Endpoints using GraphQL may be at risk of exploitation due to failures to mitigate cross-site request forgery (CSRF) attack vectors, researchers warn. On May 20, Doyensec...
A newly patched bug in Open Distro, a software package that includes Elasticsearch and Kibana, enabled adversaries to gain unauthorized access to server and network resources....
Many software developers working for large organizations admit to releasing applications they know to be insecure, a new report has revealed. According to findings published today (May 13)...
Default HTML sanitizer settings implemented in the Aurelia JavaScript framework leave users vulnerable to cross-site scripting (XSS) attacks, researchers have warned. Aurelia is an “unobtrusive” client framework for the...
As machine learning (ML) systems become a staple of everyday life, the security threats they entail will spill over into all kinds of applications we use,...
A remote code execution (RCE) vulnerability in the central CocoaPods server could have potentially impacted up to three million mobile apps that relied on the open source package...
Developers have fixed a serious web security flaw in a debug toolbar for the popular Django framework. The CVE-2021-30459 vulnerability in the open source Django Debug Toolbar arises...
Codecov users have been warned to take immediate action after the discovery of a credential-stealing backdoor that was active for three months. A statement from Codecov, which offers a range...
Penetration testers were able to bypass Duo Security’s two-factor authentication (2FA) controls during a client engagement after using a neat but certainly not threatening hack. Shaun Kammerling and...
UPDATED A trio of Perl modules are potentially vulnerable to a serious upstream security flaw in Net::Netmask, a Perl distribution used to parse, manipulate, and lookup IP network...
Recent Comments