🎯 WEEKLY BRIEF
The cURL project is shutting its HackerOne program on January 31 because of a flood of low quality AI reports. Meanwhile, Cisco issued emergency patches for CVE 2026 20045, a critical RCE zero day in Unified Communications that allows unauthenticated root access and is currently being exploited in the wild.
🚀 TOP PROGRAMS TO HACK THIS WEEK
These programs have recently launched or updated their scopes for January.
Program | Platform | Asset Type | Max Bounty | Why it's 🔥 |
Solv Protocol | HackenProof | Smart Contract | $50,000 | New Jan 15 launch for BTC economy. |
Epic Games | HackerOne | Web/App | $37,000 | Active 1.5x bounty multiplier. |
NiceHash | HackenProof | Web/Mining | $25,000 | Recently refreshed scope on Jan 9. |
Gate US | HackenProof | Exchange | $5,000 | Brand new program as of Jan 13. |
✍️ WRITE UP OF THE WEEK
Which Bugs to Hunt for in 2026 This article by Appsec.pt’s details the transition from automated injection flaws toward complex race conditions and logic vulnerabilities in microservices.
📅 Upcoming Events & CTFs
0xL4ugh CTF v5: Jan 23 to Jan 25 | Jeopardy style online event.
Dreamhack Invitational Quals: Jan 24 to Jan 25 | High stakes individual qualifier.
LilacCTF 2026: Jan 24 to Jan 26 | Focuses on crypto and pwn.
🛠️ Tooling & Automation
[JS Scout]: The current favorite for 2026 to automate endpoint discovery within minified JS files.
One Liner of the Week: subfinder -d <target-link> -silent | gau | grep -E ".json|.config" | httpx -mc 200
⚠️ Cyber Attacks
RansomHub claims a major breach of Luxshare, an Apple and Nvidia supplier. Stolen data reportedly includes 3D CAD models and proprietary engineering designs for AirPods and iPhones.