We’re going teetotal: It’s goodbye to The Daily Swig
PortSwigger today announces that The Daily Swig is closing down [...]
Showing only posts in The Daily Swig. Show all posts.
Bug Bounty Radar // The latest bug bounty programs for March 2023
New web targets for the discerning hacker [...]
Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
Armed with personal data fragments, a researcher could also access 185 million citizens’ PII [...]
Password managers: A rough guide to enterprise secret platforms
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more [...]
Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed [...]
Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news [...]
NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review [...]
Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies [...]
CVSS system criticized for failure to address real-world impact
JFrog argues vulnerability risk metrics need complete revamp [...]
‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a neglected attack vector
API security is a ‘great gateway’ into a pen testing career, advises specialist in the field [...]
HTTP request smuggling bug patched in HAProxy
Exploitation could enable attackers to access backend servers [...]
Read all about it: Introducing our new newsletter, Daily Swig Deserialized
Free fortnightly roundup and exclusive content for subscribers only [...]
Belgium launches nationwide safe harbor for ethical hackers
New legal protections for security researchers could be the strongest of any EU country [...]
Remote code execution flaw patched in Apache Kafka
Possible RCE and denial-of-service issue discovered in Kafka Connect [...]
Password manager security: Which is the right option for me?
The first guide of our two-part series helps consumers choose the best way to manage their login credentials [...]
Deserialized web security roundup: KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news [...]
OAuth ‘masterclass’ crowned top web hacking technique of 2022
Single sign-on and request smuggling to the fore in another stellar year for web security research [...]
Radio silence from DMS vendor quartet over XSS zero-days
No response or patch yet forthcoming from providers of vulnerable document management systems [...]
New XSS Hunter host Truffle Security faces privacy backlash
Anonymized numbers of bug discoveries swiftly deleted after pushback [...]
Second UK Computer Misuse Act consultation reflects ‘very little progress’
Campaigner bemoans glacial progress of review and urges government to set clear timetable [...]
DOM XSS vulnerability in Gartner Peer Insights widget patched
Web attack vector closed after failed fix [...]
Toyota sealed up a backdoor to its global supplier management network
Hacker praises carmaker’s prompt response to the (mercifully) good-faith pwnage [...]
Google engineers plot to mitigate prototype pollution
Plan to create boundary between JavaScript objects and their blueprints gathers momentum [...]
Serious security hole plugged in infosec tool binwalk
Path traversals could ‘void reverse engineering efforts and tamper with evidence collected’ [...]
Truffle Security relaunches XSS Hunter tool with new features
Popular hacking aid resurrected following end-of-life announcement [...]
page 1 | older articles »