A security researcher known as brutecat has disclosed how an AI-driven fuzzing pipeline uncovered more than $500,000 in vulnerabilities across Google’s infrastructure in under three months, exposing systemic access-control failures hidden inside roughly 1,500 APIs. The researcher began by...

#Update

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

Researcher Hacked Google Using AI and Earned $500,000 Bug Bounty

VERWANDTEARTIKEL

CVE-2026-48547 - KanaDojo < 0.1.18 Command Injection via patchNotesData.json in release.yml

CVE-2026-10520 Exploited: Ivanti Sentry Gateways Compromised Shortly After Patch Release

CISA Requires Federal Agencies to Patch Critical Vulnerabilities Within 3 Days

CVE-2026-49982 - tmp: Type-confusion bypass of _assertPath in [email protected] allows path traversal via non-string prefix/postfix/template

CVE-2026-44492 - Axios: shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)

GitHub to Automate Disable npm Script Installs to Block Supply Chain Attacks