This month’s #BugBountyRadar : Fresh targets from Grindr and Miro, infosec drama with XSS Hunter’s new host, and Belgium rolls out the red carpet for ethical hackers

portswigger.net/daily-swig/bug…

Attackers could have created counterfeit driving licenses by exploiting a vulnerability – now patched – in the website of India’s road transport ministry (credit Robin✌)

portswigger.net/daily-swig/ind…

Password managers part II: The Daily Swig looks at enterprise-grade tech capable of managing login credentials, encryption keys, API tokens and more

portswigger.net/daily-swig/a-r…

Chromium bug allowed SameSite cookie bypass on Android devices

portswigger.net/daily-swig/chr…

‘Standard web app security tests result in false negatives for web APIs’ – hAPI_hacker on the need for bespoke defenses against increasingly popular attacks portswigger.net/daily-swig/mos…

Deserialized web security roundup: Twitter 2FA backlash, GoDaddy attack campaign, and XSS Hunter adds e2e encryption

portswigger.net/daily-swig/des…

The US National Institute of Standards and Technology is planning a major reform of its Cybersecurity Framework, an authoritative guideline on managing cybersecurity risk

portswigger.net/daily-swig/nis…

Maintainers of new XSS Hunter fork add end-to-end encryption following backlash over privacy fears portswigger.net/daily-swig/new…

A flaw in ClamAV anti-malware software has resulted in a vulnerability in Cisco security products

portswigger.net/daily-swig/cis…

Weaknesses in the CVSS system have been highlighted through new research, with existing metrics blamed for 'overhyping' vulnerabilities

portswigger.net/daily-swig/cvs…

API security expert Corey J Ball (hAPI_hacker) on how to ‘arm the testers, and help prevent that next API-related data breach’

portswigger.net/daily-swig/mos…

Belgium will protect ethical hackers under a nationwide safe harbor framework announced this week portswigger.net/daily-swig/bel…

A HTTP request smuggling bug has been patched in HAProxy

portswigger.net/daily-swig/htt…

Belgium launches Europe’s first nationwide safe harbor for ethical hackers

portswigger.net/daily-swig/bel…

Although Apache Kafka software has not transformed into a giant insect, it has spawned a serious security bug

portswigger.net/daily-swig/rem…

Part one of our two-part series looks at the security pros and cons of consumer-focused password managers and what they can offer users

portswigger.net/daily-swig/pas…

Deserialized web security roundup: KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack

portswigger.net/daily-swig/des…

Research into chaining OAuth flaws tops annual PortSwigger web hacking list for 2022 (kudos Frans Rosén)

portswigger.net/daily-swig/oau…

Zero-day XSS bugs impacting four enterprise management platforms uncovered by Rapid7

portswigger.net/daily-swig/rad…