About The Daily Swig

Latest threats Bug bounty For devs Deep dives More About

Web security vulnerabilities Network security vulnerabilities Cloud security Zero-day news Supply chain attacks

View all web security news

Prototype pollution

Prototype pollution project yields another Parse Server RCE

Bug bounty news VDPs Bug Bounty Radar

View all bug bounty news

Bug Bounty Radar

The latest programs for February 2023

DevSecOps Security best practices Dev stack tech

View all dev related news

All Day DevOps

AppSec engineer keynote says Log4j revealed lessons were not learned from the Equifax breach

Deep dives Interviews

View all of the latest features

Infosec beginner?

A rough guide to launching a career in cybersecurity

Industry news Enterprise security news Web hacking tools Events

View all infosec industry news

Cybersecurity conferences

A schedule of events in 2022 and beyond

John Leyden, Journalist

@jleyden

John Leyden has written about networking and security for more than 20 years. Prior to the advent of the interwebs he worked as a crime reporter at a local newspaper in Manchester. John holds a degree in electronic engineering from City University, London.

Get in touch

Bug Bounty Radar // The latest bug bounty programs for March 202328 February 2023 at 19:15 UTC Cisco ClamAV anti-malware scanner vulnerable to serious security flaw22 February 2023 at 14:23 UTC Deserialized web security roundup: KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack10 February 2023 at 16:30 UTC Google engineers plot to mitigate prototype pollution06 February 2023 at 15:57 UTC Bitwarden responds to encryption design flaw criticism25 January 2023 at 15:47 UTC IoT vendors faulted for slow progress in setting up vulnerability disclosure programs24 January 2023 at 13:22 UTC Popular password managers auto-filled credentials on untrusted websites20 January 2023 at 12:09 UTC Squaring the CircleCI: DevOps platform publishes post-mortem on recent breach16 January 2023 at 16:07 UTC Threema disputes crypto flaws disclosure, prompts security flap11 January 2023 at 15:41 UTC Devs urged to rotate secrets after CircleCI suffers security breach05 January 2023 at 14:38 UTC Deserialized web security roundup – Fortinet, Citrix bugs; another Uber breach; hacking NFTs at Black Hat 16 December 2022 at 17:43 UTC Black Hat Europe redux: The top web hacking talks for 202212 December 2022 at 17:23 UTC JSON syntax hack allowed SQL injection payloads to be smuggled past WAFs09 December 2022 at 13:17 UTC Black Hat Europe 2022: A defendable internet is possible, but only with industry makeover07 December 2022 at 15:19 UTC Bug Bounty Radar // The latest bug bounty programs for December 202201 December 2022 at 12:39 UTC Intel disputes seriousness of Data Centre Manager authentication flaw29 November 2022 at 16:30 UTC Mastodon vulnerable to multiple system configuration problems22 November 2022 at 15:23 UTC HackerOne encourages customers to adopt standard policy to protect hackers from legal problems17 November 2022 at 15:27 UTC Zendesk Explore flaws opened the door to account pillage15 November 2022 at 16:10 UTC Google Pixel screen-lock hack earns researcher $70k10 November 2022 at 16:14 UTC Boffins rekindle one-time program cryptographic concept04 November 2022 at 14:13 UTC OpenSSL vulnerability downgraded to ‘high’ severity01 November 2022 at 18:54 UTC Upcoming ‘critical’ OpenSSL update prompts feverish speculation28 October 2022 at 14:31 UTC HyperSQL DataBase flaw leaves library vulnerable to RCE24 October 2022 at 14:46 UTC Hidden DNS resolver insecurity creates widespread website hijack risk11 October 2022 at 10:51 UTC Patching common vulnerabilities at scale: project promises bulk pull requests29 September 2022 at 13:46 UTC Web security flaw in Sophos Firewall patched26 September 2022 at 14:02 UTC Uber hack linked to hardcoded secrets spotted in PowerShell script16 September 2022 at 15:26 UTC WAPPLES web application firewall faulted for multiple flaws15 September 2022 at 14:43 UTC Let’s Encrypt builds infrastructure to support browser-based certificate revocation revival13 September 2022 at 14:39 UTC Vendor disputes seriousness of firewall plugin RCE flaw08 September 2022 at 16:48 UTC A rough guide to launching a career in cybersecurity07 September 2022 at 13:59 UTC IT industry guilty of ‘lack of imagination’ in failure to anticipate cyber-attack evolution12 August 2022 at 15:13 UTC The best Black Hat and DEF CON talks of all time08 August 2022 at 13:38 UTC ‘Password extraction risk’ in identity provider Okta disputed19 July 2022 at 15:00 UTC Fantasy Premier League football app introduces 2FA to tackle account takeover hacks15 July 2022 at 14:10 UTC Post-quantum cryptography hits standardization milestone11 July 2022 at 15:02 UTC Untrusted types: Researcher demos trick to beat Trusted Types protection in Google Chrome27 June 2022 at 15:25 UTC One in every 13 incidents blamed on API insecurity – report22 June 2022 at 16:41 UTC Single largest disclosure for vulnerabilities in industrial control security reveals 56 flaws21 June 2022 at 16:30 UTC

Latest Posts