Lawfare has a good article by Jim Baker (former legal council for the FBI) on a new way to thi...
Read More
Here's an interesting article on some non-JavaScript Cross-Site Scripting vectors.
https://x-c3ll.gi...
Read More
Here is a good writeup on the overflow error found in libssh2
https://blog.semmle.com/libssh2-intege...
Read More
Portswigger has some good research on a new angle for criss-site leak attacks:
https://portswigger.n...
Read More
This is a blog entirely dedicated to security analysis of mobine apps. No idea who writes it b...
Read More
The big news of the week is that every iPhone from 1 to X is apparently vulnerable to a bootROM flaw...
Read More
Here's a neat Android reverse engineering game.
https://0x00sec.org/t/reversing-hackex-an-android-ga...
Read More
Only Rails 6.x and 5.2.x are getting security updates. Plan your development accordingly.
http...
Read More
Chrome is finally starting to defend against clickjacking
https://www.theregister.co.uk/2019/08/19/c...
Read More
Apache called out for reporting incorrect versions in Struts vulnerabilities
https://www.infosecurit...
Read More
A researcher found out that you can discover if a user is in incognito mode in Chrome using a timing...
Read More
The Capital One breach leads the news this week, for a dozen good reasons.
https://start.jcolemorris...
Read More