Source
PortSwigger
Million-dollar bug bounties: The rise of record-breaking payouts
As seven-figure vulnerability rewards continue to hit headlines, what is driving bug bounty inflation?
How to become a penetration tester: Part 1 – your path into offensive security testing
Fancy a career in what one practitioner described as the ‘best job in the world’? Read on to find out how…
ConnectWise closes XSS vector for remote hijack scams
Researchers also applaud abandonment of customization feature abused by scammers
Vulnerability in AWS AppSync allowed unauthorized access to cloud resources
Attackers could gain full control of a cloud-hosted database
Ibexa DXP patched for GraphQL password hash leak vulnerability
Organizations advised to mandate password resets out of caution
HackerOne encourages customers to adopt standard policy to protect hackers from legal problems
‘Short, broad, easily-understood safe harbor statement’ offered
Google Roulette: Developer console trick can trigger XSS in Chromium browsers
A case study on the complexity of browser security
F5 fixes high severity RCE bug in BIG-IP, BIG-IQ devices
Widespread exploitation deemed ‘unlikely’ given hurdles
Zendesk Explore flaws opened the door to account pillage
Patched SQLi and logical access vulnerabilities posed serious risk