In Q1 2022, Spring4Shell and Veeam RCE exploits were at the top of the list. Access control weaknesses are now connected to high-severity CVEs,…
API security
GETTR user details and email Ids leaked by API security snafu
A programmer has released non-public data from GETTR, another online media platform dispatched by individuals from Donald Trump’s group recently. The information was gathered…
Sourcegraph Falls Victim to Security Breach Through Exposed Admin Token
This week, Sourcegraph, the AI-driven coding platform, disclosed a security breach incident involving unauthorized access to their website. On August 28th, an attacker exploited…
Apple Rolls Out Urgent Security Update to Counter Actively Exploited Zero-Day Flaw
Apple recently launched a crucial round of Rapid Security Response (RSR) updates to mitigate a new zero-day flaw exploited in attacks and impacted fully-patched…
CloudSEK claims another cybersecurity firm hacked it
According to Indian cybersecurity company CloudSEK, a threat actor used passwords for one of its staff’ Jira accounts to access its Confluence server. While…
The NPM Registry API may be subject to a new timing attack that exposes private packages.
Developers may be exposed to supply chain risks as a result of novel timing attacks uncovered against the registry API of the npm package…
Chromium’s prototype pollution bug disregarded the Sanitizer API
The problem illustrates difficulties in blocking client-side assaults. An attack-bypassing Sanitizer API, a built-in browser library for eliminating potentially harmful code from user-controlled input…
Beware Of Internal Infrastructure Security Breaches, A Recent attack At Softaculous
About Softaculous Softaculous is fluent in the end-users’ language. They have made it simple for non-English speaking users to search, install Web Applications, and…
GoTestWAF Expands API Attack Testing With Support For OpenAPI
Attendees at Black Hat USA have learned that the popular open-source hacking tool GoTestWAF has developed into the first utility of its kind to…
More Than 3,200 Apps Leak Twitter API Keys, Some of Which Enable Account Takeover
Researchers in cybersecurity have found 3,207 mobile apps that expose Twitter API keys to the public, potentially allowing a threat actor to hijack users’…