Dex patches authentication bug that enabled unauthorized access to client applications
With 35.6 million downloads the OAuth 2.0 protocol provider has serious downstream attack surface [...]
Showing only posts in The Daily Swig. Show all posts.
The exploitability advisory: CISA’s VEX offers fresh take on tackling known vulnerabilities
‘SBOM turns on flashing lights on the dashboard; VEX helps you figure out which to turn off’ [...]
PHP package manager component Packagist vulnerable to compromise
Argument injection bug posed RCE risk [...]
Matrix address flaws that break message encryption assurances
Confidentiality and authentication flaws uncovered by researchers [...]
JavaScript sandbox vm2 remediates remote code execution risk
Affected firms alerted to bug whose potential impact is heightened by vm2’s use in production environments [...]
Researchers net $46k for Akamai misconfiguration vulnerability
A lesson in how to achieve maximum value for your discoveries [...]
Microsoft confirms zero-day exploits against Exchange Server in ‘limited’ attacks
‘ProxyNotShell’ abuse less severe than 2021 attack wave due to authentication requirement [...]
Nepxion Discovery software with Spring Cloud functionality fails to patch RCE, info leak bugs
Maintainer of Chinese project closes public issue apparently without issuing a fix [...]
Bug Bounty Radar // The latest bug bounty programs for October 2022
New web targets for the discerning hacker [...]
Patching common vulnerabilities at scale: project promises bulk pull requests
Automating bulk pull request generation FTW [...]
Vulnerability in Apache Pulsar allowed manipulator-in-the-middle attacks
Clients vulnerable due to improper certificate validation [...]
Rancher stored secrets in plaintext, exposed Kubernetes clusters to takeover
Maintainers patch vulnerability and offer mitigation advice over bug that affects all Kubernetes objects [...]
Rancher stored sensitive values in plaintext, exposed Kubernetes clusters to takeover
Maintainers patch vulnerability and offer mitigation advice over bug that affects Rancher-owned objects [...]
Attackers abuse web security flaw in Sophos Firewall
Vendor patches code injection vulnerability harnessed in attacks on south Asia [...]
Web security flaw in Sophos Firewall patched
Code injection vulnerability harnessed in attacks on south Asia [...]
Java template framework Pebble vulnerable to command injection
Issue still yet to be patched, but workarounds are available [...]
Netlify vulnerable to XSS, SSRF attacks via cache poisoning
Issue has since been fixed [...]
CI/CD servers readily breached by abusing SCM webhooks, researchers find
Webhook, line, and sinker [...]
#AttachMe Oracle cloud bug exposed volumes to data theft, hijack
Vulnerability could have been used to bypass cloud isolation protection [...]
Tarfile path traversal bug from 2007 still present in 350k open source repos
Warning added to Python documentation was deemed preferable to a patch [...]
Prototype pollution bug in Chromium bypassed Sanitizer API
Issue highlights the challenges of preventing client-side attacks [...]
Parse Server fixes brute-forcing bug that put sensitive user data at risk
Open source project provides push notification functionality for iOS, macOS, Android, and tvOS [...]
‘Security teams often fight against developers taking control’ of AppSec: Tanya Janca on the drive to DevSecOps adoption
Infosec advocate speaks to The Daily Swig about the benefits of, and barriers to, ‘shifting left’ [...]
NETGEAR resolves router vulnerabilities in bundled gaming component
Silicon Valley vendor tackles command injection and MitM-to-RCE issues [...]
Uber hack linked to hardcoded secrets spotted in powershell script
Social engineering attack compromises internal networks and Uber’s bug bounty reports [...]
« newer articles | page 6 | older articles »