Source
PortSwigger
Prototype pollution vulnerabilities rife among high-traffic websites, study finds
Technique is exploitable at scale because it’s so overlooked, speculate researchers
Malicious hackers are exploiting known vulnerabilities because organizations aren’t quick enough to patch – report
Cybercriminals are scanning Shodan for easy marks
US retailer Neiman Marcus notifies 4.6 million customers of data breach
Department store chain forces password reset after discovering 2020 incident last month
Bug Bounty Radar // The latest bug bounty programs for October 2021
New web targets for the discerning hacker
Latest web hacking tools – Q4 2021
We take a look at the latest additions to security researchers’ armoury
RCE vulnerabilities in open source software Cachet could put users at risk
Patches released for status page management system flaws
Navistar confirms data breach involved employee healthcare information
US truck manufacturer breaks bad news to employees and retired workers
What does the future hold for browser security? Check out the latest features destined for mobile and desktop
A rundown of leading web browsers’ privacy and security features – both in place and in the pipeline
WordPress security: CookieYes GDPR plugin patches XSS bug following large-scale PHP audit
Researchers claim five plugins use extract() function insecurely – but some maintainers disagree
Mission accomplished: Security plugin HTTPS Everywhere to be deprecated in 2022
Browser extension can be retired as push to encrypt the web is almost complete, says EFF