Wednesday , April 2 2025
365 Bounty

Microsoft to boost M365 bounty program rewards Up to $27,000

Microsoft has announced a major expansion of its Microsoft 365 Bounty Program. The program now covers new Viva products for identifying vulnerabilities, offering rewards up to $27,000 for critical submissions.

This update highlights Microsoft’s commitment to improving software security and promoting global collaboration in finding vulnerabilities.

Check Point said BreachForum post old data

Israeli cybersecurity firm Check Point has responded to a hacker who claimed to have stolen valuable information from its systems....
Read More
Check Point said BreachForum post old data

Apple Warns of 3 Zero Day Vulns Actively Exploited

Apple has issued an urgent security advisory about 3 critical zero-day vulnerabilities—CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085—that are being actively exploited in...
Read More
Apple Warns of 3 Zero Day Vulns Actively Exploited

24,000 unique IP attempted to access Palo Alto GlobalProtect portals

GreyNoise has detected a sharp increase in login scanning aimed at Palo Alto Networks PAN-OS GlobalProtect portals. In the past...
Read More
24,000 unique IP attempted to access Palo Alto GlobalProtect portals

CVE-2025-1268
Patch urgently! Canon Fixes Critical Printer Driver Flaw

Canon has announced a critical security vulnerability, CVE-2025-1268, in printer drivers for its production printers, multifunction printers, and laser printers....
Read More
CVE-2025-1268  Patch urgently! Canon Fixes Critical Printer Driver Flaw

Within Minute, RamiGPT To Escalate Privilege Gaining Root Access

RamiGPT is an AI security tool that targets root accounts. Using PwnTools and OpwnAI, it quickly navigated privilege escalation scenarios...
Read More
Within Minute, RamiGPT To Escalate Privilege Gaining Root Access

Australian fintech database exposed in 27000 records

Cybersecurity researcher Jeremiah Fowler recently revealed a sensitive data exposure involving the Australian fintech company Vroom by YouX, previously known...
Read More
Australian fintech database exposed in 27000 records

Over 200 Million Info Leaked Online Allegedly Belonging to X

Safety Detectives' Cybersecurity Team found a forum post where a threat actor shared a .CSV file with over 200 million...
Read More
Over 200 Million Info Leaked Online Allegedly Belonging to X

FBI investigating cyberattack at Oracle, Bloomberg News reports

The Federal Bureau of Investigation (FBI) is probing the cyberattack at Oracle (ORCL.N), opens new tab that has led to...
Read More
FBI investigating cyberattack at Oracle, Bloomberg News reports

OpenAI Offering $100K Bounties for Critical Vulns

OpenAI has increased its maximum bug bounty payout to $100,000, up from $20,000, to encourage the discovery of critical vulnerabilities...
Read More
OpenAI Offering $100K Bounties for Critical Vulns

Splunk Alert User RCE and Data Leak Vulns

Splunk has released a security advisory about critical vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These issues could lead...
Read More
Splunk Alert User RCE and Data Leak Vulns

The expanded scope introduces four new Viva products to the program:

Feature Access Control
Glint
Learning
Pulse

These additions are meant to improve the security of the Viva suite, part of Microsoft’s employee experience platform.

Viva works seamlessly with Microsoft Teams and other M365 apps, providing tools for employee engagement, learning, and productivity.

Researchers can now submit vulnerabilities in these components under the categories of “Critical” and “Important,” depending on severity.

Yammer has been rebranded as Viva Engage to unify Microsoft’s Viva product line. Bounty rewards range from $500 to $27,000 USD based on the severity and quality of vulnerability reports.

Critical vulnerabilities in new Viva products qualify for the highest reward. This encourages researchers to tackle important issues that could harm users if ignored. To be eligible for rewards, submissions must meet Microsoft’s strict criteria in their Bounty Terms and Conditions.

Technical Focus Areas:

The M365 Bounty Program encourages researchers to explore certain areas and features of Microsoft 365 services.

The addition of Viva products will likely focus vulnerability assessments on access control, data integrity, and user authentication.

The program’s goal is to identify flaws that could compromise data security or system functionality. For instance:

In Feature Access Control, researchers might examine how permissions are enforced across different user roles.
In Viva Learning, they could analyze integrations with external learning management systems (LMS) or data-sharing protocols.
Pulse and Glint, which focus on employee feedback and analytics, may require scrutiny for potential data leaks or unauthorized access vulnerabilities.
Security researchers interested in participating can visit Microsoft’s official M365 Bounty Program page for detailed guidelines.

Submissions must contain clear proof-of-concept code or steps to reproduce the vulnerability. Reports are assessed for impact, exploitability, and clarity.

Cyber threats are constantly changing, so programs like these are essential for protecting digital environments and enabling ethical hackers to contribute effectively.

Check Also

AI ENGINEERING HACKATHON

Register Now
AI Engineering Hackathon: Registration Open

On April 19, 2025 (Saturday), Brain Station 23 and Poridhi are jointly going to organize …

Leave a Reply

Your email address will not be published. Required fields are marked *