Latest threats Bug bounty For devs Deep dives More About

Web security vulnerabilities Network security vulnerabilities Cloud security Zero-day news Supply chain attacks

View all web security news

Prototype pollution

Prototype pollution project yields another Parse Server RCE

Prototype-pollution

Bug bounty news VDPs Bug Bounty Radar

View all bug bounty news

Bug Bounty Radar

The latest programs for February 2023

DevSecOps Security best practices Dev stack tech

View all dev related news

All Day DevOps

AppSec engineer keynote says Log4j revealed lessons were not learned from the Equifax breach

Deep dives Interviews

View all of the latest features

Infosec beginner?

A rough guide to launching a career in cybersecurity

Industry news Enterprise security news Web hacking tools Events

View all infosec industry news

Cybersecurity conferences

A schedule of events in 2022 and beyond

Latest server-side request forgery (SSRF) news

Researcher drops Lexmark RCE zero-day rather than sell ‘for peanuts’

01 February 2023Researcher drops Lexmark RCE zero-day rather than sell ‘for peanuts’Printer exploit chain could be weaponized to fully compromise more than 100 models

Bug Bounty Radar

The latest bug bounty programs for February 202331 January 2023Bug Bounty RadarThe latest bug bounty programs for February 2023

Bug bounty bonanza

Google pays hacker duo $22k for flaws in multiple cloud projects19 January 2023Bug bounty bonanza Google pays hacker duo $22k for flaws in multiple cloud projects

Meet teler-waf

Security-focused HTTP middleware for the Go framework09 January 2023Meet teler-wafSecurity-focused HTTP middleware for the Go framework

Safeurl library brings SSRF protection to Go applications

19 December 2022Safeurl library brings SSRF protection to Go applicationsPrizes offered to anyone who can bypass the library and capture the flag

Gatsby patches SSRF, XSS bugs in Cloud Image CDN

03 November 2022Gatsby patches SSRF, XSS bugs in Cloud Image CDNRemediation compared to ‘changing the tires on a car while in motion’

Jira (Mis)Align(ed)

Jira Align flaws enabled malicious users to gain super admin privileges26 October 2022Jira (Mis)Align(ed)Jira Align flaws enabled malicious users to gain super admin privileges

Office Online Server open to SSRF-to-RCE exploit

20 October 2022Office Online Server open to SSRF-to-RCE exploitBehavior functioning as intended, Microsoft reportedly says, and offers mitigation advice instead

Critical flaw in open source WebPageTest remains unpatched

07 October 2022Critical flaw in open source WebPageTest remains unpatchedPublic disclosure, a talk, and a blog post later, the RCE exploit remains unresolved

ProxyNotShell

Microsoft confirms ‘limited’ abuse of Exchange Server zero-days 03 October 2022ProxyNotShellMicrosoft confirms ‘limited’ abuse of Exchange Server zero-days

Nepxion software with Spring Cloud functions fails to patch RCE bug

03 October 2022Nepxion software with Spring Cloud functions fails to patch RCE bugMaintainer of Chinese project closes public issue apparently without issuing a fix

Netlify vulnerable to XSS, SSRF attacks via cache poisoning

23 September 2022Netlify vulnerable to XSS, SSRF attacks via cache poisoningIssue has since been fixed

Blind SSRF bug in WordPress Core could enable DDoS attacks

09 September 2022Blind SSRF bug in WordPress Core could enable DDoS attacksIssue present in pingback requests feature

Introducing ODGen

Graph-based JavaScript bug scanner discovers more than 100 zero-day vulnerabilities in Node.js libraries30 August 2022Introducing ODGenGraph-based JavaScript bug scanner discovers more than 100 zero-day vulnerabilities in Node.js libraries

Pwn stars

The best Black Hat and DEF CON talks of all time08 August 2022Pwn starsThe best Black Hat and DEF CON talks of all time

Bug Bounty Radar

The latest bug bounty programs for August 202229 July 2022Bug Bounty RadarThe latest bug bounty programs for August 2022

Preemptive patches

Open-Xchange issues fixes for RCE, SSRF bugs in OX App Suite27 July 2022Preemptive patchesOpen-Xchange issues fixes for RCE, SSRF bugs in OX App Suite

Silence of the LAM

LDAP Account Manager bug poses unauthenticated RCE risk19 July 2022Silence of the LAMLDAP Account Manager bug poses unauthenticated RCE risk

DevOps disruption

Atlassian patches SSRF in Jira06 July 2022DevOps disruptionAtlassian patches SSRF in Jira

Server-side woes

Serious Snipe-IT bug exploitable to send password reset email traps05 May 2022Server-side woesSerious Snipe-IT bug exploitable to send password reset email traps

Exploit chain allows researchers to compromise Pascom phone systems

09 March 2022Exploit chain allows researchers to compromise Pascom phone systemsCloudy with a chance of exploits

Bug Bounty Radar

The latest bug bounty programs for March 202228 February 2022Bug Bounty RadarThe latest bug bounty programs for March 2022

Visualize this

Grafana flaw opened the door to numerous attacks15 February 2022Visualize thisGrafana flaw opened the door to numerous attacks

Google Drive

Integration errors created SSRF flaws in multiple applications04 February 2022Google DriveIntegration errors created SSRF flaws in multiple applications

Centralized management, centralized risk

PrinterLogic vendor addresses triple RCE threat against all connected endpoints25 January 2022Centralized management, centralized riskPrinterLogic vendor addresses triple RCE threat against all connected endpoints

SSRF vulnerability in VMWare software could allow access to user data

18 January 2022SSRF vulnerability in VMWare software could allow access to user dataPost-authentication bug could enable an attacker to infiltrate a user account

Java RMI services ‘often vulnerable to SSRF attacks’

06 January 2022Java RMI services ‘often vulnerable to SSRF attacks’Trust boundaries breached by security shortcomings

Bug Bounty Radar //

The latest bug bounty programs for January 202231 December 2021Bug Bounty Radar //The latest bug bounty programs for January 2022

HCL Technologies patches serious vulnerabilities in HCL DX

30 December 2021HCL Technologies patches serious vulnerabilities in HCL DXDisclosure process for bugs in HCL DX – formerly WebSphere Portal – initially went awry

Multiple vulnerabilities discovered in Microsoft Teams

22 December 2021Multiple vulnerabilities discovered in Microsoft TeamsOnly one of the issues has so far been patched

Security researcher earns plaudits after discovering Yandex SSRF flaw

20 December 2021Security researcher earns plaudits after discovering Yandex SSRF flawRussian language search engine has secured its backend infrastructure

Enterprise fixes

SAP squashes SQLi, XSS bugs in December patch round16 December 2021Enterprise fixesSAP squashes SQLi, XSS bugs in December patch round

HTTP sinks

SSRF vulnerability patched in Jamf Pro mobile security platform07 December 2021HTTP sinksSSRF vulnerability patched in Jamf Pro mobile security platform

Bug Bounty Radar

The latest bug bounty programs for December 202130 November 2021Bug Bounty Radar The latest bug bounty programs for December 2021

VMware addresses fresh flaws in vCenter Server

24 November 2021VMware addresses fresh flaws in vCenter Server‘Important’ severity flaws both reside in the vSphere Web Client