The default behavior of pip, the Python package installer, leaves the software development process vulnerable to ‘dependency confusion’ attacks, a software vendor has discovered. Use of the...
“We train people with things they will see in the real world,” says Ning Wang, CEO of infosec and pen test training firm Offensive Security (‘Offsec’)....
In December 2020, with much of the world distracted by a Covid-19 resurgence and the aftermath of the US presidential election, security researchers were busy tracking...
A new variant of the freshly minted NAT slipstreaming attack has emerged that could use unmanaged, internal network devices as a bridgehead to – in the...
A new machine learning technique could make it easier for penetration testers to find SQL injection exploits in web applications. Introduced in a recently published paper by researchers...
The vast majority of the most popular Windows-native PDF viewers were vulnerable to multiple attack techniques exploiting standard PDF features, a team of security researchers has discovered. Several...
INTERVIEW Ranking among the top 10 hackers on bug bounty platform YesWeHack’s all-time leaderboard, Raphaël Arrouas’ methodologies will be of interest to security researchers of all abilities. Arrouas,...
Experts found a critical flaw in Real-Time Automation’s (RTA) 499ES EtherNet/IP stack that could allow hacking industrial control systems. Tracked as CVE-2020-25159, the flaw is rated 9.8...
Crash analysis firm ZecOps has batted away criticism that a recently released iOS exploit presents a privacy risk for researchers that use it. The proof-of-concept (PoC)...
A security researcher discovered fresh flaws in open source image converter ImageMagick during the process of exploring an earlier vulnerability dating back four years. Alex Inführ...
Recent Comments