Frustration grows in Queensland over the invasive Indian myna bird, dubbed the "cane toad of the sky." A patchwork of local efforts, including bounty programs and trapping, highlights the lack of a coordinated state or national strategy to control the species, which threatens native wildlife and human health.
AI is flooding bug bounty programs with fake reports, forcing companies like Nextcloud and HackerOne to suspend them. This surge in low-quality submissions strains security teams and impacts the effectiveness of these programs, despite significant payouts in the past.
Generative AI tools are overwhelming bug bounty programs with fake reports, forcing companies to suspend payouts and increasing workload for cybersecurity professionals. The influx of low-quality submissions is straining resources and prompting a shift towards stricter verification and defensive AI.
Bug bounty programs are struggling with a surge of low-quality reports generated by AI, leading some companies like Curl and Nextcloud to suspend their programs. While AI can help researchers find flaws faster, it has also lowered the barrier to entry, causing an influx of automated or erroneous submissions that are overwhelming security teams.
ZetaChain lost approximately $334,000 in a premeditated exploit on Sunday that targeted its cross-chain gateway contract. The vulnerability had been previously flagged through the protocol's bug bounty program but was dismissed as intended behavior. The attacker exploited three design flaws in combination: unrestricted cross-chain instructions, broad execution permissions with a narrow blocklist, and lingering unlimited spending approvals from previous gateway users. No user funds were affected. A patch disabling arbitrary call functionality is being deployed.
OpenAI has launched a Bio Bug Bounty programme offering $25,000 to security researchers who can bypass GPT-5.5's biological safety guardrails. The programme, which opened applications on April 23, challenges participants to find a universal jailbreak prompt capable of getting the model to answer all five biosafety challenge questions without triggering moderation. Access is limited to Codex Desktop, and participants must be vetted and sign NDAs.
