Posts tagged with #bug-bounty

Node.js Bug Bounty Program Paused Amid Funding Shortfall and AI Report Deluge

April 7, 2026

The Node.js project has halted its decade-old bug bounty program due to depleted external funding and an overwhelming influx of low-quality, AI-generated vulnerability reports. This decision raises concerns about maintaining robust security within a critical JavaScript runtime environment.

#node.js #security #bug-bounty #open-source #vulnerability

Critical Mintlify Vulnerability Exposed Major Tech Giants' Data, Discovered by 16-Year-Old

December 26, 2025

A severe supply chain vulnerability in the Mintlify documentation platform allowed for widespread compromise of clients including Discord, Vercel, and Twitter. Discovered by a 16-year-old researcher, the flaw exposed environment variables and enabled potent XSS attacks.

#security #vulnerability #supply-chain #mdx #bug-bounty