Source
PortSwigger
Trellix automates tackling open source vulnerabilities at scale
More than 61,000 vulnerabilities patched and counting
Yellowfin tackles auth bypass bug trio that opened door to RCE
Pre- and post-auth path to pwnage
Bitwarden responds to encryption design flaw criticism
Password vault vendor accused of making a hash of encryption
IoT vendors faulted for slow progress in setting up vulnerability disclosure programs
Manufacturer complacency ‘translates into an unacceptable risk for consumers’, warns security expert
AWS patches bypass bug in CloudTrail API monitoring tool
Threat actors poking around AWS environments and API calls could stay under the radar
Tell us what you think: The Daily Swig reader survey 2023
Have your say to be in with the chance to win Burp Suite swag…
Git security audit reveals critical overflow bugs
Uncovered vulnerabilities include several high, medium, and low-security issues
Popular password managers auto-filled credentials on untrusted websites
Dashlane, Bitwarden, and Safari all cited by Google researchers
Google pays hacker duo $22k in bug bounties for flaws in multiple cloud projects
Six payouts issued for bugs uncovered in Theia, Vertex AI, Compute Engine, and Cloud Workstations
WAGO fixes config export flaw threatening data leak from industrial devices
Severity somewhat blunted by reboot-related caveat