Turso has announced the discontinuation of its bug bounty program. The decision comes as the company shifts its security strategy.
Turso, a SQLite-compatible database platform, is ending its public bug bounty initiative. The company did not disclose specific reasons for the retirement in its announcement.
Bug bounty programs incentivize independent security researchers to identify and report vulnerabilities before they can be exploited. Organizations typically use them as a cost-effective complement to internal security testing.
The announcement sparked significant discussion in the developer community, with 223 comments on Hacker News reflecting mixed reactions. Some questioned the implications for security posture, while others noted potential shifts in how companies approach vulnerability disclosure.
Turso's decision aligns with broader industry trends where some organizations consolidate security programs or transition to alternative vulnerability management approaches. Companies may retire bounty programs due to resource allocation changes, shift to managed security services, or internal restructuring.
No details were provided regarding timelines for existing bounty submissions or changes to Turso's vulnerability disclosure policy.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.