Bug Bounties

Portugal updates cybercrime law to protect ethical hackers

SC StaffDecember 11, 2025

The new law, Article 8-A, carves out exceptions for actions that might otherwise be deemed illegal, such as unauthorized system access, provided the researcher acts solely in the public interest of cybersecurity.

Vulnerability Management

Bikers, Apple, Storm-657, Astaroth, EES, Salesforce, Aaran Leyland, and more… – SWN #520

October 14, 2025

Bikers, Apple, Storm-657, Astaroth, EES, Salesforce, Aaran Leyland, and more on the Security Weekly News.

Bug Bounties

Apple ups RCE flaw bug bounty to $2 million

SC StaffOctober 13, 2025

Apple has increased financial rewards for zero-click remote code execution vulnerabilities by twofold to $2 million as part of an updated bug bounty program, Security Affairs reports.

AI/ML

New AI vulnerability bounty program unveiled by Google

SC StaffOctober 9, 2025

SecurityWeek reports that Google has introduced a new AI Vulnerability Reward Program, which expands on its 2023 Abuse VRP, aimed at identifying security flaws and abuse issues across its artificial intelligence products.

Cloud Security

Wiz launches $4.5M cloud-, AI-targeted hacking contest

SC StaffOctober 7, 2025

Wiz's research arm, in partnership with AWS, Google Cloud, and Microsoft, has launched Zeroday Cloud, a bug-hunting contest that will award a total of $4.5 million in bounties at the Black Hat Europe conference, according to BleepingComputer.

Threat Intelligence

What We’ve Learned from LockBit and Black Basta Leaks (and News) – Ian Gray – PSW #888

August 21, 2025

This segment is sponsored by Flashpoint. Visit https://securityweekly.com/flashpoint to learn more about them! Recent leaks tied to LockBit and Black Basta have exposed the inner workings of two of the most notorious ransomware groups—revealing their tactics, negotiation strategies, and operational infrastructure. For defenders, this rare window ...

Bug Bounties

ZDI to offer $1M for WhatsApp zero-click exploit

SC StaffAugust 4, 2025

Bounties of up to $1 million will be provided by the Zero Day Initiative for cybersecurity researchers reporting a zero-click remote code execution exploit in WhatsApp at this year's Pwn2Own Ireland hacking contest, which is co-sponsored by WhatsApp parent firm Meta, QNAP, and Synology, BleepingComputer reports.

Vulnerability Management

Alleged Aeroflot data exposed amid breach repudiation

SC StaffAugust 4, 2025

Aeroflot, Russia's flag carrier, had travel information purportedly from its CEO Sergei Aleksandrovsky leaked by Belarusian hacktivist operation Cyber Partisans after Russian internet watchdog Roskomnadzor refuted any data breach resulting from last week's massive cyberattack that has prompted the cancellation of more than 50 flights, reports The Record, a news site by cybersecurity firm Recorded Future.

Bug Bounties

Portugal updates cybercrime law to protect ethical hackers

Bikers, Apple, Storm-657, Astaroth, EES, Salesforce, Aaran Leyland, and more… – SWN #520

Apple ups RCE flaw bug bounty to $2 million

New AI vulnerability bounty program unveiled by Google

Wiz launches $4.5M cloud-, AI-targeted hacking contest

What We’ve Learned from LockBit and Black Basta Leaks (and News) – Ian Gray – PSW #888

ZDI to offer $1M for WhatsApp zero-click exploit

Alleged Aeroflot data exposed amid breach repudiation

Fast Five

Selected by the SC Media Editorial team every Tuesday.