Security Affairs
Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Zero Day Quest returns: Microsoft ups the stakes with $5M bug bounty

Microsoft offers up to $5M for Zero Day Quest 2026 bug hacking contest; top researchers join live hacking event after fall 2025 submissions. Microsoft is bringing back its live hacking contest, Zero Day Quest, in spring 2026, and this time, it’s offering up to $5 million in rewards. The competition will spotlight researchers who uncover serious […]

Zero Day Quest

Microsoft offers up to $5M for Zero Day Quest 2026 bug hacking contest; top researchers join live hacking event after fall 2025 submissions.

Microsoft is bringing back its live hacking contest, Zero Day Quest, in spring 2026, and this time, it’s offering up to $5 million in rewards. The competition will spotlight researchers who uncover serious security flaws in cloud and AI systems. This is the second time the event is being held. In the first one, Microsoft gave out $1.6 million for finding major security flaws.

“This year, Zero Day Quest is back with even more potential bounty awards: up to $5 million total for high-impact research in Cloud and AI security.” reads the announcement published by the tech giant. “This is the largest public hacking event ever, bringing together the top global security researchers for an opportunity to protect the world.”

From August 4 to October 4, 2025, security researchers can join Microsoft’s Zero Day Quest Research Challenge by submitting vulnerabilities in Azure, Copilot, Dynamics 365, Power Platform, Identity, or M365. Top findings may earn a +50% bounty bonus and a spot at the exclusive Live Hacking Event in spring 2026 at Microsoft’s Redmond campus, where leading experts will collaborate with Microsoft product teams and the Microsoft Security Response Center (MSRC) to advance security.

Microsoft encourages researchers to share their findings publicly after fixes, with support for blogs, podcasts, and videos. As part of its Secure Future Initiative (SFI), Microsoft will disclose critical vulnerabilities through the CVE program, even if no user action is needed. Insights from Zero Day Quest will be shared internally to strengthen cloud and AI security, following SFI’s principles.

“In alignment with our Coordinated Vulnerability Disclosure (CVD), researchers are encouraged to publicly discuss their findings once mitigated – with support from Microsoft through blogs, podcasts, and videos.” concludes the announcement.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Zero Day Quest)