Cross Site Scripting Bug in PrivateBin
A XSS vulnerability in PrivateBin, the open source secure pastebin, has been patched. PrivateBin, an online tool used to store information and is encrypted/decrypted in the browser using AES-256 bits…
Stolen OAuth User Tokens used in Data Breach
GitHub has investigated a security incident that uncovered abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm.…
MitmProxy Fixes HTTP Request Smuggling attack
An open source interactive HTTPS proxy service MitmProxy, has patched a serious bug that potentially allowed attackers to stage HTTP request smuggling attacks against backend servers. HTTP request smuggling attacks…
Riverbed Vulnerabilities Uncovered
Singapore's Cyber Security Group, an agency charged with securing the nation's cyberspace, has uncovered four critical flaws in code from network software company Riverbed. The vulnerable application is SteelCentral AppInternals,…
Grafana Vulnerability Opens Attackers invasion
Researchers discovered a high-impact web security vulnerability in popular dashboard tool Grafana. The CSRF vulnerability tracked as CVE-2022-21703 opens the door for attackers to elevate their privileges through cross-origin attacks…
SnapFuzz ! Fuzzer for Network Application
An open-source fuzzing tool was introduced by researchers to test testing network applications. SnapFuzz uses a series of techniques to speed up the testing of network protocols and overcome the timing constraints and…
Solarwinds Fixes Critical Bug in its Helpdesk Software
Solarwinds has fixed a critical bug in its Web Help Desk software that allowed attackers to execute arbitrary Hibernate Query Language (HQL) code. Solarwinds Web Help Desk is a helpdesk…
Messenger End to End Encryption
The feature that previously tested on group chats and calls allows users to enable encryption in two ways: swipe up on an existing chat to enter a secret dialogue where…