Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

HackerOne Internet Bug Bounty pauses new vulnerability submissions

Security Tool/Service
First reported
Last updated
Happening score
H score 10
1 unique sources, 1 articles

Summary

Hide ▲

HackerOne paused new vulnerability submissions to its Internet Bug Bounty (IBB) program, a change that alters how a major crowdsourced vulnerability platform operates. The move reflects a growing mismatch between AI-assisted discovery and open source remediation capacity, with knock-on effects for projects that rely on bounty funding.

Related Happenings

OpenAI launches Daybreak cybersecurity initiative for AI-powered vulnerability detection and patch validation

Security Tool/Service
First: 12.05.2026 09:55 Last: 12.05.2026 09:55 Sources 1

About this happening: OpenAI's **Daybreak** launch adds an **AI-powered cybersecurity service** for **vulnerability detection** and **patch validation**, helping organizations fix flaws before attacker...

Open Happening

OpenAI Safety Bug Bounty launch

Commercial Activity
First: 26.03.2026 14:20 Last: 26.03.2026 14:20 Sources 1

About this happening: **OpenAI** launched the **Safety Bug Bounty** on **Bugcrowd**, expanding researcher coverage for **AI abuse** and **safety risks** across its products. The new program complements...

Open Happening

Curl ends HackerOne bug bounty and shifts security reporting to GitHub

Security Tool/Service
First: 22.01.2026 21:01 Last: 22.01.2026 21:01 Sources 1

About this happening: **curl** is ending its **HackerOne** bug bounty program and moving vulnerability reporting to **GitHub**, cutting off monetary rewards after a surge of low-quality submissions. Th...

Open Happening

BeaverTail and InvisibleFerret backdoor delivery via malicious VS Code task abuse

Malware Activity
First: 20.01.2026 20:41 Last: 20.01.2026 20:41 Sources 1

About this happening: **North Korean** threat actors tied to **Contagious Interview** are using **malicious Visual Studio Code (VS Code) tasks** and injected code in **compromised developer repositorie...

Latest development: 22.04.2026 17:48

North Korean actor Void Dokkaebi, aka Famous Chollima, is turning the Contagious Interview fake-job lure into a self-propagating software supply-chain infection that abuses compromised developer repositories, malicious VS Code tasks, and injected code to spread malware and steal credentials. The campaign targets developers seeking work, can hide a poisoned .vscode folder in committed code, and Trend Micro said it found more than 750 infected code repositories, more than 500 malicious VS Code task configurations, and 101 commit-tampering instances in March.

Open Happening

Timeline

  1. 08.04.2026 22:47 2 articles · 1mo ago

    HackerOne pauses new Internet Bug Bounty submissions

    Initial Disclosure

    HackerOne paused accepting new vulnerability submissions to its Internet Bug Bounty (IBB) program effective March 27, citing a widening imbalance between vulnerability discoveries and open source maintainers' remediation capacity as AI-assisted research increased discovery volume and speed.

    Show sources
    Open in new tab
  2. 08.04.2026 22:47 1 articles · 1mo ago

    Node.js bounty pause and industry reaction follow HackerOne's decision

    Industry Or Public Sector Update

    After HackerOne's pause, the open source Node.js project also paused its bug bounty program because funding previously available via HackerOne was lost, while security leaders at SOCRadar, Minimus, Bugcrowd, and FusionAuth warned that AI-generated report volume is driving triage fatigue and exposing an industry-wide remediation bottleneck.

    Show sources
    Open in new tab