{"id":36780,"date":"2020-08-25T17:11:10","date_gmt":"2020-08-25T17:11:10","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/31512\/Lessons-From-15-Years-Of-Bug-Bounties.html"},"modified":"2020-08-25T17:11:10","modified_gmt":"2020-08-25T17:11:10","slug":"lessons-from-15-years-of-bug-bounties","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/lessons-from-15-years-of-bug-bounties\/","title":{"rendered":"Lessons From 15 Years Of Bug Bounties"},"content":{"rendered":"
<\/div>\n
\n

It is increasingly hard to remember a time when bug bounty programs, let alone disclosure programs, weren\u2019t so universally accepted. These days, you\u2019ll find bounties for everything from branches of the military to your toaster.<\/p>\n

Trend Micro\u2019s Zero Day Initiative, the largest vendor-agnostic bug bounty program in the world, was battle-hardened more than a decade before you could hack the Pentagon. They have purchased and disclosed vulnerabilities found by freelance hackers in everything from Windows to industrial control equipment. It\u2019s one-part public service to help disclose vulnerabilities to manufacturers, one-part research service for defenders trying to get a head start on security gaps they will need to defend.  <\/p>\n

The Initiative celebrated 15 years this week. It has disclosed more than 7,500 vulnerabilities in its time, paying out more than $20 million. Its Pwn2Own competitions have become massive events.  <\/p>\n

SC Media talked with the Zero Day Initiative Director Brian Gorenc about how the project came to be, what the last 15 years have taught him about disclosure, and that time he inadvertently rendered NSA spy tools useless.  <\/p>\n

There\u2019s a long, complicated history to bug bounty and disclosure programs. For a time, many industries were really hostile to researchers trying disclose vulnerabilities. Has that changed while ZDI has been around? Is this all normal now? <\/strong> <\/p>\n

More common in the early days was companies not understanding what was happening when we disclosed vulnerabilities, when we did disclosures before Bugcrowd and HackerOne existed.  The bug bounty service companies are very, very common now and people understand this topic.   <\/p>\n

But being a vendor-agnostic bounty program can still be confusing. We run contests designed to mimic the vulnerability grey market. Pwn2Own supplies six-figure bounties for exploits against Google Chrome, virtualization technologies and Tesla. It\u2019s hard for some people to understand the business value around offering a bounty like that, especially when we\u2019re going to get the bugs patched immediately.  If we\u2019re in Asia, people ask us if we\u2019re buying vulnerabilities for the American government. If we\u2019re in the EU, they ask us if we\u2019re from Russia. <\/p>\n

The program actually began as a way to kind of expand our research capabilities within our company, the idea being that we could only hire so many vulnerability researchers. We figured we could go out to the research community and try to crowdsource some of that intelligence information, to expand what we were able to cover and what types of protections we provide our customers. <\/p>\n

I hear one of the problems disclosure programs run into is not being prepared to handle all the vulnerabilities that get sent in \u2013 that you need to have personnel in place to handle a flood of patching<\/strong>.<\/p>\n

We saw that up close. When we moved to Trend Micro after the acquisition of the Tipping Point IPS [which ZDI was a part of], that was the first thing I said to the executives. I was like, \u2018you now own the world\u2019s largest vendor-agnostic bug bounty program and that means the hackers who submit to it see a target on Trend Micro\u2019s software and researchers are going to look for vulnerabilities.\u2019 And to Trend Micro\u2019s credit, they handled that really really well. When we came in [Trend Micro] purchased a hundred different bugs in Trend Micro products within the first year. <\/p>\n

Are there any ZDI disclosures that particula<\/strong>rly stand out?<\/strong> <\/p>\n

The one I find most interesting was in 2015, when we received a vulnerability that was supposedly a bypass for the .lnk vulnerability used in Stuxnet. The vulnerability used in Stuxnet  was one of the most popular vulnerabilities out there. It was looked at by everybody. But after that initial patch came out we received the bypass, which was unbelievable \u2013 the entire industry had been looking at this patch and nobody has noticed this bypass until [someone] submitted a full white paper with a full exploit. Microsoft patched it quickly and we didn\u2019t think much of it.  <\/p>\n

But then, two years later, the Vault 7 leaks [guidebooks for CIA hacking tools] came out. We learned that the bypass for the Stuxnet bug was actually being used by the agencies in a tool they called EZCHEESE and when the vulnerability was patched that they actually had to go develop a different tool.<\/p>\n

As disclosure programs have become more common, what mistakes do companies make trying to implement them? <\/strong> <\/p>\n

