https://hackingpassion.com/tags/bug-bounty/Recent content in Bug-Bounty on HackingPassion.com : root@HackingPassion.com-[~]HugoenSun, 31 May 2026 15:08:03 +0200https://hackingpassion.com/nightmare-eclipse-microsoft-zero-day-war/Sun, 31 May 2026 15:08:03 +0200https://hackingpassion.com/nightmare-eclipse-microsoft-zero-day-war/<p>Six working Windows attacks are sitting in the open right now, three of them already seen in a real intrusion, and the researcher who published them did it after he says Microsoft refused him, deleted the account he reported bugs through, and paid him nothing. Microsoft removed his account, called his actions criminal, and pointed at its crime unit. Both stories are out there, and the security world cannot agree on who is more to blame.</p>https://hackingpassion.com/github-rce-cve-2026-3854/Wed, 29 Apr 2026 11:54:47 +0200https://hackingpassion.com/github-rce-cve-2026-3854/<p><strong>GitHub RCE CVE.</strong> A semicolon broke GitHub. One character in a push option field, and a security researcher was running code on the backend servers that store private repositories from millions of users and organizations. The git service user that processes every push on those servers has filesystem access to every repository on the node, and that access does not check who the repository belongs to. Private code from banks, hospitals, governments, and individual developers all sits on the same shared infrastructure. The command that got the researcher there is something every developer already runs every day.</p>