LoginWeβre going teetotal: Itβs goodbye to The Daily Swig
2 March 2023 at 09:05
PortSwigger today announces that The Daily Swig is closing down
Normal view
Before yesterdayThe Daily Swig
Bug Bounty Radar // The latest bug bounty programs for March 2023
28 February 2023 at 14:15
New web targets for the discerning hacker
-
The Daily Swig
- Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
28 February 2023 at 09:15
Armed with personal data fragments, a researcher could also access 185 million citizensβ PII
Password managers: A rough guide to enterprise secret platforms
27 February 2023 at 10:30
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more
Chromium bug allowed SameSite cookie bypass on Android devices
27 February 2023 at 06:50
Protections against cross-site request forgery could be bypassed
-
- Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
24 February 2023 at 08:09
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
NIST plots biggest ever reform of Cybersecurity Framework
23 February 2023 at 10:55
CSF 2.0 blueprint offered up for public review
Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
22 February 2023 at 09:23
Patch released for bug that poses a critical risk to vulnerable technologies
CVSS system criticized for failure to address real-world impact
21 February 2023 at 10:34
JFrog argues vulnerability risk metrics need complete revamp
-
- βMost web API flaws are missed by standard security testsβ β Corey J Ball on securing a neglected attack vector
βMost web API flaws are missed by standard security testsβ β Corey J Ball on securing a neglected attack vector
20 February 2023 at 08:58
API security is a βgreat gatewayβ into a pen testing career, advises specialist in the field
HTTP request smuggling bug patched in HAProxy
17 February 2023 at 11:05
Exploitation could enable attackers to access backend servers
Belgium launches nationwide safe harbor for ethical hackers
15 February 2023 at 11:49
New legal protections for security researchers could be the strongest of any EU country
Remote code execution flaw patched in Apache Kafka
15 February 2023 at 09:01
Possible RCE and denial-of-service issue discovered in Kafka Connect
Password manager security: Which is the right option for me?
14 February 2023 at 10:58
The first guide of our two-part series helps consumers choose the best way to manage their login credentials
-
- Deserialized web security roundup: KeePass dismisses βvulnerabilityβ report, OpenSSL gets patched, and Reddit admits phishing hack
Deserialized web security roundup: KeePass dismisses βvulnerabilityβ report, OpenSSL gets patched, and Reddit admits phishing hack
10 February 2023 at 11:30
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
OAuth βmasterclassβ crowned top web hacking technique of 2022
10 February 2023 at 09:56
Single sign-on and request smuggling to the fore in another stellar year for web security research
Radio silence from DMS vendor quartet over XSS zero-days
10 February 2023 at 06:55
No response or patch yet forthcoming from providers of vulnerable document management systems
New XSS Hunter host Truffle Security faces privacy backlash
9 February 2023 at 12:12
Anonymized numbers of bug discoveries swiftly deleted after pushback
Second UK Computer Misuse Act consultation reflects βvery little progressβ
8 February 2023 at 12:02
Campaigner bemoans glacial progress of review and urges government to set clear timetable
DOM XSS vulnerability in Gartner Peer Insights widget patched
8 February 2023 at 08:42
Web attack vector closed after failed fix
