Go SAML library vulnerable to authentication bypass
An attacker could masquerade as an authenticated user without presenting credentials [...]
Showing only posts in The Daily Swig. Show all posts.
Critical vulnerability allowed attackers to remotely unlock, control Hyundai, Genesis vehicles
Vehicles made after 2012 were vulnerable to web app exploit [...]
Bug Bounty Radar // The latest bug bounty programs for December 2022
New web targets for the discerning hacker [...]
Tailscale VPN nodes vulnerable to DNS rebinding, RCE
Users should manually update to the latest version now [...]
Intel disputes seriousness of Data Centre Manager authentication flaw
Security researcher scores $10K bug bounty [...]
Million-dollar bug bounties: The rise of record-breaking payouts
As seven-figure vulnerability rewards continue to hit headlines, what is driving bug bounty inflation? [...]
How to become a penetration tester: Part 1 – your path into offensive security testing
Fancy a career in what one practitioner described as the ‘best job in the world’? Read on to find out how... [...]
ConnectWise closes XSS vector for remote hijack scams
Researchers also applaud abandonment of customization feature abused by scammers [...]
Vulnerability in AWS AppSync allowed unauthorized access to cloud resources
Attackers could gain full control of a cloud-hosted database [...]
Mastodon vulnerable to multiple system configuration problems
The whole toot [...]
Ibexa DXP patched for GraphQL password hash leak vulnerability
Organizations advised to mandate password resets out of caution [...]
HackerOne encourages customers to adopt standard policy to protect hackers from legal problems
‘Short, broad, easily-understood safe harbor statement’ offered [...]
Google Roulette: Developer console trick can trigger XSS in Chromium browsers
A case study on the complexity of browser security [...]
F5 fixes high severity RCE bug in BIG-IP, BIG-IQ devices
Widespread exploitation deemed ‘unlikely’ given hurdles [...]
Zendesk Explore flaws opened the door to account pillage
Patched SQLi and logical access vulnerabilities posed serious risk [...]
Mastodon users vulnerable to password-stealing attacks
Patched bug could have leaked credentials [...]
All Day DevOps: Third of Log4j downloads still pull vulnerable version despite threat of supply chain attacks
AppSec engineer keynote says Log4j revealed lessons were not learned from the Equifax breach [...]
Prototype pollution project yields another Parse Server RCE
Bug emerges from ambition to find ‘end-to-end exploits beyond DoS’ [...]
CSRF in Plesk API enabled server takeover
Bugs in programming interfaces of web hosting admin tool patched [...]
Google Pixel screen-lock hack earns researcher $70k
Android security pwned by PUK reset trick [...]
CSS injection flaw patched in Acronis cloud management console
CSRF attacks could be triggered to access and exfiltrate information [...]
Passport-SAML auth bypass triggers fix of critical, upstream XMLDOM bug
Rapid remedy follows reawakening of long-dormant bug threat [...]
Prototype pollution bug exposed Ember.js applications to XSS
Unsanitized user input risk spotted in JavaScript framework [...]
Boffins rekindle one-time program cryptographic concept
Authentication idea advanced but not yet fulfilled [...]
Gatsby patches SSRF, XSS bugs in Cloud Image CDN
Remediation compared to ‘changing the tires on a car while in motion’ [...]
« newer articles | page 4 | older articles »