PortSwigger today announces that The Daily Swig is closing down. … Always on top of the latest web hacking vulnerabilities, Ben Dickson wrote … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw394UibInzEFZLc7hhmoyQd
Security researcher Justin Steven wanted to write-up the technical details of a DOM-based cross-site scripting vulnerability in the Gartner Peer … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2023&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw1v32dAAzLLtxmKwO3ssdw5
Protections against cross-site request forgery could be bypassed. https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/chromium-bug-allowed-samesite-cookie-bypass-on-android-devices&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw2qAnRKvV2do9pKmuXj9u9n
ANALYSIS The US National Institute of Standards and Technology (NIST) is planning significant changes to its Cybersecurity Framework (CSF) – the first … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/nist-plots-biggest-ever-reform-of-cybersecurity-framework&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0ppU7Ot3zudxpqnW5o1ebj
Patch released for bug that poses a critical risk to vulnerable technologies. A recently-patched flaw in the ClamAV anti-malware scanning library … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/cisco-clamav-anti-malware-scanner-vulnerable-to-serious-security-flaw&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3OcMA0X8spyAdKttDTZZfO
JFrog argues vulnerability risk metrics need complete revamp. The CVSS vulnerability scoring system has been criticised for offering an … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/cvss-system-criticized-for-failure-to-address-real-world-impact&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0IgLcKzRtWwnhBg9JAiLak
In an interview with The Daily Swig, Ball explains how the growing use of web APIs requires a change of perspective on how we secure our … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/most-web-api-flaws-are-missed-by-standard-security-tests-corey-j-ball-on-securing-a-neglected-attack-vector&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3SmOIkmWpY9jp_yZlJF20P
The vulnerability is not hard to exploit, but its impact depends on the target web server and how much it relies on HAProxy filters to secure its … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/http-request-smuggling-bug-patched-in-haproxy&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3IGkY5aKDEhmKGxleZKGiN
We’re pleased to announce that Daily Swig Deserialized, a fortnightly roundup of the … and his favourite ever web vulnerability discovery. https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/read-all-about-it-introducing-our-new-newsletter-daily-swig-deserialized&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3116F5wOAvTiTH4WE3P-M1
Apache has resolved a vulnerability potentially exploitable to launch remote code execution (RCE) attacks using Kafka Connect. https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/remote-code-execution-flaw-patched-in-apache-kafka&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw1AzVFdpbiRFtLZw9-qEuV6