We’re going teetotal: It’s goodbye to The Daily Swig
PortSwigger today announces that The Daily Swig is closing down
The Daily Swig | Cybersecurity news and views
Bug Bounty Radar // The latest bug bounty programs for March 2023
New web targets for the discerning hacker
Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
Armed with personal data fragments, a researcher could also access 185 million citizens’ PII
Password managers: A rough guide to enterprise secret platforms
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more
Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed
Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review
Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies
CVSS system criticized for failure to address real-world impact
JFrog argues vulnerability risk metrics need complete revamp
‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a neglected attack vector
API security is a ‘great gateway’ into a pen testing career, advises specialist in the field
HTTP request smuggling bug patched in HAProxy
Exploitation could enable attackers to access backend servers
Belgium launches nationwide safe harbor for ethical hackers
New legal protections for security researchers could be the strongest of any EU country
Remote code execution flaw patched in Apache Kafka
Possible RCE and denial-of-service issue discovered in Kafka Connect
Password manager security: Which is the right option for me?
The first guide of our two-part series helps consumers choose the best way to manage their login credentials
Deserialized web security roundup: KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
OAuth ‘masterclass’ crowned top web hacking technique of 2022
Single sign-on and request smuggling to the fore in another stellar year for web security research
Radio silence from DMS vendor quartet over XSS zero-days
No response or patch yet forthcoming from providers of vulnerable document management systems
New XSS Hunter host Truffle Security faces privacy backlash
Anonymized numbers of bug discoveries swiftly deleted after pushback
Second UK Computer Misuse Act consultation reflects ‘very little progress’
Campaigner bemoans glacial progress of review and urges government to set clear timetable
DOM XSS vulnerability in Gartner Peer Insights widget patched
Web attack vector closed after failed fix
Keeping you up to date with the latest cybersecurity news from around the world.