All news with #bug bounty tag

Zero Day Quest returns with up to $5M bounties for Cloud

🔒 Microsoft is relaunching Zero Day Quest with up to $5 million in total bounties for high-impact Cloud and AI security research. The Research Challenge runs 4 August–4 October 2025 and focuses on targeted scenarios across Azure, Copilot, Dynamics 365 and Power Platform, Identity, and M365. Eligible critical findings receive a +50% bounty multiplier, and top contributors may be invited to an exclusive live hacking event at Microsoft’s Redmond campus in Spring 2026. Participants will have access to training from the AI Red Team, MSRC, and product teams, and Microsoft will support transparent, responsible disclosure.

Microsoft .NET Bounty Program Increases Awards to $40,000

🛡️ Microsoft has updated the .NET Bounty Program, expanding scope and increasing maximum payouts to $40,000 for high-impact vulnerabilities. The program now covers all supported versions of .NET and ASP.NET (including Blazor and F#), repository templates, and GitHub Actions in .NET repositories. Awards are now tied to explicit severity and report quality criteria, with higher payments for complete, exploit-backed reports.

Microsoft .NET Bounty Program Raises Awards to $40,000

🔒 Microsoft has expanded the .NET Bounty Program, increasing maximum awards to $40,000 and broadening coverage to include all supported .NET and ASP.NET versions, adjacent technologies like F#, templates, and GitHub Actions. The program simplifies award tiers, aligns impact categories with other Microsoft bounty programs, and defines report quality as complete (working exploit) or not complete, encouraging detailed, actionable submissions.

MSRC Announces 2025 Most Valuable Security Researchers

🏆 The Microsoft Security Response Center (MSRC) announced its 2025 Most Valuable Researchers (MVRs), recognizing security researchers who submitted valid vulnerability reports under Coordinated Vulnerability Disclosure. The Top 10 MVRs were ranked by total points earned for valid reports submitted between July 1, 2024 and June 30, 2025, and MSRC also highlights annual Technical Leaderboards by product area such as Azure, Office, Windows, and Dynamics 365. Awardees receive digital badges and MSRC swag boxes, and badges recognize achievements for Accuracy, Impact, and Volume.

MSRC 2025 Q2 Security Researcher Leaderboard Top Picks

🏆 Congratulations to the researchers recognized on the MSRC 2025 Q2 Leaderboard. The top three overall are wkai, Brad Schlintz (nmdhkr), and 0x140ce, with category leaders across Azure, Office, Windows, and Dynamics. The leaderboard reflects assessments completed April 1–June 30, 2025, and includes cases submitted earlier but assessed in Q2. MSRC also notes that Researcher Recognition points are now visible in the researcher portal to improve transparency.

Rising Star: Dylan, MSRC’s Youngest Security Researcher

🔒 At 13, Dylan became the youngest researcher to collaborate with the Microsoft Security Response Center (MSRC), demonstrating notable technical skill, persistence, and professional communication. He progressed from Scratch to HTML and source-code analysis, discovering vulnerabilities in Teams and other services and reporting them responsibly. His findings influenced bug bounty terms to admit younger researchers while he continues to balance school, competitions, and extracurriculars.