Meet TruffleHog - a browser extension for finding secret keys in JavaScript code

Researcher discovers 70 web cache poisoning vulnerabilities, nets $40k in bug

Insecure Amazon S3 bucket exposed personal data on 500,000 Ghanaian graduates

Researchers discover Log4j-like flaw in H2 database console

Prosecutors file additional charges against former Uber security chief over 2016

Web skimming attacks on hundreds of real estate websites deployed via cloud

uBlock, I exfiltrate: exploiting ad blockers with CSS

Expired web domains help criminal hackers unlock enterprise defenses

Security done right: Celebrating infosec wins in 2021

Raimund Genes Cup: Trio of near misses ends as PwnThyBytes finally claims CTF

Bug Bounty Radar // The latest bug bounty programs for January 2022

Ukraine hosts large-scale simulation of cyber-attack against energy grid

Anti-cheating browser extension fails web security examination

Pip-audit: Google-backed tool probes Python environments for vulnerable packages

Security service that protects from SQLi had critical SQLi vulnerability

Dangerous bug in Chrome’s ‘New Tab’ page bypassed security features

Lessons Learned: A severe vulnerability in the OWASP ModSecurity Core Rule Set

GoDaddy managed WordPress hosting service breach exposed 1.2m user profiles

New differential fuzzing tool reveals novel HTTP request smuggling techniques

Microsoft pushes ahead with controversial ‘buy now, pay later’ feature for Edge

New and improved Linux Random Number Generator ready for testing

Ukrainian police expose international phone-hacking gang

Exploit-as-a-service: Cybercriminals exploring potential of leasing out zero-day

Microsoft unveils ‘Super Duper Secure Mode’ in latest version of Edge

Vulnerabilities in GitHub NPM packages could allow threat actors to publish

Tor Project unveils plans to route device traffic through Tor anonymity network

Microsoft fixes reflected XSS in Exchange Server

Vulnerabilities in NPM allowed threat actors to publish new version of any

Smuggling hidden backdoors into JavaScript with homoglyphs and invisible Unicode characters

NIST unveils draft criteria for ‘seal of approval’ scheme on consumer software

More →