Microsoft updated the MVR leaderboard after fixing a scoring issue! I moved from 81st to 69th globally 🔥 Also earned the Digital Badge for volume (5+ valid reports)! Grateful for the recognition — let’s keep pushing! 🚀
@msftsecresponse
As announced by Tom Gallagher (@secbughunter), VP of Engineering, MSRC, on stage at Black Hat Europe, we’re evolving our bug bounty program. Now, high-severity vulnerabilities that directly impact Microsoft online services are eligible for bounty awards, whether the code is Microsoft-owned, third-party, or open source.
This expanded scope applies retroactively to cases from the past 90 days, ensuring recent impactful research is recognized and rewarded. These payments have already begun.
Learn more about the changes, our commitment to the security community, and how you can participate: https://t.co/xkBJ285tAM
#BHEU
Cloudflare has recently started blocking proxy tools like Burp Suite by identifying their unique TLS and request fingerprints.
If you encounter this issue, install the “Bypass Bot Detection” extension from the BApp Store. This extension spoofs Burp’s TLS fingerprint, making it appear like normal browser traffic and bypass it.
Microsoft updated the MVR leaderboard after fixing a scoring issue! I moved from 81st to 69th globally 🔥 Also earned the Digital Badge for volume (5+ valid reports)! Grateful for the recognition — let’s keep pushing! 🚀
@msftsecresponse
Thank you @msftsecresponse for the amazing swag box!
Grateful for the collaboration in making
Microsoft products safer and protecting millions of users. 💙🔐
🎉 Excited to share an amazing milestone! I received my highest bounty ever from a security report that required a lot of learning, effort, and dedication. Grateful to everyone who made this journey possible! 🚀
@msftsecresponse#bugbounty#bugbountytips
Hackers,
To make our pricing fairer worldwide, we’re trying out localized pricing.
We’re starting with Brazil 🇧🇷, with Individual plan prices dropping by about 50%.
💸 Monthly: ~110 BRL → 55 BRL
💸 Yearly: ~1,100 BRL → 550 BRL
Which country should we do next?
https://t.co/DMyhYUX9yb
Are you a security researcher hoping to qualify for Zero Day Quest or looking to level up your research game? MSRC invites you to a two-part series of candid conversations with our internal researchers, designed to help you sharpen your skills and stay inspired during the Research Challenge.
In each session, we’ll explore how security researchers approach their work, from identifying new opportunities to navigating challenges and solving complex problems. Whether you're just starting out or deep into your research journey, you'll gain practical insights and lessons learned.
Featured speakers:
Estevam Arantes (@Es7evam), Security Software Engineer, Microsoft
Santiago Zanella-Béguelin (@xEFFFFFFF), Principal Researcher, Microsoft
Mark your calendars:
Security Chats: Inside the Research Process
🗓️ Part 1: August 26, 2025 | 10–11 AM PT
🗓️ Part 2: September 3, 2025 | 10–11 AM PT
Register now: https://t.co/jgKFYVemcg
#ZeroDayQuest