News

A double-clickjacking attack, exploit or vulnerability

Ultimate double-clickjacking exploit, novel HTTP/2 request tunnelling techniques, when encryption makes matters worse – ethical hacker news roundup

Zero-day exploits

‘AI slop’ bug reports and outsourcing triage, OpenPGP.js signature-spoofing bug, race to combat zero-day exploits – OffSec roundup for CISOs

Signature spoofing OpenPGP

Critical signature-spoofing vulnerability in OpenPGP.js hits the headlines

GitHub screenshot

‘Airborne’ AirPlay attacks, netting $64k from deleted files, triaging AI slop – ethical hacker news roundup

How the Software as a Service (SaaS) model creates single points of failure

UK retail cyber-attacks a ‘wake-up call’, SaaS overreliance ‘creating single points of failure’, calls for global regulatory alignment – OffSec roundup for CISOs

Vulnerabilities affecting middleware

Middleware mayhem, Zoolander banter PoC, Malta to pardon hackers over ‘unfair’ charges – ethical hacker news roundup

UK issues NIS V2 blueprint – article about Cyber Security and Resilience Bill

UK publishes proposals for NIS 2-equivalent Cyber Security and Resilience Bill

SPYWARE ACCORD ADOPTED IN PARIS

Spyware pact draws distinction between malicious and legitimate use of cyber-intrusion tools

EUCC CERT SCHEME, implications for vuln management

EUCC cyber certification scheme enters early adopter phase after vulnerability disclosure rules issued

YouTube email leak exploit, Great ‘Wallbleed’ of China, Burp’s overlooked ‘best feature’ – ethical hacker news roundup

US Capitol Building depicted for article about a VDP bill mandating vulnerability disclosure policies for federal contractors clearing the US house

US House passes bill mandating vulnerability disclosure policies for federal contractors

AI software developer, depicted as humanoid robot, does some coding

Junior devs ‘can’t actually code’, AI coding risks, security researchers decry inscrutable AI – OffSec roundup for CISOs