Hacker News
- Google Project Zero hails dramatic acceleration in security bug remediation https://portswigger.net/daily-swig/google-project-zero-hails-dramatic-acceleration-in-security-bug-remediation 7 comments
- SnapFuzz: New fuzzing tool speeds up testing of network applications https://portswigger.net/daily-swig/snapfuzz-new-fuzzing-tool-speeds-up-testing-of-network-applications 2 comments
- Critical Samba flaw presents code execution threat https://portswigger.net/daily-swig/critical-samba-flaw-presents-code-execution-threat 41 comments
- Chain of vulnerabilities led to RCE on Cisco Prime servers https://portswigger.net/daily-swig/chain-of-vulnerabilities-led-to-rce-on-cisco-prime-servers 4 comments
- Chrome is deprecating direct access to private networks from public websites https://portswigger.net/daily-swig/chrome-to-bolster-csrf-protections-with-cors-preflight-checks-on-private-network-requests 7 comments
- Researchers exploit HTTP/2, WPA3 protocols to stage ‘timeless timing’ attacks https://portswigger.net/daily-swig/researchers-exploit-http-2-wpa3-protocols-to-stage-highly-efficient-timeless-timing-attacks 26 comments
- HTTP Desync Attacks: Request Smuggling Reborn https://portswigger.net/blog/http-desync-attacks-request-smuggling-reborn 11 comments
- Implementing Tic Tac Toe with 170mb of HTML - no JS or CSS https://portswigger.net/blog/tic-tac-toe-in-html 2 comments webdev
- The single-packet attack: making remote race-conditions 'local' https://portswigger.net/research/the-single-packet-attack-making-remote-race-conditions-local 5 comments netsec
- Attacking GraphQL APIs https://portswigger.net/web-security/graphql 4 comments netsec
- The seventh way to call a JavaScript function without parentheses https://portswigger.net/research/the-seventh-way-to-call-a-javascript-function-without-parentheses 3 comments netsec
- Hunting evasive vulnerabilities https://portswigger.net/research/hunting-evasive-vulnerabilities 4 comments netsec
- Researchers discover Log4j-like flaw in H2 database console https://portswigger.net/daily-swig/researchers-discover-log4j-like-flaw-in-h2-database-console 78 comments programming
- Roommate And I Both Got Hit With Credit Card Fraud At The Same Time? https://portswigger.net/daily-swig/log4shell-vulnerability-poses-critical-threat-to-applications-using-ubiquitous-java-logging-package-apache-log4j 23 comments personalfinance
- GoDaddy managed WordPress hosting service breach exposed 1.2m user profiles https://portswigger.net/daily-swig/godaddy-managed-wordpress-hosting-service-breach-exposed-1-2m-user-profiles 17 comments privacy
- Vulnerabilities in GitHub NPM packages could allow threat actors to publish https://portswigger.net/daily-swig/vulnerabilities-in-github-npm-packages-could-allow-threat-actors-to-publish-malicious-versions 16 comments programming
- Japanese punctuation exacerbates privacy flaw that leaks one-word search terms https://portswigger.net/daily-swig/japanese-punctuation-exacerbates-privacy-flaw-that-leaks-one-word-search-terms-in-google-firefox-browsers 144 comments programming
- Slack contains an XSLeak vulnerability that de-anonymizes users https://portswigger.net/daily-swig/slack-contains-an-xsleak-vulnerability-that-de-anonymizes-users 34 comments programming
- Zero-click RCE vulnerability in Hikvision security cameras could lead to network https://portswigger.net/daily-swig/zero-click-rce-vulnerability-in-hikvision-security-cameras-could-lead-to-network-compromise 5 comments programming
- Spook.js – New side-channel attack can bypass Google Chrome’s protections https://portswigger.net/daily-swig/spook-js-new-side-channel-attack-can-bypass-google-chromes-protections-against-spectre-style-exploits 2 comments programming
- Machine learning technique detects phishing sites based on markup visualization https://portswigger.net/daily-swig/machine-learning-technique-detects-phishing-sites-based-on-markup-visualization 2 comments programming
- Jenkins project succumbs to ‘mass exploitation’ of critical Atlassian Confluence https://portswigger.net/daily-swig/jenkins-project-succumbs-to-mass-exploitation-of-critical-atlassian-confluence-vulnerability 69 comments programming
- PortSwigger Research: Top 10 web hacking techniques of 2020 https://portswigger.net/research/top-10-web-hacking-techniques-of-2020 4 comments netsec
- Simulating SQL Injection Exploitation Using Reinforcement Learning https://portswigger.net/daily-swig/machine-learning-offers-fresh-approach-to-tackling-sql-injection-vulnerabilities 5 comments netsec
- Attacking OAuth authentication https://portswigger.net/web-security/oauth 38 comments netsec
- Vulnerability in Firefox for Android allowed attackers to steal cookies, local files https://portswigger.net/daily-swig/vulnerability-in-firefox-for-android-allowed-attackers-to-steal-cookies-local-files 6 comments firefox
- Medical records exposed in data breach at Illinois healthcare system https://portswigger.net/daily-swig/medical-records-exposed-in-data-breach-at-illinois-healthcare-system 3 comments technology
- Researchers exploit HTTP/2, WPA3 protocols to stage highly efficient ‘timeless timing’ attacks https://portswigger.net/daily-swig/researchers-exploit-http-2-wpa3-protocols-to-stage-highly-efficient-timeless-timing-attacks 4 comments netsec
- Attacking and defending JavaScript sandboxes https://portswigger.net/research/attacking-and-defending-javascript-sandboxes 3 comments javascript
- New Slack Remote Code Execution Patched https://portswigger.net/daily-swig/slack-vulnerability-allowed-attackers-to-smuggle-malicious-files-onto-victims-devices 9 comments netsec
- Top 10 web hacking techniques of 2019 https://portswigger.net/research/top-10-web-hacking-techniques-of-2019 28 comments netsec
- The unexpected bounty: Responsible denial of service with web cache poisoning https://portswigger.net/research/responsible-denial-of-service-with-web-cache-poisoning 3 comments netsec
- HTTP Desync Attacks: Request Smuggling Reborn https://portswigger.net/blog/http-desync-attacks-request-smuggling-reborn 43 comments netsec
- Tails 3.14: OS takes performance hit to defend against ZombieLoad vulnerability https://portswigger.net/daily-swig/tails-3-14-os-takes-performance-hit-to-defend-against-zombieload-vulnerability 10 comments privacy
- XSS vulnerability in unmaintained JavaScript library poses severe risk - Developers ought to migrate away from jQuery Mobile (JQM) following the discovery of a cross-site scripting (XSS) vulnerability in the unmaintained but still widely used platform https://portswigger.net/daily-swig/xss-vulnerability-in-unmaintained-javascript-library-poses-severe-risk 20 comments javascript
- Top 10 Web Hacking Techniques of 2017 https://portswigger.net/blog/top-10-web-hacking-techniques-of-2017 4 comments programming
- Top 10 Web Hacking Techniques of 2017 - The Final Verdict https://portswigger.net/blog/top-10-web-hacking-techniques-of-2017 6 comments netsec
- Bypassing Web Cache Poisoning Countermeasures https://portswigger.net/blog/bypassing-web-cache-poisoning-countermeasures 5 comments netsec
- Burp's new REST API https://portswigger.net/blog/burps-new-rest-api 10 comments netsec
- Haven security app receives 500,000 downloads in first six months. Raft of new features planned for Snowden-endorsed security system. https://portswigger.net/daily-swig/haven-security-app-receives-500-000-downloads-in-first-six-months 6 comments privacy