More than half of security experts think that the good outweighs the bad when it comes to proof-of-concept exploits, according to a recent Threatpost poll.
An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This plugin allows site owners to manage multiple websites from one central server using the InfiniteWP Server. Due to the nature of this plugin, this is a serious vulnerability that should be patched as soon as
Project Zero vulnerability disclosures will now happen at 90 days, even if a patch becomes available before then.
HackerOne has paid out $20,000 to a bounty hunter who discovered a session cookie issue, due to “human error,” on the bug bounty platform.
A newly proposed CISA directive would require all U.S. agencies to develop and implement vulnerability disclosure processes for their internet connected systems.
A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the Full Disclosure mailing list this past Monday. This vulnerability is extremely severe. It allows any website visitors to run PHP code and shell commands on the site’s underlying server. Am I At Risk? At the time of writing this,
Marc Rogers discusses the logistics behind a recently-proposed anonymous bug submission program, meant to encourage ethical hackers to submit high-level bugs anonymously.
Apple will not fix the glitch until the release of iOS 13.1 later in September.
Last week, WordPress released version 5.2.3 which was a security and maintenance update, and as such, contained many security fixes. Part of our day to day work is to analyse these security releases, discover what security issue it is fixing and come up with a Proof of Concept for further internal testing. Based on our
Up to 25 percent of valid vulnerabilities found in bug bounty programs are classified as being of high or critical severity.