Initiative adds another layer of protection for end-to-end identity verification platform. Digital identity verification company Onfido has launched a new bug bounty program, in partnership with European vulnerability...
Security release also includes precautionary patches for potential Log4j-like flaw in Logback library. Diversified technology and infrastructure software provider Open-Xchange has released fixes for several security...
‘Vast majority’ of users have updated systems thanks to vendor warnings. Vulnerabilities in FileWave’s mobile device management (MDM) platform could enable attackers to seize control of vulnerable instances...
The fax is dead. Long live the online fax? A new study suggests many healthcare professionals believe that flaws in today’s web security landscape are prompting...
New research shows how deep learning models trained for network intrusion detection can be bypassed. Recent years have seen a growing interest in the use of machine...
Severity of code execution bug mitigated by ‘high uptake’ of previous patch. Zyxel has released patches for several of its firewall products following the discovery of...
Unauthenticated SQL injection bugs put thousands of WordPress sites under threat. A researcher at security firm Cyllective has unearthed vulnerabilities in dozens of WordPress plugins, affecting...
An unauthenticated arbitrary object instantiation vulnerability in LDAP Account Manager (LAM) has been discovered during an internal penetration test. LAM is a PHP web application for...
Inaugural report from cyber safety panel outlines strengths and weaknesses exposed by momentous security flaw. The ‘Log4Shell’ vulnerability in open source library Log4j has reached “endemic” proportions and...
Chain of exploits could be triggered without any authentication. Blitz.js, a JavaScript web application framework, has patched a dangerous prototype pollution vulnerability that could lead to remote code...
Single-click account takeovers are made possible by taking advantage of quirks in OAuth It is possible to perform single-click account hijacking by abusing the OAuth process...