Google Alert - site: portswigger.net/daily-swig/vulnerabilities


We’re going teetotal: It’s goodbye to The Daily Swig – PortSwigger

PortSwigger today announces that The Daily Swig is closing down. … Always on top of the latest web hacking vulnerabilities, Ben Dickson wrote … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw394UibInzEFZLc7hhmoyQd


Bug Bounty Radar // The latest bug bounty programs for March 2023 | The Daily Swig

Security researcher Justin Steven wanted to write-up the technical details of a DOM-based cross-site scripting vulnerability in the Gartner Peer … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2023&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw1v32dAAzLLtxmKwO3ssdw5


Chromium bug allowed SameSite cookie bypass on Android devices | The Daily Swig

Protections against cross-site request forgery could be bypassed. https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/chromium-bug-allowed-samesite-cookie-bypass-on-android-devices&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw2qAnRKvV2do9pKmuXj9u9n


NIST plots biggest ever reform of Cybersecurity Framework | The Daily SwigPortSwigger

ANALYSIS The US National Institute of Standards and Technology (NIST) is planning significant changes to its Cybersecurity Framework (CSF) – the first … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/nist-plots-biggest-ever-reform-of-cybersecurity-framework&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0ppU7Ot3zudxpqnW5o1ebj


Cisco ClamAV anti-malware scanner vulnerable to serious security flaw | The Daily Swig

Patch released for bug that poses a critical risk to vulnerable technologies. A recently-patched flaw in the ClamAV anti-malware scanning library … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/cisco-clamav-anti-malware-scanner-vulnerable-to-serious-security-flaw&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3OcMA0X8spyAdKttDTZZfO


CVSS system criticized for failure to address real-world impact | The Daily Swig

JFrog argues vulnerability risk metrics need complete revamp. The CVSS vulnerability scoring system has been criticised for offering an … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/cvss-system-criticized-for-failure-to-address-real-world-impact&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0IgLcKzRtWwnhBg9JAiLak


‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a …

In an interview with The Daily Swig, Ball explains how the growing use of web APIs requires a change of perspective on how we secure our … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/most-web-api-flaws-are-missed-by-standard-security-tests-corey-j-ball-on-securing-a-neglected-attack-vector&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3SmOIkmWpY9jp_yZlJF20P


HTTP request smuggling bug patched in HAProxy | The Daily SwigPortSwigger

The vulnerability is not hard to exploit, but its impact depends on the target web server and how much it relies on HAProxy filters to secure its … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/http-request-smuggling-bug-patched-in-haproxy&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3IGkY5aKDEhmKGxleZKGiN


Read all about it: Introducing our new newsletter, Daily Swig Deserialized – PortSwigger

We’re pleased to announce that Daily Swig Deserialized, a fortnightly roundup of the … and his favourite ever web vulnerability discovery. https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/read-all-about-it-introducing-our-new-newsletter-daily-swig-deserialized&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3116F5wOAvTiTH4WE3P-M1


Remote code execution flaw patched in Apache Kafka | The Daily SwigPortSwigger

Apache has resolved a vulnerability potentially exploitable to launch remote code execution (RCE) attacks using Kafka Connect. https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/remote-code-execution-flaw-patched-in-apache-kafka&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw1AzVFdpbiRFtLZw9-qEuV6