Malicious proof-of-concepts are exposing GitHub users to malware and more
New research suggests thousands of PoCs could be dangerous [...]
Showing only posts in The Daily Swig. Show all posts.
Urlscan.io API unwittingly leaks sensitive URLs, data
Public listings have made sensitive data searchable due to misconfigured third-party services [...]
OpenSSL vulnerability downgraded to ‘high’ severity
Punycode-related flaw fails the logo test [...]
Bug Bounty Radar // The latest bug bounty programs for November 2022
New web targets for the discerning hacker [...]
SQLite patches 22-year-old code execution, denial of service vulnerability
Dormant 32 bit-era coding flaw causes problems for 64-bit systems [...]
Upcoming ‘critical’ OpenSSL update prompts feverish speculation
Is it the new Heartbleed or just a bleeding distraction? [...]
VMWare patches RCE exploit in NSX Manager
End-of-life product is ‘back from the dead’ as vendor makes exception for critical bug [...]
GitHub patches bug that could allow access to another user’s repo
Renaming accounts opened the door to hijacking [...]
Jira Align flaws enabled malicious users to gain super admin privileges
Super admins can, among other things, modify Jira connections, reset user accounts, and modify security settings [...]
Melis Platform CMS patched for critical RCE flaw
POP chain crafted to demonstrate exploitability [...]
Critical authentication bug in Fortinet products actively exploited in the wild
Chinese and Russian cyber-spies actively targeting security vulnerability [...]
HyperSQL DataBase flaw leaves library vulnerable to RCE
Mishandling of untrusted input issue resolved by developers [...]
Login spoofing issue in GitHub nets researcher $10k bug bounty reward
Platform pays high reward for bug reported as ‘low severity’ [...]
Failed Cobalt Strike fix with buried RCE exploit now patched
The fix was developed at a running pace as Cobalt Strike is essential to Red Team operations [...]
Microsoft Office Online Server open to SSRF-to-RCE exploit
Behavior functioning as intended, Microsoft reportedly says, and offers mitigation advice instead [...]
Security certification body (ISC)² defends ‘undemocratic’ bylaw changes
Former chair bemoans ‘coup by governance’ [...]
Apache Commons Text RCE: Resemblance to Log4Shell but exposure risk is ‘much lower’
Log4Shell-like bug is serious but less dangerous than notorious Log4j vulnerability [...]
Researchers find 633% increase in cyber-attacks aimed at open source repositories
Attack surge blamed on ‘avoidable’ bugs [...]
‘We don’t teach developers how to write secure software’ – Linux Foundation’s David A Wheeler on reversing the CVE surge
Teach devs security fundamentals to bolster supply chain resilience, argues Wheeler Addressing a decades-old deficiency in coding curriculums could have a profound effect on the security of the softwa [...]
Adobe patches critical Magento XSS that puts sites at takeover risk
E-commerce platform admins should update ASAP [...]
GitLab patches RCE bug in GitHub import function
Data importation mechanism failed to sanitize imports [...]
Hidden DNS resolver insecurity creates widespread website hijack risk
WordPress installations exposed to spoofed password reset vis cache poisoning threat [...]
Zimbra remote code execution vulnerability actively exploited in the wild
Mitigation guidance provided while a patch is being developed [...]
Policy-as-code approach counters ‘cloud native’ security risks
Research suggests that automation can cut down on cloud control plane compromises [...]
Critical flaw in open source WebPageTest remains unpatched
Public disclosure, a talk, and a blog post later, the RCE exploit remains unresolved [...]
« newer articles | page 5 | older articles »