All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.
First reported by bsky
AMD denies $10,000 bug bounty to researcher who found critical auto-updater RCE vulnerability

AMD Refuses $10,000 Bug Bounty to Researcher Who Found Critical HTTP Vulnerability in Auto-Updater

By

Al Landes

17h ago· 3 min readenNews
Bagel score 85 of 100
85/100
Golden Brown
Bagelometer

If you only eat one bagel today, this is the bagel.

Score85TypenewsSentimentnegative

Summary

Security researcher Paul LaRosa discovered a critical vulnerability in AMD's auto-updater, which downloaded software over insecure HTTP connections, allowing network attackers to inject malicious code during updates. AMD took 124 days to fix the flaw but refused to pay the $10,000 bug bounty, stiffing the researcher despite using his findings to patch the issue.

Key quotes

· 3 pulled
AMD refused $10,000 bounty to researcher Paul LaRosa despite fixing HTTP vulnerability in Windows auto-updater
Finding a critical security vulnerability should get you rewarded, not stiffed.
A trusted update process became an open highway for malware
Snippet from the RSS feed
AMD's auto-updater downloaded software over insecure HTTP, letting attackers inject malware during updates before a 124-day delayed fix.

You might also wanna read

AMD denies $10,000 bug bounty to researcher who found critical auto-updater RCE vulnerability

AMD denied a security researcher a $10,000 bug bounty after the researcher discovered and reported a critical remote code execution vulnerab

tomshardware.com·17h ago

GitHub patches critical remote code execution vulnerability in under six hours after AI-assisted discovery

GitHub patched a critical remote code execution vulnerability in under six hours last month. The flaw, discovered by Wiz Research using AI m

The Verge·1mo ago

AI discovers 271 Firefox vulnerabilities, signaling security debt repayment

Mozilla discovered 271 previously unknown Firefox vulnerabilities in just days using AI-powered testing, bugs that millions of automated tes

buff.ly·17d ago

Google Launches AI Bug Bounty Program with Rewards Up to $30,000

Google has launched a new bug bounty program specifically targeting AI-related vulnerabilities in its products. The program offers rewards u

The Verge·8mo ago

OpenAI Codex helps researchers discover HTTP/2 denial-of-service exploit affecting major web servers

OpenAI's Codex AI agent helped security researchers discover a new HTTP/2 denial-of-service exploit called "HTTP/2 Bomb" that chains togethe

theregister.com·6d ago

AI-Powered Bug Discovery Finds 271 Hidden Vulnerabilities in Firefox, Signaling New Era for Software Security

Security Now episode 1080 analyzed how frontier AI models (specifically Claude) discovered 271 hidden bugs in Firefox's codebase, as documen

twit.tv·16d ago