Source
PortSwigger
Mastodon users vulnerable to password-stealing attacks
Patched bug could have leaked credentials
All Day DevOps: Third of Log4j downloads still pull vulnerable version despite threat of supply chain attacks
AppSec engineer keynote says Log4j revealed lessons were not learned from the Equifax breach
Prototype pollution project yields another Parse Server RCE
Bug emerges from ambition to find ‘end-to-end exploits beyond DoS’
CSRF in Plesk API enabled privilege escalation
Bugs in programming interfaces of web hosting admin tool patched
CSRF in Plesk API enabled server takeover
Bugs in programming interfaces of web hosting admin tool patched
Google Pixel screen-lock hack earns researcher $70k
Android security pwned by PUK reset trick
CSS injection flaw patched in Acronis cloud management console
CSRF attacks could be triggered to access and exfiltrate information
Passport-SAML auth bypass triggers fix of critical, upstream XMLDOM bug
Rapid remedy follows reawakening of long-dormant bug threat
Prototype pollution bug exposed Ember.js applications to XSS
Unsanitized user input risk spotted in JavaScript framework
Boffins rekindle one-time program cryptographic concept
Authentication idea advanced but not yet fulfilled