Deserialized web security roundup: KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack

Welcome to your biweekly summary of application security vulnerabilities, emerging hacking techniques, and the latest news in cybersecurity. KeePass has recently found itself defending its integrity following allegations of a security vulnerability. Security researchers have signaled that a potential flaw could enable a trigger that exports all data from the KeePass database in clear text,…

Read More

Remote code execution flaw patched in Apache Kafka

Charlie Osborne 15 February 2023 at 14:01 UTC Updated: 17 February 2023 at 11:07 UTC New vulnerabilities identified in Kafka Connect can lead to remote code execution (RCE) and potential denial-of-service attacks. UPDATED: The Apache Software Foundation (ASF) has patched a critical vulnerability allowing for exploitation via Kafka Connect. First disclosed on February 8, this…

Read More

HTTP request smuggling bug patched in HAProxy

Exploitation of this bug can allow attackers to gain access to backend servers. HAProxy, a widely used open source load balancer and reverse proxy, has addressed a critical vulnerability that permitted attackers to execute HTTP request smuggling attacks. Through the submission of specially crafted HTTP requests, an attacker could potentially sidestep HAProxy’s protective filters, allowing…

Read More
Back To Top