Latest threats Bug bounty For devs Deep dives More About

Web security vulnerabilities Network security vulnerabilities Cloud security Zero-day news Supply chain attacks

View all web security news

Prototype pollution

Prototype pollution project yields another Parse Server RCE

Prototype-pollution

Bug bounty news VDPs Bug Bounty Radar

View all bug bounty news

Bug Bounty Radar

The latest programs for February 2023

DevSecOps Security best practices Dev stack tech

View all dev related news

All Day DevOps

AppSec engineer keynote says Log4j revealed lessons were not learned from the Equifax breach

Deep dives Interviews

View all of the latest features

Infosec beginner?

A rough guide to launching a career in cybersecurity

Industry news Enterprise security news Web hacking tools Events

View all infosec industry news

Cybersecurity conferences

A schedule of events in 2022 and beyond

Latest cyber-attack news

From DDoS assaults to cybersecurity exploits that result in a data breach, cyber-attacks present a growing threat to businesses, governments, and individuals.

Whether they come from so-called hacktivist groups or state-sponsored cyber warfare units, this type of attack is increasingly giving cause for concern.

The Daily Swig provides day-to-day coverage of recent cyber-attacks, arming organizations and users with the information they need to stay protected.

Check out the latest cyber-attack news from around the world below.

Deserialized roundup

KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack10 February 2023Deserialized roundupKeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack

Deserialized web security roundup

‘Catastrophic cyber events’, another T-Mobile breach, more LastPass problems27 January 2023Deserialized web security roundup‘Catastrophic cyber events’, another T-Mobile breach, more LastPass problems

Bitwarden responds to encryption design flaw criticism

25 January 2023Bitwarden responds to encryption design flaw criticismPassword vault vendor accused of making a hash of encryption

Squaring the CircleCI

DevOps platform publishes post-mortem on recent breach16 January 2023Squaring the CircleCIDevOps platform publishes post-mortem on recent breach

Deserialized web security roundup

Slack, Okta breaches, lax US government passwords report, and more 13 January 2023Deserialized web security roundupSlack, Okta breaches, lax US government passwords report, and more

Devs urged to rotate secrets after CircleCI suffers breach

05 January 2023Devs urged to rotate secrets after CircleCI suffers breachDevOps platform advises customers to revoke API tokens

Stupid security 2022

This year’s infosec fails29 December 2022Stupid security 2022This year’s infosec fails

Deserialized web security roundup

Fortinet, Citrix bugs; another Uber breach; hacking NFTs at Black Hat16 December 2022Deserialized web security roundupFortinet, Citrix bugs; another Uber breach; hacking NFTs at Black Hat

Black Hat Europe 2022

A defendable internet is possible, but only with industry makeover07 December 2022Black Hat Europe 2022A defendable internet is possible, but only with industry makeover

Deserialized web security roundup

Algolia API key leak, GitHub CVE reporting, scoring CVSS scores02 December 2022Deserialized web security roundupAlgolia API key leak, GitHub CVE reporting, scoring CVSS scores

All Day DevOps

Third of Log4j downloads still pull vulnerable version despite growing awareness of supply chain attacks14 November 2022All Day DevOpsThird of Log4j downloads still pull vulnerable version despite growing awareness of supply chain attacks

Patch now

Critical authentication bug in Fortinet products actively exploited in the wild25 October 2022Patch nowCritical authentication bug in Fortinet products actively exploited in the wild

Failed Cobalt Strike fix with buried RCE exploit now patched

21 October 2022Failed Cobalt Strike fix with buried RCE exploit now patchedThe fix was developed at a running pace as Cobalt Strike is essential to Red Team operations

Supply chain attack surge

Researchers find 633% rise in assaults on open source repositories18 October 2022Supply chain attack surgeResearchers find 633% rise in assaults on open source repositories

‘Cloud native’ security risks

Research suggests that automation can prevent cloud control plane compromises07 October 2022‘Cloud native’ security risksResearch suggests that automation can prevent cloud control plane compromises

ProxyNotShell

Microsoft confirms ‘limited’ abuse of Exchange Server zero-days 03 October 2022ProxyNotShellMicrosoft confirms ‘limited’ abuse of Exchange Server zero-days

Web security flaw in Sophos Firewall patched

26 September 2022Web security flaw in Sophos Firewall patchedCode injection vulnerability harnessed in attacks on south Asia

Uber hack

Social engineering attack uncovers hardcoded secrets in powershell script16 September 2022Uber hackSocial engineering attack uncovers hardcoded secrets in powershell script

Open source CMS TYPO3 tackles XSS vulnerability

15 September 2022Open source CMS TYPO3 tackles XSS vulnerabilityBug spawned by parsing problem in upstream package

Back in fashion

Let’s Encrypt builds infrastructure to support browser-based certificate revocation revival13 September 2022Back in fashionLet’s Encrypt builds infrastructure to support browser-based certificate revocation revival

WordPress warning

140,000 BackupBuddy installations on alert over file-read exploitation08 September 2022WordPress warning140,000 BackupBuddy installations on alert over file-read exploitation

WatchGuard firewall exploit threatens appliance takeover

01 September 2022WatchGuard firewall exploit threatens appliance takeoverOne-two bug punch leads to ‘worst possible impact’, said researcher

Command injection vulnerability in GitHub Pages nets bug hunter $4k

31 August 2022Command injection vulnerability in GitHub Pages nets bug hunter $4kExploit involved duping developers into exposing repositories with social engineering techniques

Log4Shell legacy?

Patching times plummet for most critical vulnerabilities – report30 August 2022Log4Shell legacy?Patching times plummet for most critical vulnerabilities – report

LastPass flags security incident after attackers stole source code

26 August 2022LastPass flags security incident after attackers stole source codeUsers’ master passwords are safe, thanks to company’s ‘zero knowledge’ architecture

Stop, press

Fragmented vendor ecosystem leaves media industry increasingly vulnerable to software supply chain threats24 August 2022Stop, pressFragmented vendor ecosystem leaves media industry increasingly vulnerable to software supply chain threats

API security

Broken access controls, injection attacks plague the enterprise security landscape in 202219 August 2022API securityBroken access controls, injection attacks plague the enterprise security landscape in 2022

SOS.dev

Security reward program launched to help protect critical upstream software18 August 2022SOS.devSecurity reward program launched to help protect critical upstream software

Legitimate hacking activities under UK law proposed by ‘expert consensus’

16 August 2022Legitimate hacking activities under UK law proposed by ‘expert consensus’Contentious edge case activities are no excuse for further delaying of ‘much overdue’ reform, say campaigners