Chromium site isolation bypass allows wide range of attacks on browsers
Flaw that opened the door to cookie modification and data theft resolved [...]
Showing only posts in The Daily Swig. Show all posts.
ParseThru: HTTP parameter smuggling flaw uncovered in several Go applications
Harbor, Traefik, and Skipper projects tackle unsafe URL parsing methods [...]
Swiss government announces upcoming launch of federal bug bounty program
Bug Bounty Switzerland AG awarded program management contract [...]
Jenkins security: Unpatched XSS, CSRF bugs included in latest plugin advisory
‘We believe that announcing vulnerabilities without a fix is the best solution for a difficult problem’ [...]
Trio of XSS bugs in open source web apps could lead to complete system compromise
Evolution CMS, FUDForum, and GitBucket vulnerabilities chained for maximum impact [...]
‘You get respect for owning what happened’ – SolarWinds’ CISO on the legacy and lessons of Sunburst
Security chief counts new build system and greater intel sharing among positive legacies of watershed cyber-attack [...]
CompleteFTP path traversal flaw allowed attackers to delete server files
Security issue fixed in version 22.1.1 of file transfer software [...]
GitHub Actions workflow flaws provided write access to projects including Logstash
Malicious builds and wider infrastructural compromise were worst-case scenarios [...]
XSS vulnerabilities in Google Cloud, Google Play could lead to account hijacks
Reflected XSS and DOM-based XSS bugs net researchers $3,000 and $5,000 bug bounties [...]
Bug Bounty Radar // The latest bug bounty programs for August 2022
New web targets for the discerning hacker [...]
GitHub enhances 2FA for npm, improves security and manageability
New features also include ability to connect social media accounts [...]
Onfido bug bounty program launched to help shore up ID verification defenses
Initiative adds another layer of protection for end-to-end identity verification platform [...]
One in five data breaches due to software supply chain compromise, IBM report warns
Attack vector cost businesses 2.5% more in one year [...]
Open-Xchange issues fixes for RCE, SSRF bugs in OX App Suite
Security release also includes precautionary patches for potential Log4j-like flaw in Logback library [...]
FileWave MDM authentication bypass bugs expose managed devices to hijack risk
‘Vast majority’ of users have updated systems thanks to vendor warnings [...]
Critical security vulnerability in Grails could lead to remote code execution
Maintainers warn to patch all versions of open source web app framework – even those not deemed vulnerable [...]
Cloud fax company claims healthcare pros are ditching email for ‘more secure’ fax
The fax is dead. Long live the online fax? A new study suggests many healthcare professionals believe that flaws in today’s web security landscape are prompting a return to what’s been deemed an “extr [...]
Cisco patches dangerous bug trio in Nexus Dashboard
Inadequate access control and CSRF protections spawn critical and high severity issues [...]
Adversarial attacks can cause DNS amplification, fool network defense systems, machine learning study finds
New research shows how deep learning models trained for network intrusion detection can be bypassed [...]
‘We’re still fighting last decade’s battle’ – Sonatype CTO Brian Fox on the struggle to secure the neglected software supply chain
Open source security expert warns there is still a ‘long road’ ahead to prepare for the next attack wave [...]
Zyxel firewall vulnerabilities left business networks open to abuse
Severity of code execution bug mitigated by ‘high uptake’ of previous patch [...]
Grafana patches vulnerability that could lead to admin account takeover
Open source analytics platform fixes bug that could lead to authentication bypass, privilege escalation [...]
Atlassian patches batch of critical vulnerabilities across multiple products
Jira, Bamboo, Bitbucket, Confluence, Fisheye/Crucible, and Questions for Confluence affected [...]
WordPress plugin security audit unearths dozens of vulnerabilities impacting 60,000 websites
Unauthenticated SQL injection bugs put thousands of WordPress sites under threat [...]
Zero-day flaws in GPS tracker pose surveillance, fuel cut-off risks to vehicles
Broader architectural failings of Chinese vendor potentially puts 1.5m devices at risk [...]
« newer articles | page 9 | older articles »