Owncast, EaseProbe security vulnerabilities revealed
Oxeye has uncovered two critical security vulnerabilities and recommends immediate action to mitigate risk. The vulnerabilities were discovered in Owncast (CVE-2023-3188) and …
Photos: RSA Conference 2023
RSA Conference 2023 is taking place at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. Here are a few photos …
HashiCorp Vault vulnerability could lead to RCE, patch today! (CVE-2023-0620)
Oxeye discovered a new vulnerability (CVE-2023-0620) in the HashiCorp Vault Project, an identity-based secrets and encryption management system that controls access to API …
Cloud-native application adoption puts pressure on appsec teams
Oxeye revealed five predictions expected to shape enterprise security spending in 2023. The predictions follow industry-wide research, which shows the industry is shifting …
Critical vulnerability in Spotify’s Backstage discovered, patched
A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in …
Oxeye announces Cloud Native Application Security solution at KubeCon
Oxeye will demonstrate its Cloud Native Application Security solution at KubeCon 2022 in Detroit, Michigan, October 24-28. Located at booth SU74, Oxeye will show how the …
Critical vm2 sandbox escape flaw uncovered, patch ASAP! (CVE-2022-36067)
Oxeye researchers discovered a severe vm2 vulnerability (CVE-2022-36067) that has received the maximum CVSS score of 10.0. Called SandBreak, this new vulnerability requires …
High severity vulnerabilities found in Harbor open-source artifact registry
Oxeye security researchers have uncovered several new high severity variants of the IDOR (Insecure Director Object Reference) vulnerabilities (CVE-2022-31671, CVE-2022-31666, …
“ParseThru” vulnerability allows unauthorized access to cloud-native applications
A new vulnerability found in GoLang-based applications allows a threat actor to bypass validations under certain conditions and gain unauthorized access to cloud-native …
Take a dev-centric approach to cloud-native AppSec testing
The era of the cloud-native application is well and truly upon us: IDC researchers have predicted that by 2023, more that 500 million apps will be developed using cloud-native …
Product showcase: Oxeye.io – Cloud native application security testing
Delivering secure applications requires tooling built for automation in the modern tech stack. Oxeye provides a cloud-native application security testing solution that is …
Infosec products of the month: December 2021
Here’s a look at the most interesting products from the past month, featuring releases from Action1, AwareGO, BlackBerry, Box, Castellan Solutions, Cloudflare, Code42, Cossack …