Critical vulnerability allowed attackers to remotely unlock, control Hyundai, Genesis vehicles
Charlie Osborne 01 December 2022 at 14:30 UTC Updated: 01 December 2022 at 15:51 UTC Vehicles made after 2012 were vulnerable to web app exploit…
Category: PortSwigger
Go SAML library vulnerable to authentication bypass
An attacker could masquerade as an authenticated user without presenting credentials An open source Go implementation of the SAML protocol has patched a critical vulnerability…
Deserialized web security roundup: Algolia API key leak, GitHub CVE reporting, scoring CVSS scores
Adam Bannister 02 December 2022 at 17:19 UTC Updated: 19 December 2022 at 17:12 UTC Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and…
Black Hat Europe 2022: A defendable internet is possible, but only with industry makeover
John Leyden 07 December 2022 at 15:19 UTC Updated: 07 December 2022 at 15:22 UTC Empower buyers and stop fixating about zero-days, conference attendees told…
NodeBB prototype pollution flaw could lead to account takeover
‘Not a prototype pollution vulnerability as you might normally understand it’ NodeBB, a Node.js platform for creating forum applications, has patched a prototype pollution vulnerability…
JSON syntax hack allowed SQL injection payloads to be smuggled past WAFs
John Leyden 09 December 2022 at 13:17 UTC Updated: 15 December 2022 at 17:06 UTC Five vendors act to thwart generic hack Security researchers have…
ChatGPT bid for bogus bug bounty is thwarted
Improving large language models offer ‘just one more way to attack code, and one more way to defend code’ A supposed security researcher has tried…
Black Hat Europe 2022: Hacking tools showcased at annual security conference
Aids and techniques demonstrated at this year’s arsenal track Tools to enable the work of security researchers, pen testers, and bug bounty hunters were demonstrated…
Black Hat Europe redux: The top web hacking talks for 2022
Catch up on the highlights of last week’s cybersecurity conference Alongside the release of hacking tools and a thought-provoking keynote, there was plenty on offer…
Cloud flaws brought to the fore as bug bounty vulnerabilities hit 65k in 2022 – HackerOne
Impact of cloud migration and shift to remote work evident in new report Bug bounty hunters are increasingly unearthing cloud-based vulnerabilities as organizations undergo ‘digital…
Akamai WAF bypassed via Spring Boot to trigger RCE
Charlie Osborne 14 December 2022 at 12:01 UTC Updated: 19 December 2022 at 09:53 UTC Akamai issued an update to resolve the flaw several months…
Critical IP spoofing bug patched in Cacti
‘Not that hard to execute if attacker has access to a monitoring platform running Cacti’ A dangerous bug in Cacti, the RRDTool frontend and performance/fault…