Tesla tackles CORS misconfigurations that left internal networks vulnerable
Typosquatting ploy successfully bypassed firewalls of multiple organizations [...]
Showing only posts in The Daily Swig. Show all posts.
Devs urged to rotate secrets after CircleCI suffers security breach
DevOps platform advises customers to revoke API tokens [...]
Car companies massively exposed to web vulnerabilities
Grand hack auto [...]
Tell us what you think: The Daily Swig reader survey 2023
Have your say to be in with the chance to win Burp Suite swag... [...]
Bug Bounty Radar // The latest bug bounty programs for January 2023
New web targets for the discerning hacker [...]
Security done right – infosec wins of 2022
The toasts, triumphs, and biggest security wins of the year [...]
Stupid security 2022 – this year’s infosec fails
Epic web security fails and salutary lessons from another inevitably eventful year in infosec [...]
Finding the next Log4j – OpenSSF’s Brian Behlendorf on pivoting to a ‘risk-centred view’ of open source development
Apache pioneer says ‘use at your own risk’ model no longer tenable as OpenSSF ramps up end user engagement [...]
Lean, green coding machine: How sustainable computing drive can reduce attack surfaces
Less is often more when it comes to both infosec and eco-friendly computing practices [...]
Zoom Whiteboard patches XSS bug
Video conferencing platform fixes cross-site scripting vulnerability [...]
Password theft bug chain patched in Passwordstate credential manager
Flaws could be combined to grab passwords in cleartext [...]
How to become a penetration tester: Part 2 – ‘Mr hacking’ John Jackson on the virtue of ‘endless curiosity’
Marine Corps engineer-turned offensive security expert offers careers advice and his best and worst experiences [...]
Akamai wrestles with AWS S3 web cache poisoning bug
Definitive solution is ‘non-trivial’ since behavior arises from customers processing non-RFC compliant requests [...]
Safeurl HTTP library brings SSRF protection to Go applications
Prizes offered to anyone who can bypass the library and capture the flag [...]
Deserialized web security roundup – Fortinet, Citrix bugs; another Uber breach; hacking NFTs at Black Hat
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news [...]
Critical IP spoofing bug patched in Cacti
‘Not that hard to execute if attacker has access to a monitoring platform running Cacti’ [...]
Akamai WAF bypassed via Spring Boot to trigger RCE
Akamai issued an update to resolve the flaw several months ago [...]
Cloud flaws brought to the fore as bug bounty vulnerabilities hit 65k in 2022 – HackerOne
Impact of cloud migration and shift to remote work evident in new report [...]
Black Hat Europe redux: The top web hacking talks for 2022
Catch up on the highlights of last week’s cybersecurity conference [...]
Black Hat Europe 2022: Hacking tools showcased at annual security conference
Aids and techniques demonstrated at this year’s arsenal track [...]
ChatGPT bid for bogus bug bounty is thwarted
Improving large language models offer ‘just one more way to attack code, and one more way to defend code’ [...]
JSON syntax hack allowed SQL injection payloads to be smuggled past WAFs
Five vendors act to thwart generic hack [...]
NodeBB prototype pollution flaw could lead to account takeover
‘Not a prototype pollution vulnerability as you might normally understand it’ [...]
Black Hat Europe 2022: A defendable internet is possible, but only with industry makeover
Empower buyers and stop fixating about zero-days, conference attendees told [...]
Deserialized web security roundup: Algolia API key leak, GitHub CVE reporting, scoring CVSS scores
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news [...]
« newer articles | page 3 | older articles »