In our latest blog, Cameron Vincent (@SecretlyHidden1), Senior Security Researcher at MSRC, features the work of MSRC intern and security researcher, Brian McNulty (@brianjmcnulty), who uncovered 22+ critical vulnerabilities in just two months. Learn how the MSRC team leverages

At BlueHat Asia, Cameron Vincent (@SecretlyHidden1), Senior Security Researcher, Microsoft, and Brian McNulty (@brianjmcnulty), MSRC Summer Intern and University of Michigan graduate student, shared their journey hunting security variants across the Microsoft ecosystem.

We hosted a pre-BlueHat Asia welcome reception this evening, giving our speakers, MSRC MVRs, and Microsoft team members a great opportunity to connect. A huge thank you to our presenters and MVRs for their role in making #BlueHatAsia a success! We can’t wait to kick off BlueHat

We’re excited to announce our next BlueHat Asia speakers: Brian McNulty (@brianjmcnulty) and Cameron Vincent (@SecretlyHidden1)! Cameron is a Senior Security Researcher at Microsoft, specializing in vulnerabilities and mitigation within MSRC. From reproducing bug reports to

At @defcon 33, George Hughey (@ecthr0s) and Rohit Mothe (@rohitwas), Senior Security Research Managers at MSRC, took us back to the 90s with their talk on the ghost of Internet Explorer in Windows: MapUrlToZone. They uncovered how this legacy API, used by Outlook, Office,

My first 10.0 CVE ;)

@Microsoft @AzureDevOps @msftsecurity @VisualStudio @msftsecresponse [5/7] 🛡️ MITIGATION: Microsoft states "This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take." The fix corrects how the Visual Studio updater handles pipeline tokens. Credit to Cameron Vincent at Microsoft for this

If you wanna see some interesting Google vulns I found my Nullcon talk covers them ;) Shoutout the @GoogleVRP team!

I’m horrible at photos but here are some from the event at the space needle and mariners game! Again truly amazing event and look forward to future research from everyone! @msftsecresponse thank you for including me!

Now that the smoke has settled wanted to tweet about the amazing Zero Day Quest event the @msftsecresponse held. The planning, coordination, and effort all the teams put into making it an amazing event for our top researchers was truly admirable. It was great seeing everyone!

We had a wonderful evening connecting with some of the incredible security researchers participating in the Microsoft Zero Day Quest Onsite Hacking Event. It’s always inspiring to meet those who dedicate their skills to uncovering and reporting critical vulnerabilities—whether

🚀 Bug bounty hunters, this one’s for you! @SecretlyHidden1, Security Engineer, Microsoft is on stage at #NullconGoa2025. From hunting down vulnerabilities in Google's vast ecosystem to the art of responsible disclosure, this session is packed with jaw-dropping security finds.

Cameron Vincent @SecretlyHidden1, Security Researcher at Microsoft, gave a talk about IDOR vulnerabilities to a packed room at @nullcon #Goa. Cameron discussed how broken access control has been the top problem across the ecosystem for a while. Camerons research into IDOR

This week's Patch Tuesday included 8 CVEs that @rohitwas and I found! We've been focusing on findings ways to bypass MapUrlToZone and found several very interesting ways to confuse it. This is an API we've seen a lot of interest in lately, so good to have it locked down!

Join MSRC and special guest Scott Gorlick, Principal Security Architect at Microsoft, next week for a virtual session on Security Research in Copilot Studio. The Copilot ecosystem allows enterprises to develop Copilot Agents using resources and integrations that span services in

Shoutout to the @GoogleVRP as well! They were amazing to work with and fixed everything quickly! I’m excited to share some of my techniques for hunting on Google.

Ever wonder how it was possible to edit other user's apps on the Google Play store? 🤔 Join @SecretlyHidden1 at #NullconGoa2025 and discover how to hunt for authorization and logic vulnerabilities across multiple Google products. 👉 https://t.co/yRHsgUzPnZ #Google #bugbounty

Excited to announce that I’ll be presenting @nullcon this year about research I did on the @GoogleVRP program. I will be disclosing some of my top findings and provide some tips to help researchers find similar types of bugs :) look forward to seeing everyone!

2/ Security is our top priority, and today we’re building on that commitment with Zero Day Quest, a new hacking event with $4 million in rewards focused on securing cloud and AI—the highest of any public hacking event in the industry: https://t.co/H2CDn9J1sr

As part of our Secure Future Initiative and to further the security of our customers, ourselves, and the world, today we are introducing the most transparent security research event in history: The Zero Day Quest. This new hacking event will be the largest of its kind, with an