(auto updated daily)
- Have your say to be in with the chance to win Burp Suite swag…
- Bug Bounty Radar // The latest bug bounty programs for February 2023
- Tell us what you think: The Daily Swig reader survey 2023
- Deserialized web security roundup: ‘Catastrophic cyber events’, another T-Mobile breach, more LastPass problems
- Facebook two-factor authentication bypass issue patched
- Ruby on Rails apps vulnerable to data theft through Ransack search
- Trellix automates tackling open source vulnerabilities at scale
- Yellowfin tackles auth bypass bug trio that opened door to RCE
- Bitwarden responds to encryption design flaw criticism
- IoT vendors faulted for slow progress in setting up vulnerability disclosure programs
- AWS patches bypass bug in CloudTrail API monitoring tool
- Git security audit reveals critical overflow bugs
- Popular password managers auto-filled credentials on untrusted websites
- Google pays hacker duo $22k in bug bounties for flaws in multiple cloud projects
- WAGO fixes config export flaw threatening data leak from industrial devices
- US government announces third Hack The Pentagon challenge
- Squaring the CircleCI: DevOps platform publishes post-mortem on recent breach
- Deserialized web security roundup – Slack and Okta breaches, lax US government passwords report, and more
- New tool protects against vulnerabilities in popular file converter ImageMagick
- Threema disputes crypto flaws disclosure, prompts security flap
- Prototype pollution-like bug variant discovered in Python
- Meet teler-waf: Security-focused HTTP middleware for the Go framework
- Exploit drops for remote code execution bug in Control Web Panel
- Tesla tackles CORS misconfigurations that left internal networks vulnerable
- Devs urged to rotate secrets after CircleCI suffers security breach
- Car companies massively exposed to web vulnerabilities
- Bug Bounty Radar // The latest bug bounty programs for January 2023
- Security done right – infosec wins of 2022
- Stupid security 2022 – this year’s infosec fails
- Finding the next Log4j – OpenSSF’s Brian Behlendorf on pivoting to a ‘risk-centred view’ of open source development
- Lean, green coding machine: How sustainable computing drive can reduce attack surfaces
- Zoom Whiteboard patches XSS bug
- Password theft bug chain patched in Passwordstate credential manager
- How to become a penetration tester: Part 2 – ‘Mr Hacking’ John Jackson on the virtue of ‘endless curiosity’
- Akamai wrestles with AWS S3 web cache poisoning bug
- Safeurl HTTP library brings SSRF protection to Go applications
- Deserialized web security roundup – Fortinet, Citrix bugs; another Uber breach; hacking NFTs at Black Hat
- Critical IP spoofing bug patched in Cacti
- Akamai WAF bypassed via Spring Boot to trigger RCE
- Cloud flaws brought to the fore as bug bounty vulnerabilities hit 65k in 2022 – HackerOne
- Black Hat Europe redux: The top web hacking talks for 2022
TechNewsFeeds.com – A great resource to quickly preview news feeds from over 200 popular tech news websites and blogs.
Tech News Feeds 
Leave a Reply