Security Affairs
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

NordVPN announced the launch of a bug bounty program

The popular virtual private network (VPN) service provider NordVPN announced the launch of a public bug bounty program. The virtual private network (VPN) service provider NordVPN announced the launch of a public bug bounty program. White hat hackers will receive payouts between $100 and $5,000 for each reported vulnerability. NordVPN will also pay much more […]

Russia VPN services

The popular virtual private network (VPN) service provider NordVPN announced the launch of a public bug bounty program.

The virtual private network (VPN) service provider NordVPN announced the launch of a public bug bounty program.

White hat hackers will receive payouts between $100 and $5,000 for each reported vulnerability. NordVPN will also pay much more “for especially clever or severe” vulnerabilities.

Below a reference payout range for the vulnerabilities depending on their severity levels:

  • Critical: $1000-5000+ USD
  • High: $500-1000 USD
  • Medium: $100-500 USD
  • Low: $100 USD
  • None: $0 USD

The bug bounty program will be operated via the HackerOne platform, it covers NordVPN websites (nordvpn.com and some subdomains), Chrome and Firefox browser extensions, VPN servers, and desktop and mobile applications for all platforms.

“To encourage security researchers and our user community, we commit that, if we conclude, in our sole discretion, that your submission respects and meets the requirements of this Policy and Agreements, we will not pursue civil or criminal action, or send notice to law enforcement, and we may even reward you.” reads the safe harbor terms. “Neither will we pursue civil or criminal action, or send notice to law enforcement for accidental, good faith violations of this Policy and Agreements. We reserve the sole right to make the determination of whether a violation of this policy is accidental or in good faith, and proactive contact to us before engaging in any action is a significant factor in that decision, meaning, if in doubt, ask us first.”

Participants are not allowed to disclose bugs before a patch is released and without the explicit permission of the company, white hat hackers are obliged to give at least 90 days to fix the reported vulnerabilities.

In October, NordVPN and TorGuard VPN firms were hacked and threat actors leaked the private keys used to secure their web servers and VPN configuration files. At the time NordVPN revealed that the incident involved a third-party datacenter and announced the launch of a bug bounty program.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – NordVPN, bug bounty)

[adrotate banner=”5″]

[adrotate banner=”13″]