Million-dollar bug bounties: The rise of record-breaking payouts
As seven-figure vulnerability rewards continue to hit headlines, what is driving bug bounty inflation? Bug bounty rewards have breached the...
Read more →Category: PortSwigger
Intel disputes seriousness of Data Centre Manager authentication flaw
Security researcher scores $10K bug bounty A security researcher has released details of how they were able to hack Intel’s...
Read more →
Tailscale VPN nodes vulnerable to DNS rebinding, RCE
Users should manually update to the latest version now UPDATED A series of flaws in Tailscale, an open source mesh...
Read more →
Bug Bounty Radar // The latest bug bounty programs for December 2022
New web targets for the discerning hacker Bug bounty platform HackerOne has launched a scheme to encourage customers to adopt...
Read more →
Critical vulnerability allowed attackers to remotely unlock, control Hyundai, Genesis vehicles
Charlie Osborne 01 December 2022 at 14:30 UTC Updated: 01 December 2022 at 15:51 UTC Vehicles made after 2012 were...
Read more →
Go SAML library vulnerable to authentication bypass
An attacker could masquerade as an authenticated user without presenting credentials An open source Go implementation of the SAML protocol...
Read more →
Deserialized web security roundup: Algolia API key leak, GitHub CVE reporting, scoring CVSS scores
Adam Bannister 02 December 2022 at 17:19 UTC Updated: 19 December 2022 at 17:12 UTC Your fortnightly rundown of AppSec...
Read more →
Black Hat Europe 2022: A defendable internet is possible, but only with industry makeover
John Leyden 07 December 2022 at 15:19 UTC Updated: 07 December 2022 at 15:22 UTC Empower buyers and stop fixating...
Read more →
NodeBB prototype pollution flaw could lead to account takeover
‘Not a prototype pollution vulnerability as you might normally understand it’ NodeBB, a Node.js platform for creating forum applications, has...
Read more →
JSON syntax hack allowed SQL injection payloads to be smuggled past WAFs
John Leyden 09 December 2022 at 13:17 UTC Updated: 15 December 2022 at 17:06 UTC Five vendors act to thwart...
Read more →
ChatGPT bid for bogus bug bounty is thwarted
Improving large language models offer ‘just one more way to attack code, and one more way to defend code’ A...
Read more →
Black Hat Europe 2022: Hacking tools showcased at annual security conference
Aids and techniques demonstrated at this year’s arsenal track Tools to enable the work of security researchers, pen testers, and...
Read more →