Exploits Explained: ZIP embedding attack on Google Chrome extensions
Malcolm Stagg recounts the discovery of CVE-2024-0333, a vulnerability in Google Chrome that could have been exploited to install malicious extensions.
Rapid7 vs JetBrains: A vulnerability disclosure process gone bad
A recent conflict between Rapid7 and JetBrains over how to disclose vulnerabilities was marred by blame, confusion and conflicting philosophies.
Exploits Explained: Defeating length filters to enable SQL injection
A lesson in overcoming length filters to find SQL injection vulnerabilities.
CVSS 4.0 is shaking up vulnerability management. Here’s what’s changed
CVSS 4.0 urges companies to go beyond base scores, allowing them to more accurately judge the threat posed by particular vulnerabilities.
The problems with vulnerability reporting
Several recent incidents in the U.S. system for reporting vulnerabilities highlight the importance of accurate, comprehensive bug reports for defenders
MOVEit Transfer saga shows danger of the 'Dark Middle'
When attackers find vulnerabilities in software used by service providers with dozens or hundreds of clients, the impact of a breach can quickly spiral out of control.
Memory safety is the first step, not the last, towards secure software
The U.S. government and technology giants alike are urging developers to replace C and C++ with modern, memory-safe languages like Rust. Will it be enough?
As APIs proliferate, attackers follow
With APIs accounting for more than half of all internet traffic, attacks on mobile and web application endpoints continue to grow.
Home is where the hackers are: The dizzying task of securing remote work
Increases in phishing attacks, credential stuffing against corporate cloud services and unpatched vulnerabilities in consumer hardware have all skyrocketed since the COVID pandemic upended work routines. With more employees logging in from home, locking down workers’ security habits and local networks has never mattered so much.
Flawed choices: Developers continue to use vulnerable open-source dependencies
While the open-source ecosystem continues to make progress on securing the production of widely used components, developers need better tools and a security culture to benefit.