Source
PortSwigger
Devs urged to rotate secrets after CircleCI suffers security breach
DevOps platform advises customers to revoke API tokens
Car companies massively exposed to web vulnerabilities
Grand hack auto
Tell us what you think: The Daily Swig reader survey 2023
Have your say to be in with the chance to win Burp Suite swag…
Bug Bounty Radar // The latest bug bounty programs for January 2023
New web targets for the discerning hacker
Security done right – infosec wins of 2022
The toasts, triumphs, and biggest security wins of the year
Stupid security 2022 – this year’s infosec fails
Epic web security fails and salutary lessons from another inevitably eventful year in infosec
Finding the next Log4j – OpenSSF’s Brian Behlendorf on pivoting to a ‘risk-centred view’ of open source development
Apache pioneer says ‘use at your own risk’ model no longer tenable as OpenSSF ramps up end user engagement
Lean, green coding machine: How sustainable computing drive can reduce attack surfaces
Less is often more when it comes to both infosec and eco-friendly computing practices
Zoom Whiteboard patches XSS bug
Video conferencing platform fixes cross-site scripting vulnerability
Password theft bug chain patched in Passwordstate credential manager
Flaws could be combined to grab passwords in cleartext