About

Latest cybersecurity industry news

Industry news isn’t always just about mergers and acquisitions.

Infosec industry news often takes the form of cyber-attacks on web security companies, policy changes at bug bounty platforms, or other announcements from organizations within the trade.

It can also include interviews with leading figures, comment from thought leaders, and more.

Whether you’re looking for behind the scenes reports from the biggest security conferences or the latest on what’s happening in the infosec social media space, keep up to date with the cybersecurity industry with The Daily Swig.


Bug Bounty Radar

The latest bug bounty programs for March 202328 February 2023Bug Bounty RadarThe latest bug bounty programs for March 2023

Password managers part II

A rough guide to enterprise secret platforms27 February 2023Password managers part IIA rough guide to enterprise secret platforms

Deserialized web security roundup

Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption24 February 2023Deserialized web security roundupTwitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption

NIST plots biggest ever reform of Cybersecurity Framework

23 February 2023NIST plots biggest ever reform of Cybersecurity FrameworkCSF 2.0 blueprint offered up for public review

CVSS vulnerability scoring system ‘too simplistic’

Weaknesses in existing metrics highlighted through new research21 February 2023CVSS vulnerability scoring system ‘too simplistic’Weaknesses in existing metrics highlighted through new research

Safe harbor

Belgium launches national protection mechanism for ethical hackers15 February 2023Safe harborBelgium launches national protection mechanism for ethical hackers

Password manager security

Which is the right option for me?14 February 2023Password manager securityWhich is the right option for me?

Deserialized roundup

KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack10 February 2023Deserialized roundupKeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack

Top web hacking techniques

Frans Rosén crowned for OAuth ‘masterclass’10 February 2023Top web hacking techniquesFrans Rosén crowned for OAuth ‘masterclass’

‘We need urgency’

Second Computer Misuse Act consultation marks ‘little progress’08 February 2023‘We need urgency’Second Computer Misuse Act consultation marks ‘little progress’

Magic quadrant

DOM XSS vulnerability in Gartner Peer Insights widget patched08 February 2023Magic quadrantDOM XSS vulnerability in Gartner Peer Insights widget patched

Toyota seals backdoor

Calamity averted as carmaker secures supplier platform07 February 2023Toyota seals backdoor Calamity averted as carmaker secures supplier platform

Google engineers plot to mitigate prototype pollution

06 February 2023Google engineers plot to mitigate prototype pollutionPlan to create boundary between JavaScript objects and their blueprints gathers momentum

XSS Hunter tool is resurrected with new features

02 February 2023XSS Hunter tool is resurrected with new featuresPopular hacking aid now available with CORS misconfig detection function following end-of-life announcement

Researcher drops Lexmark RCE zero-day rather than sell ‘for peanuts’

01 February 2023Researcher drops Lexmark RCE zero-day rather than sell ‘for peanuts’Printer exploit chain could be weaponized to fully compromise more than 100 models

Bug Bounty Radar

The latest bug bounty programs for February 202331 January 2023Bug Bounty RadarThe latest bug bounty programs for February 2023

Tell us what you think

The Daily Swig reader survey 202329 January 2023Tell us what you thinkThe Daily Swig reader survey 2023

Deserialized web security roundup

‘Catastrophic cyber events’, another T-Mobile breach, more LastPass problems27 January 2023Deserialized web security roundup‘Catastrophic cyber events’, another T-Mobile breach, more LastPass problems

Trellix automates tackling open source flaws at scale

26 January 2023Trellix automates tackling open source flaws at scaleMore than 61,000 vulnerabilities patched and counting

IoT vendors faulted for slow progress in vulnerability disclosure process

24 January 2023IoT vendors faulted for slow progress in vulnerability disclosure processManufacturer complacency ‘translates into an unacceptable risk for consumers’, warns security expert

Popular password managers auto-filled credentials on untrusted websites

20 January 2023Popular password managers auto-filled credentials on untrusted websitesDashlane, Bitwarden, and Safari all cited by Google researchers

Squaring the CircleCI

DevOps platform publishes post-mortem on recent breach16 January 2023Squaring the CircleCIDevOps platform publishes post-mortem on recent breach

Deserialized web security roundup

Slack, Okta breaches, lax US government passwords report, and more 13 January 2023Deserialized web security roundupSlack, Okta breaches, lax US government passwords report, and more

It's a kind of magick

New tool protects against vulnerabilities in popular file converter ImageMagick12 January 2023It's a kind of magickNew tool protects against vulnerabilities in popular file converter ImageMagick

Threema disputes crypto flaws disclosure, prompts security flap

11 January 2023Threema disputes crypto flaws disclosure, prompts security flap‘Condescending’ response to vulnerability disclosure angers infosec community

Prototype pollution-like bug variant discovered in Python

10 January 2023Prototype pollution-like bug variant discovered in Python‘Class pollution’ flaw similar to dangerous vulnerability type found in JavaScript and similar languages

Devs urged to rotate secrets after CircleCI suffers breach

05 January 2023Devs urged to rotate secrets after CircleCI suffers breachDevOps platform advises customers to revoke API tokens

Car companies massively exposed to web vulnerabilities

04 January 2023Car companies massively exposed to web vulnerabilitiesGrand hack auto

Bug Bounty Radar //

The latest bug bounty programs for January 202330 December 2022Bug Bounty Radar //The latest bug bounty programs for January 2023

Security done right

The infosec industry wins of 202230 December 2022Security done rightThe infosec industry wins of 2022

Stupid security 2022

This year’s infosec fails29 December 2022Stupid security 2022This year’s infosec fails

Finding the next Log4j

OpenSSF’s Brian Behlendorf champions ‘risk-centered’ OS development23 December 2022Finding the next Log4jOpenSSF’s Brian Behlendorf champions ‘risk-centered’ OS development

Lean, green coding machine

How sustainable computing drive can reduce attack surfaces22 December 2022Lean, green coding machineHow sustainable computing drive can reduce attack surfaces

How to become a penetration tester: Part 2

‘Mr Hacking’ John Jackson on the virtue of ‘endless curiosity’ for aspiring pen testers20 December 2022How to become a penetration tester: Part 2‘Mr Hacking’ John Jackson on the virtue of ‘endless curiosity’ for aspiring pen testers

Deserialized web security roundup

Fortinet, Citrix bugs; another Uber breach; hacking NFTs at Black Hat16 December 2022Deserialized web security roundupFortinet, Citrix bugs; another Uber breach; hacking NFTs at Black Hat

Cloud flaws brought to the fore as bug bounty vulnerabilities hit 65k in 2022

13 December 2022Cloud flaws brought to the fore as bug bounty vulnerabilities hit 65k in 2022Impact of cloud migration and shift to remote work evident in new report

Black Hat Europe redux

The top web hacking talks for 202212 December 2022Black Hat Europe reduxThe top web hacking talks for 2022

Black Hat Europe 2022

Hacking tools showcased at annual security conference12 December 2022Black Hat Europe 2022Hacking tools showcased at annual security conference

Black Hat Europe 2022

A defendable internet is possible, but only with industry makeover07 December 2022Black Hat Europe 2022A defendable internet is possible, but only with industry makeover