Tell us what you think: The Daily Swig reader survey 2023
Have your say to be in with the chance to win Burp Suite swag… The Daily Swig, the brainchild of PortSwigger, the makers of Burp…
Category: PortSwigger
Bug Bounty Radar // The latest bug bounty programs for January 2023
New web targets for the discerning hacker As 2022 draws to a close, HackerOne has revealed that cloud-based vulnerabilities became increasingly common this year as…
Security done right – infosec wins of 2022
The toasts, triumphs, and biggest security wins of the year As 2022 draws to a close, The Daily Swig is revisiting some of the year’s…
Stupid security 2022 – this year’s infosec fails
Epic web security fails and salutary lessons from another inevitably eventful year in infosec As 2022 draws to a close, The Daily Swig is revisiting…
Passport-SAML auth bypass triggers fix of critical, upstream XMLDOM bug
Adam Bannister 08 November 2022 at 16:33 UTC Updated: 25 November 2022 at 10:37 UTC Rapid remedy follows reawakening of long-dormant bug threat A critical…
CSS injection flaw patched in Acronis cloud management console
CSRF attacks could be triggered to access and exfiltrate information A security researcher has disclosed a CSS injection flaw in Acronis software which could be…
Google Pixel screen-lock hack earns researcher $70k
John Leyden 10 November 2022 at 16:14 UTC Updated: 11 November 2022 at 11:23 UTC Android security pwned by PUK reset trick A security researcher…
CSRF in Plesk API enabled server takeover
Ben Dickson 11 November 2022 at 11:31 UTC Updated: 11 November 2022 at 16:51 UTC Bugs in programming interfaces of web hosting admin tool patched…
Prototype pollution project yields another Parse Server RCE
Adam Bannister 11 November 2022 at 15:37 UTC Updated: 02 December 2022 at 11:49 UTC Bug emerges from ambition to find ‘end-to-end exploits beyond DoS’…
All Day DevOps: Third of Log4j downloads still pull vulnerable version despite threat of supply chain attacks
Adam Bannister 14 November 2022 at 16:16 UTC Updated: 24 November 2022 at 12:50 UTC AppSec engineer keynote says Log4j revealed lessons were not learned…
Mastodon users vulnerable to password-stealing attacks
Jessica Haworth 15 November 2022 at 15:39 UTC Updated: 15 November 2022 at 15:47 UTC Patched bug could have leaked credentials Attackers could steal password…
Zendesk Explore flaws opened the door to account pillage
John Leyden 15 November 2022 at 16:10 UTC Updated: 16 November 2022 at 11:18 UTC Patched SQLi and logical access vulnerabilities posed serious risk Security…