With the continuous rise in cybersecurity threats, more organizations are adopting bug bounty programs as an innovative approach to improve their cyber defenses. Such programs tap into a network of cybersecurity experts who can help identify vulnerabilities that may pose a risk. Major companies including the US Department of Defense, OpenAI and Google have launched notable programs, paying out large sums for confirmed vulnerabilities ranging from low-severity findings to potentially critical risks.
Two Windows vulnerabilities, one a 0-day, are under active exploitation
Two Windows vulnerabilities—one a zero-day that has been known to attackers since 2017 and the other a critical flaw that Microsoft initially tried and failed
