Category: PortSwigger

Million dollar bug bounties
27
Dec
2022

Million-dollar bug bounties: The rise of record-breaking payouts

As seven-figure vulnerability rewards continue to hit headlines, what is driving bug bounty inflation? Bug bounty rewards have breached the…

Intel has disputed the seriousness of an authentication flaw discovered in its Data Centre Manager
27
Dec
2022

Intel disputes seriousness of Data Centre Manager authentication flaw

Security researcher scores $10K bug bounty A security researcher has released details of how they were able to hack Intel’s…

DNS rebinding, RCE vulnerability found in Tailscale VPN
27
Dec
2022

Tailscale VPN nodes vulnerable to DNS rebinding, RCE

Users should manually update to the latest version now UPDATED A series of flaws in Tailscale, an open source mesh…

Bug Bounty Radar - the latest bug bounty programs for December 2022
27
Dec
2022

Bug Bounty Radar // The latest bug bounty programs for December 2022

New web targets for the discerning hacker Bug bounty platform HackerOne has launched a scheme to encourage customers to adopt…

Critical vulnerability allowed attackers to remotely unlock, control Hyundai, Genesis vehicles
27
Dec
2022

Critical vulnerability allowed attackers to remotely unlock, control Hyundai, Genesis vehicles

Charlie Osborne 01 December 2022 at 14:30 UTC Updated: 01 December 2022 at 15:51 UTC Vehicles made after 2012 were…

Go SAML library vulnerable to authentication bypass
27
Dec
2022

Go SAML library vulnerable to authentication bypass

An attacker could masquerade as an authenticated user without presenting credentials An open source Go implementation of the SAML protocol…

Deserialized web security roundup - Algolia API key leak, GitHub CVE reporting, scoring CVSS scores
27
Dec
2022

Deserialized web security roundup: Algolia API key leak, GitHub CVE reporting, scoring CVSS scores

Adam Bannister 02 December 2022 at 17:19 UTC Updated: 19 December 2022 at 17:12 UTC Your fortnightly rundown of AppSec…

Black Hat Europe 2022: A defendable internet is possible, but only with industry makeover
27
Dec
2022

Black Hat Europe 2022: A defendable internet is possible, but only with industry makeover

John Leyden 07 December 2022 at 15:19 UTC Updated: 07 December 2022 at 15:22 UTC Empower buyers and stop fixating…

NodeBB prototype pollution flaw could lead to account takeover
27
Dec
2022

NodeBB prototype pollution flaw could lead to account takeover

‘Not a prototype pollution vulnerability as you might normally understand it’ NodeBB, a Node.js platform for creating forum applications, has…

JSON syntax hack allowed SQL injection payloads to get smuggled past web application firewalls
27
Dec
2022

JSON syntax hack allowed SQL injection payloads to be smuggled past WAFs

John Leyden 09 December 2022 at 13:17 UTC Updated: 15 December 2022 at 17:06 UTC Five vendors act to thwart…

ChatGPT bid for bogus crypto bug bounty is thwarted
27
Dec
2022

ChatGPT bid for bogus bug bounty is thwarted

Improving large language models offer ‘just one more way to attack code, and one more way to defend code’ A…

Black Hat Europe 2022: Hacking tools from this year's conference
26
Dec
2022

Black Hat Europe 2022: Hacking tools showcased at annual security conference

Aids and techniques demonstrated at this year’s arsenal track Tools to enable the work of security researchers, pen testers, and…