ChatGPT Account Take Over Bug Let Hackers Gain Online Account
A renowned security analyst and bug hunter, Nagli (@naglinagli), recently uncovered a critical security vulnerability in ChatGPT. With just a single click, a threat actor…
Month: April 2023
AI verification systems give businesses an edge over scammers
Fraudsters are underestimating the power of AI to detect fake IDs, according to a new report from Ondato. Based on an analysis of millions of…
Visualizing Live Hacking Events: Hackers Break Records at H1-702
Visualizing Live Hacking Events: Hackers Break Records at H1-702 Source link
AI tools like ChatGPT expected to fuel BEC attacks
Across all BEC attacks seen over the past year, 57% relied on language as the main attack vector to get them in front of unsuspecting…
Detectify Security Advisor explains account hijacking attack scenarios using abnormal OAuth Flows
TL/DR: OAuth users are being urged to check their sign-in flows for third-party scripts, including error flows, that could expose them to newly uncovered attack…
If you want to build a treehouse, start at the bottom
How threat modeling and pushing left help create a stable foundation for secure software. If you’ve ever watched a kid draw a treehouse, you have…
10 Best Zippyshare Alternatives – Best File Sharing Services
With Zippyshare no longer available, users are now in search of alternative file hosting services to meet their needs. In this article, we will explore…
JWT audience claim is not verified
Internet Bug Bounty disclosed a bug submitted by farcaller: https://hackerone.com/reports/1889161 – Bounty: $8000 Source link
Burp Suite certification prices hacked for Black Friday | Blog
Emma Stocks | 17 November 2021 at 16:13 UTC For the very first time, we’ve decided to join the rest of the world and run…
localStorage + getter = Prototype Pollution
오늘은 Prototype Pollution에 대한 이야기를 잠깐 하려고 합니다. 다름이 아니라 @garethheyes가 아래와 같은 내용의 트윗을 올렸었습니다. 정리하면 localStorage 에서 getter를 사용하는 경우, 즉 직접 접근해서…
Changes to Disclosure Assistance | HackerOne
HackerOne is excited to announce the revamp of our Disclosure Assistance program! Our goal is to reset expectations and realign with the hacker community. As…
Better attack surface filtering and subdomain discovery
TL/DR: We’ve shipped a few new filters to the attack surface page to help security teams easily manage their rapidly expanding attack surface. We’ve also…