Spring Data MongoDB hit by another critical SpEL injection flaw
Bug mirrors recent SpEL injection vulnerability that emerged alongside ‘SpringShell’ issue [...]
Showing only posts in The Daily Swig. Show all posts.
CWE Top 25: These are the most dangerous software weaknesses of 2022
CISA and MITRE’s latest CWE shakeup reveals the most severe threats impacting enterprise software today [...]
HackerOne employee stole data from bug bounty reports for financial gain
Vulnerability disclosure platform shares details of incident [...]
‘Does anybody like CAPTCHAs?’ – Cloudflare CTO John Graham-Cumming envisages a frictionless future for website Turing tests
British software engineer also talks HTTP/3, zero trust, and lava lamp-powered cryptography [...]
Australia’s Monash University launches public bug bounty program
Education institution will pay up to $2,500 for valid vulnerabilities [...]
US eye clinic suffers data breach impacting 92,000 patients
Mattax Neu Prater Eye Center said customer data was involved in third-party cyber-attack [...]
Gitlab patches critical RCE bug in latest security release
Users are urged to update to the latest version [...]
Cyber Europe 2022: EU completes large-scale cyber war game exercise
Incident response and inter-agency capabilities road-tested [...]
Latest web hacking tools – Q3 2022
We take a look at the latest additions to security researchers’ armory [...]
Bug Bounty Radar // The latest bug bounty programs for July 2022
New web targets for the discerning hacker [...]
OpenSea among six organizations affected by email address leak by rogue employee at third-party vendor
All users who shared their email address with NFT marketplace told: ‘Assume you were impacted’ [...]
OpenSea user email addresses leaked by rogue employee at third-party vendor
All users who shared their email address with NFT marketplace told: ‘Assume you were impacted’ [...]
Chromium browsers vulnerable to dangling markup injection
Fixed bug could allow attackers to extract sensitive information [...]
UnRAR path traversal flaw can lead to RCE in Zimbra
Other applications using binary to extract untrusted archives are potentially vulnerable too [...]
YARAify: Defensive tool scans suspicious files against a large repository of YARA rules
Team behind Abuse.ch and ThreatFox launch new hub for scanning and hunting files using YARA [...]
Dozens of cryptography libraries vulnerable to private key theft
Signing mechanism security shortcomings exposed [...]
Ready meal distributor Apetito restores ‘limited’ deliveries in UK following cyber-attack
‘Manual workaround’ kickstarts phased recovery after cybercrooks disrupt meal provision to vulnerable people [...]
Ransomware market evolution results in fewer variants, but rise in off-the-shelf cybercrime kits continues
RaaS model continues to be adopted by criminals looking to maximize their ROI, new study indicates [...]
Researchers crack MEGA’s ‘privacy by design’ storage, encryption
ETH Zurich finds flaws in the firm’s cryptographic infrastructure [...]
Untrusted types: Researcher demos trick to beat Trusted Types protection in Google Chrome
Flaws in protection mechanism leaves websites more exposed to DOM XSS-based attacks [...]
Oracle patches ‘miracle exploit’ impacting Middleware Fusion, cloud services
Researchers describe discovery of ‘mega’ zero-day [...]
BSides Cleveland organizer steps down after controversial guest added as ‘surprise’ speaker
Fury among online community over decision to include presenter [...]
Statutory defense for ethical hacking under UK Computer Misuse Act tabled
Amendment applies to bill related to 5G rollout and connected products [...]
Splunk patches critical vulnerability while users push for legacy updates
Users call for security update back-port to support earlier versions [...]
One in every 13 incidents blamed on API insecurity – report
Larger organizations are statistically more at risk, warns Imperva [...]
« newer articles | page 11 | older articles »