A recently patched bug in the Chromium project could allow malicious actors to bypass a security feature that protects sensitive cookies on Android browsers. The SameSite setting enables...
The REST API of Plesk was vulnerable to client-side request forgery (CSRF), which could lead to multiple potential attacks, including malicious file upload and the takeover of the...
Pen testers hunting for low-severity bugs found a far more severe cross-site request forgery (CSRF) flaw in the open source csurf software. Researchers from UK-based cybersecurity firm Fortbridge...
Open source DevOps platform Jenkins is warning users of unpatched security vulnerabilities impacting more than a dozen plugins. A leading open source automation server, Jenkins provides thousands of...
Cisco has addressed severe vulnerabilities in the Cisco Nexus Dashboard data center management solution that can let remote attackers execute commands and perform actions with root...
On Thursday, the Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source automation server, 29 of the bugs being zero-days...
Developers of the Symfony PHP framework have reversed a recent change that inadvertently turned off protection against cross-site request forgery (CSRF) attacks. Symfony is a popular PHP framework for web...
Chrome is deprecating direct access to private network endpoints from public websites in order to protect users from cross-site request forgery (CSRF) attacks. Part two of the browser’s...
UPDATED GitLab has pushed out a significant security release that addresses multiple flaws including an arbitrary file read issue rated as ‘critical’ and two high-impact vulnerabilities. An update...
A security vulnerability in popular dating site OkCupid meant an attacker could dupe users into unknowingly ‘liking’ or sending messages to other profiles. The flaw, which...
Recent Comments