News

Article card image

YesWeHack marks first year of partnership with Singapore’s Government Bug Bounty Programmes

Viking funeral for the HTTP/1.1 protocol

Why ‘HTTP/1.1 must die’, Intel exploits, C# Random hack with no maths – ethical hacker news roundup

EU flag features in a story about how the European Commission’s latest bug bounty tender was won by YesWeHack

European Commission’s latest Bug Bounty tender won by YesWeHack

YesWeHack authorised as a CVE Numbering Authority (CNA)

YesWeHack authorised as a CVE Numbering Authority (CNA)

Blindfolded woman holding up scales of justice

US court ruling on Uber breach slammed, red teamers cautious on AI, OffSec offers ‘strategic edge’ – OffSec roundup for CISOs

YesWeHack completes first-ever acquisition with purchase of Sekost, French cybersecurity audit specialist

Disk cache in the context of a nonce CSP bypass

Nonce CSP bypass using disk cache, ‘quiet side channel’ for request smuggling, Amazon Q and the malicious pull request – ethical hacker news roundup

Parsing logic workflow

Chunked-body parsing flaws, making self-XSS great again, using HTTP redirect loops to achieve non-blind SSRFs – ethical hacker news roundup

Robot gazes satisfyingly at the ladybird he has found – signifying discovery of security bugs by AI models

OpenAI VDP for bugs found by AI, CVE funding fears persist, ‘shift left’ towards vulnerability overload – OffSec roundup for CISOs

A double-clickjacking attack, exploit or vulnerability

Ultimate double-clickjacking exploit, novel HTTP/2 request tunnelling techniques, when encryption makes matters worse – ethical hacker news roundup

Zero-day exploits

‘AI slop’ bug reports and outsourcing triage, OpenPGP.js signature-spoofing bug, race to combat zero-day exploits – OffSec roundup for CISOs

Signature spoofing OpenPGP

Critical signature-spoofing vulnerability in OpenPGP.js hits the headlines