Ibexa DXP patched for GraphQL password hash leak vulnerability
Organizations advised to mandate password resets out of caution Norwegian software firm Ibexa is urging users to apply a new patch immediately to resolve a…
Category: PortSwigger
Mastodon vulnerable to multiple system configuration problems
John Leyden 22 November 2022 at 15:23 UTC Updated: 23 November 2022 at 10:47 UTC The whole toot Multiple instances of social media platform Mastodon…
Vulnerability in AWS AppSync allowed unauthorized access to cloud resources
Ben Dickson 25 November 2022 at 10:22 UTC Updated: 25 November 2022 at 11:17 UTC Attackers could gain full control of a cloud-hosted database A…
ConnectWise closes XSS vector for remote hijack scams
Researchers also applaud abandonment of customization feature abused by scammers A cross-site scripting (XSS) vulnerability in ConnectWise Control, the remote monitoring and management (RMM) platform,…
How to become a penetration tester: Part 1 – your path into offensive security testing
Fancy a career in what one practitioner described as the ‘best job in the world’? Read on to find out how… Since you’re reading The…
Million-dollar bug bounties: The rise of record-breaking payouts
As seven-figure vulnerability rewards continue to hit headlines, what is driving bug bounty inflation? Bug bounty rewards have breached the $1 million mark, and there…
Intel disputes seriousness of Data Centre Manager authentication flaw
Security researcher scores $10K bug bounty A security researcher has released details of how they were able to hack Intel’s Data Center Manager (DCM). More…
Tailscale VPN nodes vulnerable to DNS rebinding, RCE
Users should manually update to the latest version now UPDATED A series of flaws in Tailscale, an open source mesh virtual private network (VPN) software,…
Critical vulnerability allowed attackers to remotely unlock, control Hyundai, Genesis vehicles
Charlie Osborne 01 December 2022 at 14:30 UTC Updated: 01 December 2022 at 15:51 UTC Vehicles made after 2012 were vulnerable to web app exploit…
Go SAML library vulnerable to authentication bypass
An attacker could masquerade as an authenticated user without presenting credentials An open source Go implementation of the SAML protocol has patched a critical vulnerability…
Deserialized web security roundup: Algolia API key leak, GitHub CVE reporting, scoring CVSS scores
Adam Bannister 02 December 2022 at 17:19 UTC Updated: 19 December 2022 at 17:12 UTC Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and…
Black Hat Europe 2022: A defendable internet is possible, but only with industry makeover
John Leyden 07 December 2022 at 15:19 UTC Updated: 07 December 2022 at 15:22 UTC Empower buyers and stop fixating about zero-days, conference attendees told…