Adam Bannister27 January 2023 at 16:48 UTC Updated: 27 February 2023 at 15:33 UTC We bring you a comprehensive update on the latest AppSec vulnerabilities, innovative hacking techniques, and key developments in cybersecurity. According to a recent survey by the World Economic Forum (WEF), 93% of cybersecurity experts and 86% of business leaders anticipate that…
Emma Woollacott27 January 2023 at 11:50 UTC Updated: 17 February 2023 at 14:20 UTC A critical security flaw was identified as one of Meta’s most significant vulnerabilities in 2022. Meta has addressed a vulnerability in Facebook that had the potential to allow an attacker to bypass SMS-based two-factor authentication (2FA). The issue, which resulted in…
Emma Woollacott on 27 January 2023 at 11:50 UTC Updated: 17 February 2023 at 14:20 UTC Meta addresses a significant security vulnerability that was marked as one of its major bugs in 2022. Meta has successfully resolved a vulnerability in Facebook that could have potentially allowed attackers to bypass SMS-based two-factor authentication (2FA). This bug,…
Adam Bannister27 January 2023 at 16:48 UTC Updated: 27 February 2023 at 15:33 UTC This is your bi-weekly summary of application security vulnerabilities, emerging hacking methods, and the latest cybersecurity updates. {“According to 93% of cybersecurity professionals and 86% of business leaders surveyed, a significant catastrophic cyber incident is likely within the next two years,”…
Adam Bannister31 January 2023 at 15:13 UTC Updated: 28 February 2023 at 18:00 UTC New opportunities for hackers seeking web vulnerabilities A notable achievement in the bug bounty space includes a bypass of Facebook’s SMS-based two-factor authentication (2FA) which was identified as one of Meta’s significant vulnerabilities in 2022. Initially, the company did not fully…
The widely-used hacking tool has been relaunched with the addition of a new CORS misconfiguration detection feature, following an announcement of its end-of-life. The XSS Hunter tool has now become part of Truffle Security, which has introduced an updated version after the tool’s original creator announced its deprecation scheduled for February. XSS Hunter is recognized…
Renowned hacking resource is now equipped with a CORS misconfiguration detection feature following its end-of-life announcement. XSS Hunter has found a new home at Truffle Security, which has released an updated version of this essential tool after its original creator announced plans to phase it out in February. XSS Hunter is a widely used open-source…
The popular hacking aid has been reintroduced with a new feature for detecting CORS misconfigurations following the announcement of its end-of-life status. The tool known as XSS Hunter is now hosted by Truffle Security, having undergone a significant update after its original creator announced plans to discontinue it earlier this year. XSS Hunter is widely…
The initiative to establish a clear separation between JavaScript objects and their blueprints is gaining traction. Engineers at Google have introduced a plan aimed at addressing prototype pollution, a significant security vulnerability affecting web applications. Prototype pollution is a JavaScript flaw that enables attackers to manipulate objects without direct control over them during runtime. This…
The initiative to establish a clear boundary between JavaScript objects and their prototypes is gaining traction. Software engineers at Google have introduced a proposal aimed at addressing prototype pollution, a vulnerability type that poses significant risks to web security. This issue stems from a flaw in the JavaScript language that enables attackers to manipulate objects…
