Expanding Capabilities and Attack Surfaces
AI and APIs have a symbiotic relationship. APIs power AI by providing the necessary data and functionality, while AI enhances API security through advanced threat…
Category: Mix
Unlocking Engagement with Employee Feedback
Since 2018, HackerOne has maintained an employee engagement survey participation rate of over 80%, with half of the surveys achieving 90% or more participation. The…
Top 4 new attack vectors in web application targets
We all like to find vulnerabilities in bug bounty programs, they get us bounties, increase our ranks on platform leaderboards and help us stay motivated…
Final Thoughts on the 2024 Election
I have some interesting thoughts going into the big day tomorrow, and I wanted to try to capture them concisely. The best overview debate (Harris…
Attackers Abuse DocuSign API to Send Authentic-Looking Invoices At Scale
In a concerning trend, cybercriminals are leveraging DocuSign’s APIs to send fake invoices that appear strikingly authentic. Unlike traditional phishing scams that rely on deceptively…
Exploring OWASP Noir’s PassiveScan | HAHWUL
Detecting Secrets with Noir – The PassiveScan Advantage Hello, security enthusiasts! Today, we’re diving into the exciting new features of OWASP Noir v0.18, particularly focusing…
Fixing Ubiquiti WiFi Roaming
The three settings I had to enable to get proper WiFi roaming The problem I’m a massive fan of Ubiquiti stuff, but even after upgrading…
TIL you can Import CSV files into Google Calendar
Today I learned that Google Calendar has a really useful CSV import feature that lets you bulk-import events. This is particularly handy if you mapped…
Who Should Own AI Risk at Your Organization?
In this blog, we’ll explore who is and should be accountable for AI risk within organizations and how to empower them to take this significant…
How to Mitigate the Latest API Vulnerability in FortiManager
Overview of the FortiManager API Vulnerability Recently, a critical API vulnerability in FortiManager (CVE-2024-47575) was disclosed. Certain threat actors exploited it in the wild to…
Take control of your security posture: The Burp Suite Enterprise Edition winter update | Blog
Rob Samuels | 30 October 2024 at 09:12 UTC Manage your security, your way. Managing a complex, enterprise-level web estate requires robust compliance, streamlined management…
Securing Our Elections Through Vulnerability Testing and Disclosure
Security researchers and election technology manufacturers at the Election Security Research Forum (ESRF). The Event In preparation for the election season, HackerOne planned and executed…