Git security audit reveals critical overflow bugs
Uncovered vulnerabilities include several high, medium, and low-security issues A security audit of the source code for Git has revealed...
Read more →Category: PortSwigger
Popular password managers auto-filled credentials on untrusted websites
John Leyden 20 January 2023 at 12:09 UTC Updated: 20 January 2023 at 12:12 UTC Dashlane, Bitwarden, and Safari all...
Read more →
Google pays hacker duo $22k in bug bounties for flaws in multiple cloud projects
Six payouts issued for bugs uncovered in Theia, Vertex AI, Compute Engine, and Cloud Workstations Vulnerabilities in four Google Cloud...
Read more →
WAGO fixes config export flaw threatening data leak from industrial devices
Charlie Osborne 18 January 2023 at 15:34 UTC Updated: 18 January 2023 at 15:52 UTC Severity somewhat blunted by reboot-related...
Read more →
US government announces third Hack The Pentagon challenge
Ethical hackers and bug bounty hunters invited to test Department of Defense assets The US Department of Defense (DoD) is...
Read more →
Squaring the CircleCI: DevOps platform publishes post-mortem on recent breach
How the build pipeline was compromised Popular DevOps platform CircleCI has blamed an attack that successfully planted malware on an...
Read more →
Deserialized web security roundup – Slack and Okta breaches, lax US government passwords report, and more
Jessica Haworth 13 January 2023 at 18:31 UTC Updated: 16 January 2023 at 14:29 UTC Your fortnightly rundown of AppSec...
Read more →
Deserialized web security roundup – Slack, Okta security breaches, lax US government passwords report, and more
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news Slack suffered a security breach recently, “involving...
Read more →
New tool protects against vulnerabilities in popular file converter ImageMagick
Library has somewhat of an image problem given history of serious bugs A new tool enables developers to better protect...
Read more →
Threema disputes crypto flaws disclosure, prompts security flap
‘Condescending’ response to vulnerability disclosure angers infosec community Security researchers have defended academics who discovered several serious security flaws in...
Read more →
Prototype pollution-like bug variant discovered in Python
‘Class pollution’ flaw similar to dangerous vulnerability type found in JavaScript and similar languages Prototype pollution is a dangerous bug...
Read more →
Meet teler-waf: Security-focused HTTP middleware for the Go framework
Protection against XSS, SQLi, and more web attacks for Go-based web applications A developer has released a new tool for...
Read more →