We\u2019ll see a lot of companies that just won\u2019t respond at all. They\u2019ll advertise that they are accepting vulnerability disclosures through their security apps or some sort of thing, but they\u2019re actually not monitoring it.  <\/p>\n

Eventually, we\u2019ll release the zero-day advisory and when it reaches the press, the vendor will reach out to us through various different mechanisms. We\u2019ve had the chief marketing officer of a company reach out to us and ask what\u2019s going on. We\u2019ve had low-level engineers reach out to us to figure out what\u2019s going on. But the actual response mechanism had failed.  <\/p>\n

Good communication is extremely important. One of the most valuable things is building a relationship with the researchers who are looking for security vulnerabilities. They really, really know technology, so they can give you a lot of help and guidance on security. <\/p>\n<\/p><\/div>\n

READ MORE HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

READ MORE HERE…<\/p>\n","protected":false},"author":2,"featured_media":36781,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[140],"class_list":["post-36780","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehacker"],"yoast_head":"\nLessons From 15 Years Of Bug Bounties 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/lessons-from-15-years-of-bug-bounties\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Lessons From 15 Years Of Bug Bounties 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/lessons-from-15-years-of-bug-bounties\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-08-25T17:11:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/08\/lessons-from-15-years-of-bug-bounties.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1251\" \/>\n\t<meta property=\"og:image:height\" content=\"748\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lessons-from-15-years-of-bug-bounties\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lessons-from-15-years-of-bug-bounties\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Lessons From 15 Years Of Bug Bounties\",\"datePublished\":\"2020-08-25T17:11:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lessons-from-15-years-of-bug-bounties\\\/\"},\"wordCount\":1021,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lessons-from-15-years-of-bug-bounties\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/lessons-from-15-years-of-bug-bounties.jpg\",\"keywords\":[\"headline,hacker\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lessons-from-15-years-of-bug-bounties\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lessons-from-15-years-of-bug-bounties\\\/\",\"name\":\"Lessons From 15 Years Of Bug Bounties 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lessons-from-15-years-of-bug-bounties\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lessons-from-15-years-of-bug-bounties\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/lessons-from-15-years-of-bug-bounties.jpg\",\"datePublished\":\"2020-08-25T17:11:10+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lessons-from-15-years-of-bug-bounties\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lessons-from-15-years-of-bug-bounties\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lessons-from-15-years-of-bug-bounties\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/lessons-from-15-years-of-bug-bounties.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/lessons-from-15-years-of-bug-bounties.jpg\",\"width\":1251,\"height\":748},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lessons-from-15-years-of-bug-bounties\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehacker\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Lessons From 15 Years Of Bug Bounties\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Lessons From 15 Years Of Bug Bounties 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/lessons-from-15-years-of-bug-bounties\/","og_locale":"en_US","og_type":"article","og_title":"Lessons From 15 Years Of Bug Bounties 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/lessons-from-15-years-of-bug-bounties\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-08-25T17:11:10+00:00","og_image":[{"width":1251,"height":748,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/08\/lessons-from-15-years-of-bug-bounties.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/lessons-from-15-years-of-bug-bounties\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/lessons-from-15-years-of-bug-bounties\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Lessons From 15 Years Of Bug Bounties","datePublished":"2020-08-25T17:11:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/lessons-from-15-years-of-bug-bounties\/"},"wordCount":1021,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/lessons-from-15-years-of-bug-bounties\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/08\/lessons-from-15-years-of-bug-bounties.jpg","keywords":["headline,hacker"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/lessons-from-15-years-of-bug-bounties\/","url":"https:\/\/www.threatshub.org\/blog\/lessons-from-15-years-of-bug-bounties\/","name":"Lessons From 15 Years Of Bug Bounties 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/lessons-from-15-years-of-bug-bounties\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/lessons-from-15-years-of-bug-bounties\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/08\/lessons-from-15-years-of-bug-bounties.jpg","datePublished":"2020-08-25T17:11:10+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/lessons-from-15-years-of-bug-bounties\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/lessons-from-15-years-of-bug-bounties\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/lessons-from-15-years-of-bug-bounties\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/08\/lessons-from-15-years-of-bug-bounties.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/08\/lessons-from-15-years-of-bug-bounties.jpg","width":1251,"height":748},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/lessons-from-15-years-of-bug-bounties\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehacker\/"},{"@type":"ListItem","position":3,"name":"Lessons From 15 Years Of Bug Bounties"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/36780","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=36780"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/36780\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/36781"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=36780"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=36780"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=36780"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}