Lapsu$ threat actors have been linked to the cyber-attack | Continue reading
Ministry of Justice said information commissioner ‘satisfied’ with response to one particularly contentious breach | Continue reading
The software was reportedly used as part of a short-lived software supply chain attack | Continue reading
Cloudy with a chance of exploits | Continue reading
Researchers release details of unpatched security flaw | Continue reading
Patch now to protect, say researchers | Continue reading
Patch delays create a ‘window of opportunity’ for observant attackers | Continue reading
‘We must take every precaution against potential cyber incidents’, port director tells The Daily Swig | Continue reading
Social engineering technique confuses victims to gain entry to their accounts | Continue reading
Attack vector abuses permissions to force CI pipelines to execute arbitrary commands | Continue reading
QUIC march | Continue reading
Researchers credit greater transparency and responsible disclosure policies for improvements in the patching process | Continue reading
Underground business sold jailbreak devices for consoles including the Nintendo Switch, 3DS, and Microsoft’s Xbox | Continue reading
Underground business sold jailbreak devices for consoles including the Nintendo Switch, 3DS, and Microsoft’s Xbox | Continue reading
Security tools inspired by recent case where a package maintainer went rogue | Continue reading
Chance to become an instant multimillionaire via flaws in DAI smart contracts, websites, and apps | Continue reading
Request smuggling attacks a key theme | Continue reading
No customer data was accessed, company claims | Continue reading
Welcome to the Top 10 (new) Web Hacking Techniques of 2021, the latest iteration of our annual community-powered effort to identify the most significant web security research released in the last year | Continue reading
Recent moves from the US government agency have laid the groundwork for significant changes to businesses’ compliance obligations, writes US attorney David Oberly | Continue reading
Attackers have targeted mailboxes ‘in multiple waves across two attack phases’ | Continue reading
Critical security bugs inherited by multiple products | Continue reading
Alpha-Omega Project aims to improve software supply chain security for 10,000 OSS projects | Continue reading
Inadvertent defense downgrade quickly reverted | Continue reading
Though still in its early stages, SnapFuzz is already showing some promising results | Continue reading
WordPress plugin problem patched | Continue reading
‘Cloudbleed’-like bug affected cloud computing service from Fastly, a H2O contributor | Continue reading
Researchers say 144,000 files were exposed | Continue reading
Urgent patching of file-sharing technology urged | Continue reading
New web targets for the discerning hacker | Continue reading
Gatekeeper defenses prove no match for uXSS attack | Continue reading
Volunteers urged to build bridges while Tor contests blockade | Continue reading
Fix is apparently incoming | Continue reading
Targets included GitHub, GitLab, HackerOne, and Cloudflare | Continue reading
Attackers can use connections between wireless chips to steal data or credentials, researchers find | Continue reading
Law enforcement alerted company to compromise of payment card info | Continue reading
XSS flaw in Proctorio gets resolved | Continue reading
Russian language search engine has secured its backend infrastructure | Continue reading
SANS Institute’s latest Grid NetWars competition involved 250 security pros from Ukraine | Continue reading
Allow domains to ‘drop’ and you’re increasing the effectiveness of a variety of attacks | Continue reading
Two packages lay undiscovered for 10 months | Continue reading
Payout ceiling lifted from $100,000 to $150,000 for 12-month bonus period | Continue reading
HackerOne study charts effects of digital transformation and cloud migration | Continue reading
Now-patched bugs were easy to exploit, but required prior authentication/network access | Continue reading
Misaligned incentives are undermining efforts to tackle TLD bugs with ‘mass-scale impact’ | Continue reading
Ad blockers like uBlock Origin are extremely popular, and typically have access to every page a user visits. Behind the scenes, they're powered by community-provided filter lists - CSS selectors that | Continue reading
Security firm said attackers executed a ‘transfer-out, swap, and wash’ | Continue reading
US crime syndicate ‘The Community’ stole millions of dollars’ worth of cryptocurrency | Continue reading