Belgium became a haven for ethical hackers following the adoption of a nationwide safe harbor agreement last month. The framework means that well-intentioned security researchers are free from legal...
HAProxy, the popular open source load balancer and reverse proxy, has patched a bug that could enable attackers to stage HTTP request smuggling attacks. By sending a maliciously crafted HTTP...
Detectify founder Frans Rosén has topped PortSwigger’s top 10 web hacking techniques of 2022 with ‘Account hijacking using dirty dancing in sign-in OAuth-flows’. Published in July, the...
A bypass of Facebook’s SMS-based two-factor authentication (2FA) made it into Meta’s most impressive bug bounty finds of 2022. However, it seems Facebook’s parent company initially didn’t...
Tesla is one of several organizations to remedy cross-origin resource sharing (CORS) misconfigurations after security researchers proved they could exfiltrate data from the carmaker’s internal network. That’s according...
A researcher has disclosed a technique that bypassed Akamai web application firewalls (WAF) running Spring Boot, potentially leading to remote code execution (RCE). Akamai’s WAF, which was...
NodeBB, a Node.js platform for creating forum applications, has patched a prototype pollution vulnerability that could allow attackers to impersonate other users and take over administrator accounts. The vulnerability was...
Researchers have disclosed a critical issue in Hyundai and Genesis vehicles that could be exploited to remotely control a car. Yuga Labs staff security engineer Sam...
Researchers have disclosed a critical issue in Hyundai and Genesis vehicles that could be exploited to remotely control a car. Yuga Labs staff security engineer Sam...
A prototype pollution vulnerability that could lead to remote code execution (RCE) in Parse Server has been patched. An attacker could potentially trigger RCE through the...
Recent Comments