In Q1 2022, Spring4Shell and Veeam RCE exploits were at the top of the list. Access control weaknesses are now connected to high-severity CVEs,…
API security
Cybersecurity News
GETTR user details and email Ids leaked by API security snafu
A programmer has released non-public data from GETTR, another online media platform dispatched by individuals from Donald Trump’s group recently. The information was gathered…
security breach
Sourcegraph Falls Victim to Security Breach Through Exposed Admin Token
This week, Sourcegraph, the AI-driven coding platform, disclosed a security breach incident involving unauthorized access to their website. On August 28th, an attacker exploited…
Apple zero-day
Apple Rolls Out Urgent Security Update to Counter Actively Exploited Zero-Day Flaw
Apple recently launched a crucial round of Rapid Security Response (RSR) updates to mitigate a new zero-day flaw exploited in attacks and impacted fully-patched…
cyberattack
CloudSEK claims another cybersecurity firm hacked it
According to Indian cybersecurity company CloudSEK, a threat actor used passwords for one of its staff’ Jira accounts to access its Confluence server. While…
cyberattack
The NPM Registry API may be subject to a new timing attack that exposes private packages.
Developers may be exposed to supply chain risks as a result of novel timing attacks uncovered against the registry API of the npm package…
web app attacks
Chromium’s prototype pollution bug disregarded the Sanitizer API
The problem illustrates difficulties in blocking client-side assaults. An attack-bypassing Sanitizer API, a built-in browser library for eliminating potentially harmful code from user-controlled input…
cybersecurity attacks
Beware Of Internal Infrastructure Security Breaches, A Recent attack At Softaculous
About Softaculous Softaculous is fluent in the end-users’ language. They have made it simple for non-English speaking users to search, install Web Applications, and…
General
GoTestWAF Expands API Attack Testing With Support For OpenAPI
Attendees at Black Hat USA have learned that the popular open-source hacking tool GoTestWAF has developed into the first utility of its kind to…
General
More Than 3,200 Apps Leak Twitter API Keys, Some of Which Enable Account Takeover
Researchers in cybersecurity have found 3,207 mobile apps that expose Twitter API keys to the public, potentially allowing a threat actor to hijack users’…