Truffle Security relaunches XSS Hunter tool with new features
Popular hacking aid resurrected following end-of-life announcement XSS Hunter now has a home at Truffle Security, which has launched a...
Read more →Category: PortSwigger
Researcher drops Lexmark RCE zero-day rather than sell vuln ‘for peanuts’
Printer exploit chain could be weaponized to fully compromise more than 100 models A security researcher dropped a zero-day remote...
Read more →
Bug Bounty Radar // The latest bug bounty programs for February 2023
New web targets for the discerning hacker A bypass of Facebook’s SMS-based two-factor authentication (2FA) made it into Meta’s most...
Read more →
Deserialized web security roundup: ‘Catastrophic cyber events’, another T-Mobile breach, more LastPass problems
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news “A far-reaching, catastrophic cyber event is likely...
Read more →
Facebook two-factor authentication bypass issue patched
Security vulnerability was one of Meta’s top bugs of 2022 Meta has patched a vulnerability in Facebook that could have...
Read more →
Ruby on Rails apps vulnerable to data theft through Ransack search
Ben Dickson 26 January 2023 at 17:27 UTC Updated: 26 January 2023 at 17:33 UTC Several applications were vulnerable to...
Read more →
Trellix automates tackling open source vulnerabilities at scale
Charlie Osborne 26 January 2023 at 13:52 UTC Updated: 26 January 2023 at 13:55 UTC More than 61,000 vulnerabilities patched...
Read more →
Yellowfin tackles auth bypass bug trio that opened door to RCE
Pre- and post-auth path to pwnage A trio of authentication bypass bugs stemming from the use of hardcoded keys have...
Read more →
Bitwarden responds to encryption design flaw criticism
Password vault vendor accused of making a hash of encryption Password vault vendor Bitwarden has responded to renewed criticism of...
Read more →
IoT vendors faulted for slow progress in setting up vulnerability disclosure programs
John Leyden 24 January 2023 at 13:22 UTC Updated: 24 January 2023 at 13:30 UTC Manufacturer complacency ‘translates into an...
Read more →
AWS patches bypass bug in CloudTrail API monitoring tool
Threat actors poking around AWS environments and API calls could stay under the radar Amazon Web Services (AWS) has patched...
Read more →
Tell us what you think: The Daily Swig reader survey 2023
Have your say to be in with the chance to win Burp Suite swag… UPDATED The Daily Swig, the brainchild of...
Read more →