Source
PortSwigger
Atlassian patches full-read SSRF in Jira
Severity of authenticated flaw heightened by abuse of Jira Service Desk signup facility
High severity OpenSSL bug could lead to remote code execution
Fixes are available, update now
Spring Data MongoDB hit by another critical SpEL injection flaw
Bug mirrors recent SpEL injection vulnerability that emerged alongside ‘SpringShell’ issue
CWE Top 25: These are the most dangerous software weaknesses of 2022
CISA and MITRE’s latest CWE shakeup reveals the most severe threats impacting enterprise software today
HackerOne employee stole data from bug bounty reports for financial gain
Vulnerability disclosure platform shares details of incident
‘Does anybody like CAPTCHAs?’ – Cloudflare CTO John Graham-Cumming envisages a frictionless future for website Turing tests
British software engineer also talks HTTP/3, zero trust, and lava lamp-powered cryptography
Australia’s Monash University launches public bug bounty program
Education institution will pay up to $2,500 for valid vulnerabilities
US eye clinic suffers data breach impacting 92,000 patients
Mattax Neu Prater Eye Center said customer data was involved in third-party cyber-attack
Gitlab patches critical RCE bug in latest security release
Users are urged to update to the latest version
Cyber Europe 2022: EU completes large-scale cyber war game exercise
Incident response and inter-agency capabilities road-tested