Tag/Audacity/Audio%20Editor/ ‘Disambiguation: Audio Editor’)* [Authentication](/Tag/Authentication/)* [BEC](/Tag/BEC/)* [Black Hat](/Tag/Black%20Hat/)* [BSides](/Tag/BSides/)* [CHERI](/Tag/CHERI/)* [CISO](/Tag/CISO/)* [Common Vulnerability Scoring System](/Tag/Common%20Vulnerability%20Scoring%20System/)* [Confluence](/Tag/Confluence/)* [Cybercrime](/Tag/Cybercrime/)* [Cybersecurity](/Tag/Cybersecurity/)* [Cybersecurity and Infrastructure Security Agency](/Tag/Cybersecurity%20and%20Infrastructure%20Security%20Agency/)* [Cybersecurity Information Sharing Act](/Tag/Cybersecurity%20Information%20Sharing%20Act/)* [Database](/Tag/Database/)* [Data Breach](/Tag/Data%20Breach/)* [Data Protection](/Tag/Data%20Protection/)* [Data Theft](/Tag/Data%20Theft/)* [DDoS](/Tag/DDoS/)* [DEF CON](/Tag/DEF%20CON/)* [Digital certificate](/Tag/Digital%20certificate/)* [Encryption](/Tag/Encryption/)* [End Point Protection](/Tag/End%20Point%20Protection/)* [Exploit](/Tag/Exploit/)* [Firewall](/Tag/Firewall/)* [FOSDEM](/Tag/FOSDEM/)* [FOSS](/Tag/FOSS/)* [Grab](/Tag/Grab/)* [Graphics Interchange Format](/Tag/Graphics%20Interchange%20Format/)* [Hacker](/Tag/Hacker/)* [Hacking](/Tag/Hacking/)* [Hacktivism](/Tag/Hacktivism/)* [IDE](/Tag/IDE/)* [Identity Theft](/Tag/Identity%20Theft/)* [Image compression](/Tag/Image%20compression/)* [Incident response](/Tag/Incident%20response/)* [Infosec](/Tag/Infosec/)* [Infrastructure Security](/Tag/Infrastructure%20Security/)* [Jenkins](/Tag/Jenkins/)* [Kenna Security](/Tag/Kenna%20Security/)* [Legacy Technology](/Tag/Legacy%20Technology/)* [LibreOffice](/Tag/LibreOffice/)* [Map](/Tag/Map/)* [Microsoft 365](/Tag/Microsoft%20365/)* [Microsoft Office](/Tag/Microsoft%20Office/)* [Microsoft Teams](/Tag/Microsoft%20Teams/)* [Mobile Device Management](/Tag/Mobile%20Device%20Management/)* [NCSAM](/Tag/NCSAM/)* [NCSC](/Tag/NCSC/)* [OpenOffice](/Tag/OpenOffice/)* [Palo Alto Networks](/Tag/Palo%20Alto%20Networks/)* [Password](/Tag/Password/)* [Personally Identifiable Information](/Tag/Personally%20Identifiable%20Information/)* [Phishing](/Tag/Phishing/)* [Programming Language](/Tag/Programming%20Language/)* [QR code](/Tag/QR%20code/)* [Quantum key distribution](/Tag/Quantum%20key%20distribution/)* [Ransomware](/Tag/Ransomware/)* [Remote Access Trojan](/Tag/Remote%20Access%20Trojan/)* [Retro computing](/Tag/Retro%20computing/)* [REvil](/Tag/REvil/)* [RSA Conference](/Tag/RSA%20Conference/)* [Search Engine](/Tag/Search%20Engine/)* [Software bug](/Tag/Software%20bug/)* [Software License](/Tag/Software%20License/)* [Spamming](/Tag/Spamming/)* [Spyware](/Tag/Spyware/)* [Surveillance](/Tag/Surveillance/)* [Text Editor](/Tag/Text%20Editor/)* [TLS](/Tag/TLS/)* [Trojan](/Tag/Trojan/)* [Trusted Platform Module](/Tag/Trusted%20Platform%20Module/)* [User interface](/Tag/User%20interface/)* [Visual Studio](/Tag/Visual%20Studio/)* [Visual Studio Code](/Tag/Visual%20Studio%20Code/)* [Vulnerability](/Tag/Vulnerability/)* [Wannacry](/Tag/Wannacry/)* [WebAssembly](/Tag/WebAssembly/)* [Web Browser](/Tag/Web%20Browser/)* [WordPress](/Tag/WordPress/)* [Zero trust](/Tag/Zero%20trust/) #### TIP US OFF[Send us news](https://www.theregister.com/Profile/contact/)[#### Perplexity’s Comet browser naively processed pages with evil instructionsupdated Rival Brave flags prompt