Open source CMS TYPO3 tackles XSS vulnerability
Bug spawned by parsing problem in upstream package [...]
Showing only posts in The Daily Swig. Show all posts.
WAPPLES web application firewall faulted for multiple flaws
Researcher uncovers RCE and undocumented backdoor risks [...]
Let’s Encrypt builds infrastructure to support browser-based certificate revocation revival
CRLs are back, baby! [...]
Vulnerability in Xalan-J could allow arbitrary code execution
Open source project is used by various SAML implementations [...]
WordPress project WPHash harvests 75 million hashes for detecting vulnerable plugins
Project mission is to crowdsource the indexing and curating of plugin bug data [...]
Six-year-old blind SSRF vulnerability in WordPress Core feature could enable DDoS attacks
Issue present in pingback requests feature [...]
ManageEngine vulnerability posed code injection risk for password management software
Authentication-free flaw opened the door to a raft of exploits [...]
Vendor disputes seriousness of firewall plugin RCE flaw
pfSense and sensibility [...]
WordPress warning: 140k BackupBuddy installations on alert over file-read exploitation
Site backup plugin developer issues patch following reports of millions of exploit attempts [...]
A rough guide to launching a career in cybersecurity
Entry-level training courses offer paths to glory [...]
Squiz Matrix CMS squashes admin account takeover bug
IDOR issue meant user account privileges and contact details could be altered [...]
Bug Bounty Radar // The latest bug bounty programs for September 2022
New web targets for the discerning hacker [...]
CSRF flaw in csurf NPM package aimed at protecting against the same flaws
Serious security prompt developers to discontinue open source package [...]
WatchGuard firewall exploit threatens appliance takeover
One-two bug punch leads to ‘worst possible impact’, said researcher [...]
Three-day hackathon uncovers hundreds of bugs in Yahoo search engine tool Vespa
Live event brings together bug bounty hunters from across the globe [...]
Command injection vulnerability in GitHub Pages nets bug hunter $4k
Exploit involved duping developers into exposing repositories with social engineering techniques [...]
Log4Shell legacy? Patching times plummet for most critical vulnerabilities – report
Trustwave report also finds 2022 is set to surpass 2021 for volume of critical CVEs [...]
Graph-based JavaScript bug scanner discovers more than 100 zero-day vulnerabilities in Node.js libraries
ODGen tool was presented at this year’s Usenix Security Symposium [...]
Critical command injection vulnerability discovered in Bitbucket Server and Data Center
Update now to protect against flaw [...]
LastPass flags security incident after attackers stole source code, technical information
Users’ master passwords are safe, thanks to company’s ‘zero knowledge’ architecture [...]
Ethereum Foundation offers $1m bug bounty payouts with proof-of-stake migration multiplier
Eco-friendly upgrade sends bounties soaring as computational demands plummet [...]
Stop, press: Fragmented vendor ecosystem leaves media industry increasingly vulnerable to software supply chain threats
New study highlights the myriad cyber defense challenges faced by media companies in 2022 [...]
Security researchers blast ‘ridiculous’ CrowdStrike bug disclosure practices
The vulnerability might not be noteworthy, but the reporting process may be A security firm has criticized CrowdStrike for operating a “ridiculous” bug bounty disclosure program following a sensor fla [...]
GitLab patches critical remote code execution bug
Update now to protect against security vulnerability [...]
API security: Broken access controls, injection attacks plague the enterprise security landscape in 2022
Spring4Shell and Veeam RCE exploit topped the list in Q1 2022 [...]
« newer articles | page 7 | older articles »