Vulnerability

Microsoft has expanded its .NET bug bounty program, increasing the top reward to $40,000 for critical vulnerabilities in .NET and ASP.NET Core. The program now encompasses a wider range of technologies and offers tiered rewards based on the severity of the vulnerability, incentivizing researchers to focus on the most damaging flaws, like Remote Code Execution (RCE) and Elevation of Privilege (EoP). This move reflects Microsoft’s commitment to proactive security and leveraging external talent to identify weaknesses.

A critical security flaw affects over twenty popular audio devices, including brands like Sony, Bose, and JBL. Discovered in a widely used Bluetooth chip, the vulnerability could allow hackers to eavesdrop or steal data. Researchers demonstrated an exploit to extract media playback information and potentially hijack connections. While technically challenging, the issue is being addressed with updated software from the chip manufacturer and patches from device makers.