injection vulnerability, now patchedAI + ML4 days -| 7](/2025/08/20/perplexity_comet_browser_prompt_injection/?td=keepreading) [#### Microsoft stays mum about M365 Copilot on-demand security bypassUPDATED Redmond doesn’t bother informing customers about some security fixesSecurity3 days -| 8](/2025/08/20/microsoft_mum_about_m365_copilot/?td=keepreading) [#### AI model ‘personalities’ shape the quality of generated codeBut despite the differences, all models excel at making errors and shouldn’t be trustedAI + ML11 days -| 1](/2025/08/13/ai_model_personalities_shape_the/?td=keepreading) [#### How fixed wireless access can bridge the digital divide wherever you areWireless reaches the parts fiber can’tSponsored feature](/2025/08/11/how_fixed_wireless_access/?td=keepreading) [#### Vision AI models see optical illusions when none existWhen is a duck not also a rabbit? When it’s a canardAI + ML5 days -| 34](/2025/08/19/vision_language_models_see_illusions/?td=keepreading) [#### Facial recognition works better in the lab than on the street, researchers showHigh accuracy scores come from conditions that don’t reflect real-world usageResearch5 days -| 31](/2025/08/18/facial_recognition_benchmarks/?td=keepreading) [#### Claude Code’s copious coddling confounds cross customersNever mind the errors, we’ve had it with ‘You’re absolutely right!’AI + ML11 days -| 15](/2025/08/13/claude_codes_copious_coddling_confounds/?td=keepreading) [#### McDonald’s not lovin’ it when hacker exposes nuggets of rotten securityBurger slinger gets a McRibbing, reacts by firing staffer who helpedSecurity4 days -| 68](/2025/08/20/mcdonalds_terrible_security/?td=keepreading) [#### Poisoned telemetry can turn AIOps into AI Oops, researchers showSysadmins, your job is safeNetworks12 days -| 6](/2025/08/12/ai_models_can_be_tricked/?td=keepreading) [#### Ex-White House cyber, counter-terrorism guru: Microsoft considers security an annoyance, not a necessityComment Tells *The Reg* China’s ability to p0wn Redmond’s wares ‘gives me a political aneurysm’CSO16 days -| 40](/2025/08/08/exwhite_house_cyber_and_counterterrorism/?td=keepreading) [#### Election workers fear threats and intimidation without feds’ support in 2026Feature ‘Hope for the best, but prepare for the worst,’ one tells *The Reg*Security8 days -| 103](/2025/08/16/election_workers_fears_after_cisa_cuts/?td=keepreading) [#### Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCEMove along, nothing to see herePatches4 days -| 2](/2025/08/20/amazon_quietly_fixed_q_developer_flaws/?td=keepreading)

Related Tags:
NAICS: 334 – Computer And Electronic Product Manufacturing

NAICS: 541 – Professional

Scientific

Technical Services

NAICS: 518 – Computing Infrastructure Providers

Data Processing

Web Hosting

Related Services

NAICS: 33 – Manufacturing – Metal

Electronics And Other

NAICS: 51 – Information

Sodinokibi

REvil

Sodin

WanaCrypt0r

Associated Indicators:

Threat Intel Solutions

Bug bounties: The good, the bad, and the frankly ridiculous ways to do it

Search

Popular Posts

Dangerous runC flaws could allow hackers to escape Docker containers

Lost iPhone? Don’t fall for phishing texts saying it was found

NAKIVO Introduces v11.1 with Upgraded Disaster Recovery and MSP Features

Categories

Pages

Archives

Tags

Follow Us