Source
PortSwigger
Singaporean cybersecurity agency launches certification scheme for businesses
Program comprises separate security marks aimed at SMEs and enterprises
Supply chain flaws in PHP package manager PEAR lay undiscovered for 15 years
PEAR was ripe for exploitation via cryptographic flaw and bug in outdated dependency
Trezor cryptocurrency wallets targeted with phishing attacks following Mailchimp compromise
Company claims false data breach emails were spread via newsletters
Cisco software update blocks exploit chain in network management software
Patches released for Nexus Dashboard Fabric Controller vulnerabilities
Bug Bounty Radar // The latest bug bounty programs for April 2022
New web targets for the discerning hacker
GitLab addresses critical account hijack bug
Monthly release also addresses pair of stored XSS flaws
PHP bug allows attackers to bypass domain filters, stage DoS attacks against servers
Filter bypass flaw is triggered only on very large user input, which puts restrictions on its exploitability
Latest web hacking tools – Q2 2022
We take a look at the latest additions to security researchers’ armory
Spring4Shell: Spring users face new, zero-day vulnerability
Both security bugs are now reportedly being exploited in the wild
Critical SQL injection flaw fixed in Rapid7’s Nexpose vulnerability scanner
Attacks could be mounted via manipulation of query operators in search criteria