News

Vulnerability or bug management cycle

Vulnerability management reboot sought, CISOs more influential in boardroom, Trump’s cyber overhaul – OffSec roundup for CISOs

Record CVE surge - explaining the ongoing rise in new vulnerabilities

CVE surge: Why the record rise in new vulnerabilities?

The YesWeHack Bug Bounty Report 2025

The YesWeHack Bug Bounty Report 2025

HTML code on a PC monitor to illustrate DOMPurify bypasses on an ethical hacker news roundup

DOMPurify bypasses, prompt injecting ChatGPT to shell, AI fuzz finds – ethical hacker news roundup

Futuristic Sci-Fi glowing HUD clock fading, representing how the clock is now ticking on Cyber Resilience Act compliance

Clock ticking on Cyber Resilience Act compliance, Bug Bounty forecasts, intriguing CISA red team find – OffSec roundup for CISOs

The clock for compliance with the EU Cyber Resilience Act has now started ticking

Cyber Resilience Act: compliance countdown set to start for EU law focused on eliminating vulnerabilities

XSS and bug bounty

New tool for finding mutated XSS, $20k Chromium sandbox escape, Live bug bounty results from Ekoparty – ethical hacker news roundup

EU flag signifies NIS 2 entering into force and the Cyber Resilience Act being adopted

NIS 2 in force, Cyber Resilience Act adopted, CISA hails VDP impact – OffSec roundup for CISOs

Servers with mess of wires plugged in in an example of tech sprawl

Tackling tech sprawl, CISO burnout, NIS 2 now enforceable – OffSec roundup for CISOs

The Windows blue screen of death took down an estimated 8.5 million Windows machines following a botched CrowdStrike software update.

Partial SolarWinds reprieve, CrowdStrike lessons, LLM kryptonite – OffSec roundup for CISOs

The YesWeHack triage team collaborates with Ferrero's program managers during the live hacking event in Rome

YesWeHack and Ferrero inaugurate Italy’s first live hacking event

Web timing attacks, Apache HTTP confusion attacks, email parsing discrepancies – ethical hacker news roundup