Researcher drops Lexmark RCE zero-day rather than sell vuln ‘for peanuts’
Printer exploit chain could be weaponized to fully compromise more than 100 models [...]
Showing only posts in The Daily Swig. Show all posts.
Bug Bounty Radar // The latest bug bounty programs for February 2023
New web targets for the discerning hacker [...]
Tell us what you think: The Daily Swig reader survey 2023
Have your say to be in with the chance to win Burp Suite swag... [...]
Deserialized web security roundup: ‘Catastrophic cyber events’, another T-Mobile breach, more LastPass problems
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news [...]
Facebook two-factor authentication bypass issue patched
Security vulnerability was one of Meta’s top bugs of 2022 [...]
Ruby on Rails apps vulnerable to data theft through Ransack search
Several applications were vulnerable to brute-force attacks; hundreds more could be at risk [...]
Trellix automates tackling open source vulnerabilities at scale
More than 61,000 vulnerabilities patched and counting [...]
Yellowfin tackles auth bypass bug trio that opened door to RCE
Pre- and post-auth path to pwnage [...]
Bitwarden responds to encryption design flaw criticism
Password vault vendor accused of making a hash of encryption [...]
IoT vendors faulted for slow progress in setting up vulnerability disclosure programs
Manufacturer complacency ‘translates into an unacceptable risk for consumers’, warns security expert [...]
AWS patches bypass bug in CloudTrail API monitoring tool
Threat actors poking around AWS environments and API calls could stay under the radar [...]
Tell us what you think: The Daily Swig reader survey 2023
Have your say to be in with the chance to win Burp Suite swag... [...]
Git security audit reveals critical overflow bugs
Uncovered vulnerabilities include several high, medium, and low-security issues [...]
Popular password managers auto-filled credentials on untrusted websites
Dashlane, Bitwarden, and Safari all cited by Google researchers [...]
Google pays hacker duo $22k in bug bounties for flaws in multiple cloud projects
Six payouts issued for bugs uncovered in Theia, Vertex AI, Compute Engine, and Cloud Workstations [...]
WAGO fixes config export flaw threatening data leak from industrial devices
Severity somewhat blunted by reboot-related caveat [...]
US government announces third Hack The Pentagon challenge
Ethical hackers and bug bounty hunters invited to test Department of Defense assets [...]
Squaring the CircleCI: DevOps platform publishes post-mortem on recent breach
How the build pipeline was compromised [...]
Deserialized web security roundup – Slack and Okta breaches, lax US government passwords report, and more
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news [...]
Deserialized web security roundup – Slack, Okta security breaches, lax US government passwords report, and more
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news [...]
New tool protects against vulnerabilities in popular file converter ImageMagick
Library has somewhat of an image problem given history of serious bugs [...]
Threema disputes crypto flaws disclosure, prompts security flap
‘Condescending’ response to vulnerability disclosure angers infosec community [...]
Prototype pollution-like bug variant discovered in Python
‘Class pollution’ flaw similar to dangerous vulnerability type found in JavaScript and similar languages [...]
Meet teler-waf: Security-focused HTTP middleware for the Go framework
Protection against XSS, SQLi, and more web attacks for Go-based web applications [...]
Exploit drops for remote code execution bug in Control Web Panel
Vendor patched the vulnerability in October after a red team alert [...]
« newer articles | page 2 | older articles »