Just a reminder that Comparitech "pays" security researchers for "data breaches" and most likely encourages people to report these things to them without getting servers patched: https://twitter.com/securinti/status/1196850409924681728
No offense, but if you need to "pay" for your researcher, you're probably not that ethical and are most likely behind some intentional offensive hacking, so people can make money off your back.
It's a university email, not Pentagon backend accounts.
It is a stupid law because they're being way too thorough and abrasive when they shouldn't.
How much do you wanna bet the German parliament is not protected in the same way... actually don't answer that... here's an article published today about a stupid vulnerability in the Bundestag's internal chat app: https://zero.bs/osintrecon-vs-pentestschwachstellenscan.html
Normally, companies would go after the users committing the copyright infringement, not the platform. This is just a money-grab. Similar to how they went after NGINX.
Probably because Cisco is a hardware vendor. NSO actually has support staff that will craft exploits to attack certain targets, fix your server so you won't get discovered, write phishing emails, if you need a hand getting off the ground. Big difference.