Finnish security researcher Jouko Pynnonen found a second stored cross-site scripting vulnerability in Yahoo Mail in less than a year, both of which earned him $10,000 bug bounties.

Ridesharing company Uber recently patched a vulnerability in its site that could have allowed an attacker to log into some “.uber.com” sites without a password and further compromise its internal network. Uber awarded Finnish security researcher Jouko Pynnönen $10,000 for discovering the flaw last month, equalling the highest bounty the company has paid out since it launched the...

A critical vulnerability in Yahoo Mail that could give attackers complete control of an account was patched two weeks ago. The flaw was privately disclosed Dec. 26 by Finnish researcher Jouko Pynnonen and patched Jan. 6. Pynnonen earned himself a $10,000 bounty, one of the highest paid out by Yahoo through its HackerOne program. Pynnonen...