Wyoming health department employee uploaded sensitive data to software code repositories | Continue reading
Vulnerability disclosure platform driven by ‘transparency and fairness’, with over 500,000 bugs fixed since 2014 | Continue reading
A new class of security flaw is emerging from obscurity | Continue reading
nodejs developers urged to check their projects for vulnerable package | Continue reading
Intro The OAuth2 authorization protocol has been under fire for the past ten years. You've probably already heard about plenty of "return_uri" tricks, token leakages, CSRF-style attacks on clients, an | Continue reading
An infosec conference talk was allegedly canceled due to a ‘cease and desist’ demand | Continue reading
One of several dubious repositories flagged by custom-built tool | Continue reading
Welcome to the Top 10 (novel) Web Hacking Techniques of 2020, our annual community-powered effort to identify the must-read web security research released in the previous year. Over the past few weeks | Continue reading
Tackling vulnerability propagation and license violation, one scan at a time | Continue reading
Local file read and RCE errors have been linked to Express.js and Handlebars usage | Continue reading
Open source tool was incorrectly labeled as a threat by Chrome’s Safe Browsing program last week | Continue reading
Tool captures potentially malicious communications being sent from smartphone to WiFi points | Continue reading
While browsing the web, you've almost certainly come across sites that let you log in using your social media account. The chances are that this feature is ... | Continue reading
Abstract PDF documents and PDF generators are ubiquitous on the web, and so are injection vulnerabilities. Did you know that controlling a measly HTTP hyperlink can provide a foothold into the inner w | Continue reading
Ruling over interpretation of aging law could have a chilling or liberating effect on security research | Continue reading
Chained attack could ‘shut down a company’s entire international network’ | Continue reading
US news site confirms database leak | Continue reading
The now-patched privacy flaw puts unsecured resources in jeopardy | Continue reading
Open source program has seen 100-fold increase since the coronavirus outbreak | Continue reading
New hacking technique overcomes ‘network jitter’ issue that can impact the success of side-channel attacks | Continue reading
New tool allows users to prevent themselves from being tracked online | Continue reading
Vulnerability impacts standard-version utility, which is used by more than 20,000 projects | Continue reading
Open source privacy tool now available for Chrome and Firefox | Continue reading
WebRTC DNS lookups exploited in clever hack | Continue reading
This is no basic listicle | Continue reading
Foul play, potentially | Continue reading
The results are in! After 51 nominations whittled down to 15 finalists by a community vote, an expert panel consisting of Nicolas Grégoire, Soroush Dalili, Filedescriptor, and myself have conferred, v | Continue reading
Web and mobile impacted | Continue reading
Tired of proving you're not a robot? In this post, I'll show how you can partially bypass Google reCAPTCHA by using a new Turbo Intruder feature to trigger a race condition. This vulnerability was rep | Continue reading
In this paper I'll show you how to compromise websites by using esoteric web features to turn their caches into exploit delivery systems | Continue reading
Last month I published HTTP Desync Attacks: Request Smuggling Reborn. Since then, there's been a range of new developments. While vendors have been deploying fixes and publishing advisories, I've devi | Continue reading
In this section we will explain what clickjacking is, describe common examples of clickjacking attacks and discuss how to protect against these attacks. ... | Continue reading
Security firm scrambles to respond to breach | Continue reading
HTTP Desync Attacks: Request Smuggling Reborn | Continue reading
Incoming! | Continue reading
HTTP Desync Attacks: Request Smuggling Reborn | Continue reading