Supply chain attacks against the open source ecosystem soar by 650% – report
Dependency confusion has quickly become the attack technique of choice [...]
Showing only posts by The Daily Swig. Show all posts.
Credential leak fears raised following security breach at Travis CI
DevOps firm slammed for ‘abysmal’ incident response [...]
Speer review: Researchers pick apart Node.js communication app
Email content injection flaws chained to bypass security controls [...]
Critical encryption vulnerability found in secure communications platform Matrix
Implementation bug discovered in certain clients and libraries [...]
Olympus insists medical services ‘uninterrupted’ by malware attack
Unconfirmed reports suggest Japanese multinational was hit by ransomware [...]
Fraudster handed 11-year prison term for role in North Korean cybercrime operation
Defendant ordered to pay $30m in restitution to victims [...]
Texas Republican Party website defaced in ‘Anonymous’ protest against abortion law
Hacktivists take aim at ‘Heartbeat Act’ with references to The Handmaid’s Tale and Rick-rolling meme [...]
VMware denies allegations it leaked Confluence RCE exploit
‘Identical’ payload removed from GitHub after researcher’s complaints [...]
WordPress 5.8.1 security release addresses clutch of vulnerabilities
Block editor XSS and REST API data exposure issues among now-patched bugs [...]
Spook.js – New side-channel attack can bypass Google Chrome’s protections against Spectre-style exploits
CPU-level data leak technique still kicking, three years on [...]
OWASP shakes up web app threat categories with release of draft Top 10
The Top 10 list is an acclaimed guide to modern web application security threats [...]
HAProxy vulnerability enables HTTP request smuggling attacks
Project maintainers patch integer overflow flaw that has various potentially damaging outcomes [...]
One in five IceWarp mail servers still vulnerable to pre-pandemic security flaw
Vendor agrees that XSS bug poses a grave risk, but warns it ‘can’t force users to upgrade’ [...]
WordPress security: information leak flaw addressed in Ninja Forms
Developer reveals error-proofing improvements after delay to rollout of rapid fix [...]
New York State vaccine pass shortcomings offer lessons for other coronavirus app developers
‘Incomplete threat modelling’ blamed for credential forgery vulnerability [...]
Machine learning technique detects phishing sites based on markup visualization
Researchers showcase new method for improving the detection of fake websites [...]
Jenkins project succumbs to ‘mass exploitation’ of critical Atlassian Confluence vulnerability
Thousands of instances still vulnerable to Apache Struts-like flaw [...]
PoC released for Ghostscript vulnerability that exposed Airbnb, Dropbox
Server-side image conversion vector laid bare [...]
Data breach at US restaurant and gambling chain Dotty’s may have leaked sensitive customer information
Nevada-based hospitality firm confirms cyber-attack on its networks [...]
French government visa website hit by cyber-attack that exposed applicants’ personal data
Nationalities, birth dates, and passport numbers among potentially exposed data [...]
Raider: A tool to test authentication in web applications
Open source project aims to offer ‘unlimited flexibility’ for security researchers [...]
Russian retailer issues DEXP phone recall following security audit
Electronics retailer DNS issued the product recall after a security researcher published their findings last week [...]
‘Nasty stuff’: Research into Russian push-button cellphones uncovers legion of security issues
Itel, DEXP, Irbis, and F+ mobile devices put under the microscope [...]
Cisco urges users to patch critical vulnerability in virtualized network devices after PoC is made public
Update now to protect against authentication bypass flaw [...]
Dallas Independent School District reports data breach impacting current and former students, staff
Attacker promises ‘data was not disseminated or sold to anyone’ [...]
« newer articles | page 35 | older articles »