Attackers are abusing the Certificate Transparency (CT) system to compromise new WordPress sites in the typically brief window of time before the content management system (CMS) has been...
Cybersecurity researchers have disclosed a code injection flaw in the Spring Cloud computing framework that poses a remote attack risk. On March 28, infosec firm NSFOCUS...
Mitmproxy, an open source, interactive HTTPS proxy service, has patched a dangerous bug that potentially allowed attackers to stage HTTP request smuggling attacks against backend servers. HTTP...
A security researcher has demonstrated the potential dangers from a phishing technique that involves simulating a pop-up window in order to spoof a legitimate domain. The technique highlighted...
In 2021, researchers warned about a new kind of DDoS attack that took advantage of network middleboxes to carry out reflection amplification on the TCP protocol....
Security limitations in the default protection offered by Google’s web application firewall (WAF) make it possible to bypass the company’s cloud-based defenses. Researchers at security consultancy Kloudle found...
Researchers have demonstrated how a new tool can uncover redacted text from documents, potentially exposing sensitive information to nefarious actors. The tool, called Unredacter, was released by...
PortSwigger Web Security’s annual Top 10 Web Hacking Techniques list has been announced, with dependency confusion attacks crowned the number one technique seen in 2021. The...
Despite being a known and well-documented vulnerability, web cache poisoning continues to crop up around the web. In extensive research of many websites, including some high-traffic...
A Romanian team has ended a run of near misses to be crowned the 2021 winners of Trend Micro’s Raimund Genes Cup. PwnThyBytes finally topped the leaderboard...
Recent Comments