Mozilla debuts Site Isolation technology with Firefox update

Google, Mozilla Close to Finalizing Sanitizer API for Chrome and Firefox Browse

OPPA: Ohio could become the third US state to enact a new consumer privacy law

Popular NPM package UA-Parser-JS poisoned with cryptomining, password-stealing

WordPress plugin vulnerability opened up one million sites to remote takeover

Japanese punctuation exacerbates privacy flaw that leaks one-word search terms

Slack contains an XSLeak vulnerability that de-anonymizes users

Node.js sandboxes are open to prototype pollution

Hong Kong’s anti-doxxing law comes into force despite human rights criticism

Prototype pollution vulnerabilities rife among high-traffic websites, study finds

Node.js was vulnerable to a novel HTTP request smuggling technique

Missouri governor criticized for confusing vulnerability disclosure with

Unresolved GitHub Actions flaw allows code to be approved without review

Let’s Encrypt root cert update catches out many big-name tech firms

Developers fix multitude of vulnerabilities in Apache HTTP Server

Hunting nonce-based CSP bypasses with dynamic analysis

HAProxy vulnerability enables HTTP request smuggling attacks

VPN users unmasked by zero-day vulnerability in Virgin Media routers

Navistar confirms data breach involved employee healthcare information

Mission accomplished: Security plugin HTTPS Everywhere to be deprecated in 2022

WordPress security: CookieYes GDPR plugin patches XSS bug following large-scale

Zero-click RCE vulnerability in Hikvision security cameras could lead to network

Fraudster handed 11-year prison term for role in North Korean cybercrime

Alaska Department of Health reveals data breach potentially exposing residents’

Jenkins project succumbs to ‘mass exploitation’ of critical Atlassian Confluence

Spook.js – New side-channel attack can bypass Google Chrome’s protections

OWASP shakes up web app threat categories with release of draft Top 10

HTTP/2: The Sequel is Always Worse

Data of three million elderly citizens exposed in cloud security oversight

Deserialization bug in TensorFlow machine learning framework allowed arbitrary

More →