Latest threats Bug bounty For devs Deep dives More About

Web security vulnerabilities Network security vulnerabilities Cloud security Zero-day news Supply chain attacks

View all web security news

Prototype pollution

Prototype pollution project yields another Parse Server RCE

Bug bounty news VDPs Bug Bounty Radar

View all bug bounty news

Bug Bounty Radar

The latest programs for February 2023

DevSecOps Security best practices Dev stack tech

View all dev related news

All Day DevOps

AppSec engineer keynote says Log4j revealed lessons were not learned from the Equifax breach

Deep dives Interviews

View all of the latest features

Infosec beginner?

A rough guide to launching a career in cybersecurity

Industry news Enterprise security news Web hacking tools Events

View all infosec industry news

Cybersecurity conferences

A schedule of events in 2022 and beyond

Archive - August 2022

Three-day hackathon uncovers hundreds of bugs in Yahoo search engine tool Vespa 31 August 2022 at 15:30 UTC Command injection vulnerability in GitHub Pages nets bug hunter $4k 31 August 2022 at 14:15 UTC Log4Shell legacy? Patching times plummet for most critical vulnerabilities – report 30 August 2022 at 15:13 UTC Graph-based JavaScript bug scanner discovers more than 100 zero-day vulnerabilities in Node.js libraries 30 August 2022 at 11:13 UTC Critical command injection vulnerability discovered in Bitbucket Server and Data Center 26 August 2022 at 14:03 UTC LastPass flags security incident after attackers stole source code, technical information 26 August 2022 at 10:52 UTC Ethereum Foundation offers $1m bug bounty payouts with proof-of-stake migration multiplier 25 August 2022 at 13:07 UTC Stop, press: Fragmented vendor ecosystem leaves media industry increasingly vulnerable to software supply chain threats 24 August 2022 at 13:27 UTC Security researchers blast ‘ridiculous’ CrowdStrike bug disclosure practices 23 August 2022 at 13:57 UTC GitLab patches critical remote code execution bug 23 August 2022 at 11:01 UTC API security: Broken access controls, injection attacks plague the enterprise security landscape in 2022 19 August 2022 at 12:16 UTC Vulnerability in open source identity management system Free IPA could lead to XXE attacks 18 August 2022 at 15:38 UTC Secure Open Source Rewards program launched to help protect critical upstream software 18 August 2022 at 12:09 UTC Swiss Post relaunches e-voting bug bounty program 17 August 2022 at 14:28 UTC Developers still struggling with security issues during code reviews, study finds 17 August 2022 at 10:46 UTC Legitimate hacking activities under UK law proposed by ‘expert consensus’ 16 August 2022 at 15:38 UTC Multiple cloud vendors impacted by PostgreSQL vulnerability that exposed enterprise databases 16 August 2022 at 12:40 UTC Germany to mandate minimum security standards for web browsers in government 15 August 2022 at 14:18 UTC Healthcare provider Novant issues data breach warning after site tracking pixels sent patients’ information to Meta servers 15 August 2022 at 12:31 UTC IT industry guilty of ‘lack of imagination’ in failure to anticipate cyber-attack evolution 12 August 2022 at 15:13 UTC BHUSA: Make sure your security bug bounty program doesn’t create a data leak of its own 12 August 2022 at 14:02 UTC GoTestWAF adds API attack testing via OpenAPI support 12 August 2022 at 12:29 UTC Black Hat USA: Pen testing tool that aims to ‘keep the fun in hacking’ unveiled 12 August 2022 at 09:58 UTC Browser-powered desync: New class of HTTP request smuggling attacks showcased at Black Hat USA 11 August 2022 at 16:21 UTC ReNgine upgrade: New subscan feature, PDF reports, expanded toolbox showcased at Black Hat USA 11 August 2022 at 15:35 UTC Black Hat USA: Deliberately vulnerable AWS, Azure cloud infrastructure is a pen tester’s playground 11 August 2022 at 13:10 UTC Black Hat USA: Log4j de-obfuscator Ox4Shell ‘dramatically’ reduces analysis time 11 August 2022 at 10:02 UTC Black Hat USA: Ex-CISA director Chris Krebs urges orgs to bolster infrastructure amid Taiwan tensions 10 August 2022 at 21:05 UTC Cisco router flaw gives patient attackers full access to small business networks 10 August 2022 at 12:52 UTC Microsoft Edge deepens defenses against malicious websites with enhanced security mode 09 August 2022 at 16:31 UTC Simple IDOR vulnerability in Reddit allowed mischief-makers to perform mod actions 09 August 2022 at 12:55 UTC The best Black Hat and DEF CON talks of all time 08 August 2022 at 13:38 UTC XSS in Gmail’s AMP For Email earns researcher $5,000 05 August 2022 at 15:59 UTC High-impact vulnerability in DrayTek routers leaves thousands of SMEs open to exploitation 05 August 2022 at 14:15 UTC Authentication bypass bug in Nextauth.js could allow email account takeover 05 August 2022 at 12:25 UTC Chromium site isolation bypass allows wide range of attacks on browsers 04 August 2022 at 14:00 UTC ParseThru: HTTP parameter smuggling flaw uncovered in several Go applications 04 August 2022 at 10:55 UTC Swiss government announces upcoming launch of federal bug bounty program 03 August 2022 at 15:30 UTC Jenkins security: Unpatched XSS, CSRF bugs included in latest plugin advisory 03 August 2022 at 13:52 UTC Trio of XSS bugs in open source web apps could lead to complete system compromise 02 August 2022 at 15:19 UTC ‘You get respect for owning what happened’ – SolarWinds’ CISO on the legacy and lessons of Sunburst 01 August 2022 at 15:36 UTC CompleteFTP path traversal flaw allowed attackers to delete server files 01 August 2022 at 13:14 UTC