SAML roulette: the hacker always wins
Introduction In this post, we’ll show precisely how to chain round-trip attacks and namespace confusion to achieve unauthenticated admin access on GitLab Ent...
Aggregating 7641 articles from trusted cybersecurity sources
Introduction In this post, we’ll show precisely how to chain round-trip attacks and namespace confusion to achieve unauthenticated admin access on GitLab Ent...
Mozilla remains committed to fostering a secure, agile, and transparent Web PKI ecosystem. The new Mozilla Root Store Policy (MRSP) v3.
Have you ever wondered how many vulnerabilities you've missed by a hair's breadth, due to a single flawed choice?
Welcome to the Top 10 Web Hacking Techniques of 2024, the 18th edition of our annual community-powered effort to identify the most innovative must-read web s...
Unicode codepoint truncation - also called a Unicode overflow attack - happens when a server tries to store a Unicode character in a single byte.
In this post, I will introduce the "cookie sandwich" technique which lets you bypass the HttpOnly flag on certain servers.
Nominations are now open for the top 10 new web hacking techniques of 2024!
HTTP cookies often control critical website features, but their long and convoluted history exposes them to parser discrepancy vulnerabilities.
The strength of our URL Validation Bypass Cheat Sheet lies in the contributions from the web security community, and today’s update is no exception.
Last year Johan Carlsson discovered you could conceal payloads inside the credentials part of the URL .
At Mozilla, browser security is a critical mission, and part of that mission involves responding swiftly to new threats. Tuesday, around 8 AM Eastern time, w...
URL validation bypasses are the root cause of numerous vulnerabilities including many instances of SSRF, CORS misconfiguration, and open redirection.
In this Help Net Security video, Chris Boehm, Field CTO, Zero Networks, breaks down how a vendor breach can become your breach. He explains that attackers no...
The "Breach at the Beach" CTF, created by Varonis researchers Doron Kapah and Mark Vaitsman, simulates attacks within Entra ID, focusing on how threat actors...
The compromised data includes customer salutations, first and last names, phone numbers, email addresses, dates of birth, and customer numbers.
The breach was discovered after mass emails were sent from legitimate AFA domains, claiming Argentina "stole" the win from Egypt.
Lidl disclosed a third-party data breach affecting online shop customers in Germany, Belgium, and the Netherlands. Payment data was not exposed.
Following the breach of several of her Telegram channels, controversial Russian journalist Ksenia Sobchak claimed published screenshots of her correspondence...
German discount supermarket chain Lidl has notified customers in Germany, Belgium, and the Netherlands that customer data was stolen after attackers breached...
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a data leak in which a contractor published dozens of internal CISA cr...
Here are five steps defenders can take in the wake of the Canvas breach.
German discount supermarket chain Lidl notified customers in Germany, Belgium, and the Netherlands that attackers stole their personal information in a breac...
Learn how attackers abuse Entra ID through a free hands-on Capture the Flag. Varonis created the Breach at the Beach CTF to teach defenders how to investigat...
For the latest discoveries in cyber research for the week of 13th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES U.