US government announces third Hack The Pentagon challenge
Ethical hackers and bug bounty hunters invited to test Department of Defense assets The US Department of Defense (DoD) is holding its third annual Hack…
Category: PortSwigger
Squaring the CircleCI: DevOps platform publishes post-mortem on recent breach
How the build pipeline was compromised Popular DevOps platform CircleCI has blamed an attack that successfully planted malware on an internal engineer’s laptop for a…
Deserialized web security roundup – Slack and Okta breaches, lax US government passwords report, and more
Jessica Haworth 13 January 2023 at 18:31 UTC Updated: 16 January 2023 at 14:29 UTC Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and…
Deserialized web security roundup – Slack, Okta security breaches, lax US government passwords report, and more
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news Slack suffered a security breach recently, “involving unauthorized access to a subset…
New tool protects against vulnerabilities in popular file converter ImageMagick
Library has somewhat of an image problem given history of serious bugs A new tool enables developers to better protect themselves against vulnerabilities in popular…
Threema disputes crypto flaws disclosure, prompts security flap
‘Condescending’ response to vulnerability disclosure angers infosec community Security researchers have defended academics who discovered several serious security flaws in Threema following criticism of their…
Prototype pollution-like bug variant discovered in Python
‘Class pollution’ flaw similar to dangerous vulnerability type found in JavaScript and similar languages Prototype pollution is a dangerous bug class associated with prototype-based languages,…
Meet teler-waf: Security-focused HTTP middleware for the Go framework
Protection against XSS, SQLi, and more web attacks for Go-based web applications A developer has released a new tool for Go applications that is designed…
Exploit drops for remote code execution bug in Control Web Panel
Vendor patched the vulnerability in October after a red team alert A pre-authentication remote code execution (RCE) exploit has landed for popular web hosting platform…
Tesla tackles CORS misconfigurations that left internal networks vulnerable
Typosquatting ploy successfully bypassed firewalls of multiple organizations Tesla is one of several organizations to remedy cross-origin resource sharing (CORS) misconfigurations after security researchers proved…
Devs urged to rotate secrets after CircleCI suffers security breach
DevOps platform advises customers to revoke API tokens Developers are being urged to rotate secrets and API tokens following the discovery of a breach at…
Car companies massively exposed to web vulnerabilities
Grand hack auto The web applications and APIs of major car manufacturers, telematics (vehicle tracking and logging technology) vendors, and fleet operators were riddled with…