Jessica Haworth 24 February 2023 at 13:09 UTC Updated: 24 February 2023 at 13:15 UTC Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and…
CSF 2.0 blueprint offered up for public review ANALYSIS The US National Institute of Standards and Technology (NIST) is planning significant changes to its Cybersecurity…
Patch released for bug that poses a critical risk to vulnerable technologies A security flaw in a bundle anti-malware scanner product has created a serious…
JFrog argues vulnerability risk metrics need complete revamp ANALYSIS Weaknesses in the existing CVSS scoring system have been highlighted through new research, with existing metrics…
API security is a ‘great gateway’ into a pen testing career, advises specialist in the field INTERVIEW Securing web APIs requires a different approach to…
Ben Dickson 17 February 2023 at 16:05 UTC Updated: 17 February 2023 at 16:07 UTC Exploitation could enable attackers to access backend servers HAProxy, the…
Free fortnightly roundup and exclusive content for subscribers only Want to get the latest web security news straight to your inbox? Now you can, with…
Adam Bannister 15 February 2023 at 16:49 UTC Updated: 15 February 2023 at 17:05 UTC New legal protections for security researchers could be the strongest…
Possible RCE and denial-of-service issue discovered in Kafka Connect Apache has resolved a vulnerability potentially exploitable to launch remote code execution (RCE) attacks using Kafka…
The first guide of our two-part series helps consumers choose the best way to manage their login credentials While we continue to wait for the…
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news KeePass has become the latest password manager utility obliged to defend its…
Adam Bannister 10 February 2023 at 14:56 UTC Updated: 10 February 2023 at 14:58 UTC Single sign-on and request smuggling to the fore in another…
