About

Archive - September 2022

Bug Bounty Radar // The latest bug bounty programs for October 2022 30 September 2022 at 16:06 UTC Patching common vulnerabilities at scale: project promises bulk pull requests 29 September 2022 at 13:46 UTC Vulnerability in Apache Pulsar allowed manipulator-in-the-middle attacks 28 September 2022 at 15:30 UTC Rancher stored sensitive values in plaintext, exposed Kubernetes clusters to takeover 28 September 2022 at 14:08 UTC Web security flaw in Sophos Firewall patched 26 September 2022 at 14:02 UTC Java template framework Pebble vulnerable to command injection 26 September 2022 at 13:06 UTC Netlify vulnerable to XSS, SSRF attacks via cache poisoning 23 September 2022 at 16:01 UTC CI/CD servers readily breached by abusing  SCM webhooks, researchers find 23 September 2022 at 13:57 UTC #AttachMe Oracle cloud bug exposed volumes to data theft, hijack 23 September 2022 at 09:45 UTC Tarfile path traversal bug from 2007 still present in 350k open source repos 22 September 2022 at 15:39 UTC Prototype pollution bug in Chromium bypassed Sanitizer API 21 September 2022 at 10:45 UTC Parse Server fixes brute-forcing bug that put sensitive user data at risk 20 September 2022 at 14:57 UTC ‘Security teams often fight against developers taking control’ of AppSec: Tanya Janca on the drive to DevSecOps adoption 19 September 2022 at 15:12 UTC NETGEAR resolves router vulnerabilities in bundled gaming component 16 September 2022 at 16:10 UTC Uber hack linked to hardcoded secrets spotted in PowerShell script 16 September 2022 at 15:26 UTC Open source CMS TYPO3 tackles XSS vulnerability 15 September 2022 at 15:48 UTC WAPPLES web application firewall faulted for multiple flaws 15 September 2022 at 14:43 UTC Let’s Encrypt builds infrastructure to support browser-based certificate revocation revival 13 September 2022 at 14:39 UTC Vulnerability in Xalan-J could allow arbitrary code execution 12 September 2022 at 14:46 UTC WordPress project WPHash harvests 75 million hashes for detecting vulnerable plugins 12 September 2022 at 11:04 UTC Six-year-old blind SSRF vulnerability in WordPress Core feature could enable DDoS attacks 09 September 2022 at 15:23 UTC ManageEngine vulnerability posed code injection risk for password management software 09 September 2022 at 12:46 UTC Vendor disputes seriousness of firewall plugin RCE flaw 08 September 2022 at 16:48 UTC WordPress warning: 140k BackupBuddy installations on alert over file-read exploitation 08 September 2022 at 13:57 UTC A rough guide to launching a career in cybersecurity 07 September 2022 at 13:59 UTC Bug Bounty Radar // The latest bug bounty programs for September 2022 02 September 2022 at 16:16 UTC CSRF flaw in csurf NPM package aimed at protecting against the same flaws 02 September 2022 at 15:11 UTC WatchGuard firewall exploit threatens appliance takeover 01 September 2022 at 13:08 UTC