Source
PortSwigger
Web security flaw in Sophos Firewall patched
Code injection vulnerability harnessed in attacks on south Asia
Attackers abuse web security flaw in Sophos Firewall
Vendor patches code injection vulnerability harnessed in attacks on south Asia
Java template framework Pebble vulnerable to command injection
Issue still yet to be patched, but workarounds are available
Netlify vulnerable to XSS, SSRF attacks via cache poisoning
Issue has since been fixed
CI/CD servers readily breached by abusing SCM webhooks, researchers find
Webhook, line, and sinker
#AttachMe Oracle cloud bug exposed volumes to data theft, hijack
Vulnerability could have been used to bypass cloud isolation protection
Tarfile path traversal bug from 2007 still present in 350k open source repos
Warning added to Python documentation was deemed preferable to a patch
Prototype pollution bug in Chromium bypassed Sanitizer API
Issue highlights the challenges of preventing client-side attacks
Parse Server fixes brute-forcing bug that put sensitive user data at risk
Open source project provides push notification functionality for iOS, macOS, Android, and tvOS
‘Security teams often fight against developers taking control’ of AppSec: Tanya Janca on the drive to DevSecOps adoption
Infosec advocate speaks to The Daily Swig about the benefits of, and barriers to, ‘shifting left’