Prototype pollution project yields another Parse Server RCE
Adam Bannister 11 November 2022 at 15:37 UTC Updated: 02 December 2022 at 11:49 UTC Bug emerges from ambition to...
Read more →Category: PortSwigger
All Day DevOps: Third of Log4j downloads still pull vulnerable version despite threat of supply chain attacks
Adam Bannister 14 November 2022 at 16:16 UTC Updated: 24 November 2022 at 12:50 UTC AppSec engineer keynote says Log4j...
Read more →
Mastodon users vulnerable to password-stealing attacks
Jessica Haworth 15 November 2022 at 15:39 UTC Updated: 15 November 2022 at 15:47 UTC Patched bug could have leaked...
Read more →
Zendesk Explore flaws opened the door to account pillage
John Leyden 15 November 2022 at 16:10 UTC Updated: 16 November 2022 at 11:18 UTC Patched SQLi and logical access...
Read more →
F5 fixes high severity RCE bug in BIG-IP, BIG-IQ devices
Adam Bannister 16 November 2022 at 15:02 UTC Updated: 16 November 2022 at 15:06 UTC Widespread exploitation deemed ‘unlikely’ given...
Read more →
Google Roulette: Developer console trick can trigger XSS in Chromium browsers
Ben Dickson 17 November 2022 at 13:16 UTC Updated: 17 November 2022 at 14:10 UTC A case study on the...
Read more →
HackerOne encourages customers to adopt standard policy to protect hackers from legal problems
John Leyden 17 November 2022 at 15:27 UTC Updated: 28 November 2022 at 14:59 UTC ‘Short, broad, easily-understood safe harbor...
Read more →
Ibexa DXP patched for GraphQL password hash leak vulnerability
Organizations advised to mandate password resets out of caution Norwegian software firm Ibexa is urging users to apply a new...
Read more →
Mastodon vulnerable to multiple system configuration problems
John Leyden 22 November 2022 at 15:23 UTC Updated: 23 November 2022 at 10:47 UTC The whole toot Multiple instances...
Read more →
Vulnerability in AWS AppSync allowed unauthorized access to cloud resources
Ben Dickson 25 November 2022 at 10:22 UTC Updated: 25 November 2022 at 11:17 UTC Attackers could gain full control...
Read more →
ConnectWise closes XSS vector for remote hijack scams
Researchers also applaud abandonment of customization feature abused by scammers A cross-site scripting (XSS) vulnerability in ConnectWise Control, the remote...
Read more →
How to become a penetration tester: Part 1 – your path into offensive security testing
Fancy a career in what one practitioner described as the ‘best job in the world’? Read on to find out...
Read more →