Zero-day XSS bugs impacting four enterprise management platforms uncovered by Rapid7 portswigger.net/daily-swig/rad…

Research into chaining OAuth flaws tops annual PortSwigger web hacking list for 2022 (kudos Frans Rosén) portswigger.net/daily-swig/oau…

Deserialized web security roundup: KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack portswigger.net/daily-swig/des…

Part one of our two-part series looks at the security pros and cons of consumer-focused password managers and what they can offer users portswigger.net/daily-swig/pas…

Although Apache Kafka software has not transformed into a giant insect, it has spawned a serious security bug portswigger.net/daily-swig/rem…

Belgium launches Europe’s first nationwide safe harbor for ethical hackers portswigger.net/daily-swig/bel…

A HTTP request smuggling bug has been patched in HAProxy portswigger.net/daily-swig/htt…

Belgium will protect ethical hackers under a nationwide safe harbor framework announced this week portswigger.net/daily-swig/bel…

API security expert Corey J Ball (hAPI_hacker) on how to ‘arm the testers, and help prevent that next API-related data breach’ portswigger.net/daily-swig/mos…

Weaknesses in the CVSS system have been highlighted through new research, with existing metrics blamed for 'overhyping' vulnerabilities portswigger.net/daily-swig/cvs…

A flaw in ClamAV anti-malware software has resulted in a vulnerability in Cisco security products portswigger.net/daily-swig/cis…

Maintainers of new XSS Hunter fork add end-to-end encryption following backlash over privacy fears portswigger.net/daily-swig/new…

The US National Institute of Standards and Technology is planning a major reform of its Cybersecurity Framework, an authoritative guideline on managing cybersecurity risk portswigger.net/daily-swig/nis…

Deserialized web security roundup: Twitter 2FA backlash, GoDaddy attack campaign, and XSS Hunter adds e2e encryption portswigger.net/daily-swig/des…

‘Standard web app security tests result in false negatives for web APIs’ – hAPI_hacker on the need for bespoke defenses against increasingly popular attacks portswigger.net/daily-swig/mos…

Chromium bug allowed SameSite cookie bypass on Android devices portswigger.net/daily-swig/chr…

Password managers part II: The Daily Swig looks at enterprise-grade tech capable of managing login credentials, encryption keys, API tokens and more portswigger.net/daily-swig/a-r…

Attackers could have created counterfeit driving licenses by exploiting a vulnerability – now patched – in the website of India’s road transport ministry (credit Robin✌) portswigger.net/daily-swig/ind…

This month’s #BugBountyRadar: Fresh targets from Grindr and Miro, infosec drama with XSS Hunter’s new host, and Belgium rolls out the red carpet for ethical hackers portswigger.net/daily-swig/bug…