Developers of the OpenSSL cryptography library have taken the unusual step of pre-warning that an update due to land next Tuesday (November 1) will fix a critical...
A pair of vulnerabilities patched in Jira Align could have enabled low-privileged malicious users to elevate their privileges to super admin, a security researcher has found....
A new twist on security advisories promises to optimize the triaging of vulnerabilities by highlighting whether flaws are not just present within software but practically exploitable, too. Developed...
A security flaw in Parse Server that enabled brute-force guessing of sensitive user data on the API server module for Node.js and the Express WAF has...
Researchers at Johns Hopkins University have developed a graph-based code analysis tool that can detect a wide range of vulnerabilities in JavaScript programs. Called ODGen, the tool...
Vulnerabilities in a third-party module within the firmware of NETGEAR routers and Orbi WiFi Systems could lead to arbitrary code execution on affected devices. The component...
Uber’s bug bounty reports are compromised by a social engineering attack on internal networks. Uber is investigating claims its systems have been compromised by an attacker....
The maintainers of venerable open source content management system (CMS) TYPO3 have fixed a cross-site scripting (XSS) flaw with a raft of software updates. The XSS mechanism of...
Security researchers from IHTeam have uncovered a serious vulnerability in a plugin to the pfSense firewall technology. The affected pfBlockerNG plugin is not installed by default...
New web targets for the discerning hacker The otherwise typically low-key month of August also brings infosec’s most renowned conference: Black Hat USA, which this year brought...
Pen testers hunting for low-severity bugs found a far more severe cross-site request forgery (CSRF) flaw in the open source csurf software. Researchers from UK-based cybersecurity firm Fortbridge...
WatchGuard has patched several vulnerabilities in two main firewall brands that have been rated between medium and critical severity. In combination, two of the flaws allowed...
Live event brings together bug bounty hunters from across the globe. A three-day hackathon held by Yahoo last week uncovered hundreds of security bugs in its...
A new vulnerability has been found that could allow an attacker to gain unauthorized access to cloud-based Golang applications. The use of unsafe URL parsing methods built...
Bug Bounty Switzerland AG awarded program management contract. Switzerland’s National Cyber Security Centre (NCSC) has announced it is launching a new bug bounty program for the...
Now-patched RCE bug impacts dozens of DrayTek Vigor router models. A critical security vulnerability impacting DrayTek Vigor routers could allow unauthenticated attackers to gain full access...
Flaw that opened the door to cookie modification and data theft resolved. A bug in the Chromium project allowed attackers to bypass site isolation protection through...
Researchers have released details on a trio of cross-site scripting (XSS) vulnerabilities in popular open source apps that could lead to remote code execution (RCE). The security bugs,...
Malicious builds and wider infrastructural compromise were worst-case scenarios. Security researchers have identified multiple workflows in popular continuous integration and development (CI/CD) service GitHub Actions that...
Summer is here in the northern hemisphere, but this hasn’t interrupted the steady stream of new bug bounty programs from hitting the market. During the teaser...