Source
PortSwigger
Critical Citrix ADM vulnerability creates means to reset admin passwords
Improper access control flaw poses DoS-to-RCE hijack risk
Internet scans find 1.6 million secrets leaked by websites
Probe surfaces ‘alarmingly huge’ number of unredacted tokens and keys
Attackers can use ‘Scroll to Text Fragment’ web browser feature to steal data – research
In some scenarios, CSS style specifications can be manipulated to cause browsers to send data to an attacker-controlled server
Reddit patches CSRF vulnerability that forced users to view NSFW content
Mischievous hackers exploiting flaw could subvert ‘not safe for work’ restrictions
RubyGems trials 2FA-by-default in code repo’s latest security effort
Move intended to help prevent Ruby packages from being used in supply chain attacks
Ransomware attack on Montrose Environmental Group disrupts lab testing services
Some lab results will be delayed, company warns
Business email platform Zimbra patches memcached injection flaw that imperils user credentials
Attackers could also potentially gain access to various internal services, researcher warns
Dark web awash with breached credentials, study finds
Many consumers still relying on easy-to-crack passwords, warns Digital Shadows
Security researcher receives legal threat over patched Powertek data center vulnerabilities
Vendor threatened legal action following disclosure and fixes being issued, bug hunter claims