3CX desktop app used in a supply chain attack
31
Mar
2023

3CX desktop app used in a supply chain attack

Researchers have found that the 3CX desktop app may be compromised and used in supply chain attacks. Researchers have found…

Abusing URL Shortners to discover sensitive resources or assets
31
Mar
2023

Abusing URL Shortners to discover sensitive resources or assets

September 22, 2015 · websec bruteforce As of late, a fair few companies and startups have been using dedicated URL…

The Human Aspect in Zero Trust Security
31
Mar
2023

The Human Aspect in Zero Trust Security

Zero trust security has become a buzzword in the cybersecurity world, emphasizing the need for a more robust and reliable…

31
Mar
2023

Intruder unveils API scanning to help organizations reduce exposure

Intruder updates its cloud-based vulnerability management service, allowing organisations of all sizes to secure their APIs by automatically detecting vulnerabilities,…

Bing and other Microsoft applications fall victim to account takeover flaw
31
Mar
2023

Bing and other Microsoft applications fall victim to account takeover flaw

We take a look at the “BingBang” flaw which allowed for search engine manipulation in Bing. Researchers from Wiz have…

Discovering a stored XSS that affects over 900k websites (CVE-2016-9751)
31
Mar
2023

Discovering a stored XSS that affects over 900k websites (CVE-2016-9751)

In my free time when I’m not hunting for bugs in paid programs, I like to contribute a bit to…

Windows 11
31
Mar
2023

Microsoft testing adaptive brightness on more Windows 11 devices

Microsoft says a new Windows 11 preview build rolling out today will allow Insiders to test the company’s adaptive brightness…

How a simple bing.com vulnerability allowed hacking millions of enterpise Microsoft 365 accounts?
31
Mar
2023

How a simple bing.com vulnerability allowed hacking millions of enterpise Microsoft 365 accounts?

A vulnerability that might compromise the security of millions of Microsoft 365 accounts was found earlier this year. Researchers at…

3CX Desktop App Supply Chain Attack Targets Millions - Known Facts and First Expert Comments
31
Mar
2023

3CX Desktop App Supply Chain Attack Targets Millions – Known Facts and First Expert Comments

3CX is urgently working to release a software update in response to the SmoothOperator supply chain attack that targets millions…

Update now! Apple fixes actively exploited vulnerability and introduces new features
31
Mar
2023

Update now! Apple fixes actively exploited vulnerability and introduces new features

Apple has released security updates and new features for several of its products, including a fix for an actively exploited…

Exploiting Null Byte Buffer Overflow for a ,000 bounty
31
Mar
2023

Exploiting Null Byte Buffer Overflow for a ,000 bounty

As a preface, when I originally found this bug I was unfamiliar the class of “null byte buffer overflow” even…

Microsoft OneNote
31
Mar
2023

Microsoft OneNote will block 120 dangerous file extensions

Microsoft has shared more information on what malicious embedded files OneNote will soon block to defend users against ongoing phishing…