Top-ranked programming Web tutorials introduce vulnerabilities into software
Researchers from several German universities have checked the PHP codebases of over 64,000 projects on GitHub, and found 117 vulnerabilities that they believe have been …
Cisco WebEx extension opens Chrome users to drive-by malware attacks
Windows users who have the widely used Cisco WebEx extension installed on Chrome are in danger of getting silently hacked when visiting a malicious website. The vulnerability, …
WordPress 4.6.1 upgrades security, fixes 15 bugs
WordPress 4.6.1 is now available. This is a security release for all previous versions and all users are strongly encouraged to update their sites immediately. The two …
XSS flaw in D-Link NAS devices allows attackers to mess with your data
Security researcher Benjamin Daniel Mussler has unearthed an XSS flaw affecting seven D-Link NAS devices – a flaw which could allow attackers to access the devices and …
Continuous security in the web application space
What we’re seeing in the market right now is increased consolidation among vendors. They’re buying each other, more products covering another vendor’s …
OWASP set to address API security risks
OWASP has started a new project and is set to publish a new guide on security risks. The issue they aim to tackle this time is API security. The new OWASP API Security Project …
Magento plugs XSS holes that can lead to e-store hijacking, patch immediately!
Last week, Magento released a very important bundle of patches for their eponymous e-commerce platform that should be implemented as soon as possible. The bundle plugs a …
XSS, SQLi bugs found in several Network Management Systems
Network Management System (NMS) offerings by Spiceworks, Ipswitch, Opsview and Castle Rock Computing have been found sporting several cross-site scripting and SQL injection …
Pinterest swaps T-shirts for money rewards in bug bounty program
After having migrated their online properties to HTTPS and having sorted out the main problems that arose from the move, Pinterest is ready to pay researchers for information …
Google’s new Cloud Security Scanner detects common security bugs
Here’s some good news for Google App Engine developers: Google has released a new application security scanner that’s especially fitting to test new app builds for …
Four cyber security risks not to be taken for granted
It’s pretty difficult to make information security predictions, and even more difficult to verify them afterwards: we can only judge the effectiveness of information …
Millions of WordPress websites in danger due to easily exploitable bug
A new WordPress version has been released, and you better update to it, as it patches a critical cross-site scripting flaw that can be exploited by attackers to compromise …