Category: PortSwigger

Git security audit reveals critical overflow bugs
20
Jan
2023

Git security audit reveals critical overflow bugs

Uncovered vulnerabilities include several high, medium, and low-security issues A security audit of the source code for Git has revealed…

Popular password managers auto-filled credentials on untrusted websites
20
Jan
2023

Popular password managers auto-filled credentials on untrusted websites

John Leyden 20 January 2023 at 12:09 UTC Updated: 20 January 2023 at 12:12 UTC Dashlane, Bitwarden, and Safari all…

Google pays hacker duo $22k in bug bounties for flaws in multiple cloud projects
19
Jan
2023

Google pays hacker duo $22k in bug bounties for flaws in multiple cloud projects

Six payouts issued for bugs uncovered in Theia, Vertex AI, Compute Engine, and Cloud Workstations Vulnerabilities in four Google Cloud…

WAGO fixes config export flaw threatening data leak from industrial devices
18
Jan
2023

WAGO fixes config export flaw threatening data leak from industrial devices

Charlie Osborne 18 January 2023 at 15:34 UTC Updated: 18 January 2023 at 15:52 UTC Severity somewhat blunted by reboot-related…

US government announces third Hack The Pentagon challenge
17
Jan
2023

US government announces third Hack The Pentagon challenge

Ethical hackers and bug bounty hunters invited to test Department of Defense assets The US Department of Defense (DoD) is…

Squaring the CircleCI: DevOps platform publishes post-mortem on recent breach
16
Jan
2023

Squaring the CircleCI: DevOps platform publishes post-mortem on recent breach

How the build pipeline was compromised Popular DevOps platform CircleCI has blamed an attack that successfully planted malware on an…

Deserialized web security roundup – Slack, Okta security breaches, lax US government passwords report, and more 
16
Jan
2023

Deserialized web security roundup – Slack and Okta breaches, lax US government passwords report, and more 

Jessica Haworth 13 January 2023 at 18:31 UTC Updated: 16 January 2023 at 14:29 UTC Your fortnightly rundown of AppSec…

Deserialized web security roundup – Slack, Okta security breaches, lax US government passwords report, and more 
13
Jan
2023

Deserialized web security roundup – Slack, Okta security breaches, lax US government passwords report, and more 

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news Slack suffered a security breach recently, “involving…

New tool protects against vulnerabilities in popular file converter ImageMagick
12
Jan
2023

New tool protects against vulnerabilities in popular file converter ImageMagick

Library has somewhat of an image problem given history of serious bugs A new tool enables developers to better protect…

Threema disputes crypto flaws disclosure, prompts security flap
11
Jan
2023

Threema disputes crypto flaws disclosure, prompts security flap

‘Condescending’ response to vulnerability disclosure angers infosec community Security researchers have defended academics who discovered several serious security flaws in…

Prototype pollution-like bug variant discovered in Python
10
Jan
2023

Prototype pollution-like bug variant discovered in Python

‘Class pollution’ flaw similar to dangerous vulnerability type found in JavaScript and similar languages Prototype pollution is a dangerous bug…

Meet teler-waf: Security-focused HTTP middleware for the Go framework
09
Jan
2023

Meet teler-waf: Security-focused HTTP middleware for the Go framework

Protection against XSS, SQLi, and more web attacks for Go-based web applications A developer has released a new tool for…