The complete guide for in-scope entities
NIS2 will take effect across the EU from 18th October 2024, meaning time is running out to comply with its provisions. This Directive, replacing NIS1…
Category: Mix
8 essential tools for performing effective reconnaissance
We all know that reconnaissance is important in bug bounty, in fact, it is the most important phase in bug bounty & web app pentesting.…
12 incident response metrics your business should be tracking
If there’s a vulnerability in your systems that cybercriminals could exploit, you’ll want to know about it. Collaborating with people outside your organization to alert…
Automating Dead Link Detection | HAHWUL
Using Deadfinder and GitHub Actions for Seamless Link Management A dead link, or broken link, occurs when a hyperlink points to a web page that…
Advanced API Authentication Strategies for Enhanced Security
Passwordless authentication for end users is taking the world by storm, offering organizations and individuals alike unprecedented security, user experience, and efficiency benefits. By all…
CVE-2024–45186: Unauthenticated SSTI bug in Filesender exposes MySQL & S3 credentials and other configuration variables, potentially leaking all (sometimes encrypted) user uploaded files. Dutch Universities affected. | by Jonathan Bouman | Oct, 2024
FileSender is an open-source web application designed for securely transferring large files. The idea for FileSender was born in 2007 during a task-force meeting of…
Bypassing Whitelists With XSS Payloads in Attributes
There are XSS scenarios where there’s a strong filter in place like WordPress’s KSES. That filter, like many others, uses a Whitelist approach allowing only…
Measure Your AI Risk Preparedness with This Interactive Self-Assessment Tool
Effectively managing these risks requires human expertise and strategic oversight. That’s where the AI Risk Readiness Self-Assessment Tool comes in — helping your organization evaluate the…
European Council Adopts Cyber Resilience Act
The CRA will be a game-changing regulation for software and connected product security. The CRA imposes cybersecurity requirements for manufacturers of software and connected products…
How To Use HackerOne’s Global Vulnerability Policy Map
To help organizations keep up with the shifting landscape of VDP mandates and recommendations, HackerOne has developed the Global Vulnerability Policy Map, an interactive map-based…
Get to know our new Domains page
Earlier this year, we launched a new Domains page to give you more powerful and flexible attack surface insights. When the recent CUPS vulnerability hit…
How to Use Hugging Face Models with Ollama
Ollama is one of my favorite ways to experiment with local AI models. It’s a CLI that also runs an API server for whatever it’s…