Latest threats Bug bounty For devs Deep dives More About

Web security vulnerabilities Network security vulnerabilities Cloud security Zero-day news Supply chain attacks

View all web security news

Prototype pollution

Prototype pollution project yields another Parse Server RCE

Bug bounty news VDPs Bug Bounty Radar

View all bug bounty news

Bug Bounty Radar

The latest programs for February 2023

DevSecOps Security best practices Dev stack tech

View all dev related news

All Day DevOps

AppSec engineer keynote says Log4j revealed lessons were not learned from the Equifax breach

Deep dives Interviews

View all of the latest features

Infosec beginner?

A rough guide to launching a career in cybersecurity

Industry news Enterprise security news Web hacking tools Events

View all infosec industry news

Cybersecurity conferences

A schedule of events in 2022 and beyond

Archive - December 2022

Bug Bounty Radar // The latest bug bounty programs for January 2023 30 December 2022 at 13:40 UTC Security done right – infosec wins of 2022 30 December 2022 at 11:24 UTC Stupid security 2022 – this year’s infosec fails 29 December 2022 at 10:04 UTC Finding the next Log4j – OpenSSF’s Brian Behlendorf on pivoting to a ‘risk-centred view’ of open source development 23 December 2022 at 12:17 UTC Lean, green coding machine: How sustainable computing drive can reduce attack surfaces 22 December 2022 at 15:35 UTC Zoom Whiteboard patches XSS bug 22 December 2022 at 12:00 UTC Password theft bug chain patched in Passwordstate credential manager 21 December 2022 at 16:16 UTC How to become a penetration tester: Part 2 – ‘Mr Hacking’ John Jackson on the virtue of ‘endless curiosity’ 20 December 2022 at 16:52 UTC Safeurl HTTP library brings SSRF protection to Go applications 19 December 2022 at 12:30 UTC Deserialized web security roundup – Fortinet, Citrix bugs; another Uber breach; hacking NFTs at Black Hat 16 December 2022 at 17:43 UTC Critical IP spoofing bug patched in Cacti 15 December 2022 at 14:24 UTC Akamai WAF bypassed via Spring Boot to trigger RCE 14 December 2022 at 12:01 UTC Cloud flaws brought to the fore as bug bounty vulnerabilities hit 65k in 2022 – HackerOne 13 December 2022 at 16:15 UTC Black Hat Europe redux: The top web hacking talks for 2022 12 December 2022 at 17:23 UTC Black Hat Europe 2022: Hacking tools showcased at annual security conference 12 December 2022 at 11:41 UTC ChatGPT bid for bogus bug bounty is thwarted 09 December 2022 at 16:55 UTC JSON syntax hack allowed SQL injection payloads to be smuggled past WAFs 09 December 2022 at 13:17 UTC NodeBB prototype pollution flaw could lead to account takeover 08 December 2022 at 13:57 UTC Black Hat Europe 2022: A defendable internet is possible, but only with industry makeover 07 December 2022 at 15:19 UTC Deserialized web security roundup: Algolia API key leak, GitHub CVE reporting, scoring CVSS scores 02 December 2022 at 17:19 UTC Go SAML library vulnerable to authentication bypass 02 December 2022 at 11:06 UTC Critical vulnerability allowed attackers to remotely unlock, control Hyundai, Genesis vehicles 01 December 2022 at 14:30 UTC Bug Bounty Radar // The latest bug bounty programs for December 2022 01 December 2022 at 12:39 UTC