Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source – subscribe here!

Please turn on your JavaScript for this page to function normally.
vulnerabilities
Owncast, EaseProbe security vulnerabilities revealed

Oxeye has uncovered two critical security vulnerabilities and recommends immediate action to mitigate risk. The vulnerabilities were discovered in Owncast (CVE-2023-3188) and …

RSAC2023 entrance
Photos: RSA Conference 2023

RSA Conference 2023 is taking place at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. Here are a few photos …

HashiCorp Vault
HashiCorp Vault vulnerability could lead to RCE, patch today! (CVE-2023-0620)

Oxeye discovered a new vulnerability (CVE-2023-0620) in the HashiCorp Vault Project, an identity-based secrets and encryption management system that controls access to API …

cloud
Cloud-native application adoption puts pressure on appsec teams

Oxeye revealed five predictions expected to shape enterprise security spending in 2023. The predictions follow industry-wide research, which shows the industry is shifting …

Backstage
Critical vulnerability in Spotify’s Backstage discovered, patched

A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in …

security platform
Oxeye announces Cloud Native Application Security solution at KubeCon

Oxeye will demonstrate its Cloud Native Application Security solution at KubeCon 2022 in Detroit, Michigan, October 24-28. Located at booth SU74, Oxeye will show how the …

vm2 vunerability
Critical vm2 sandbox escape flaw uncovered, patch ASAP! (CVE-2022-36067)

Oxeye researchers discovered a severe vm2 vulnerability (CVE-2022-36067) that has received the maximum CVSS score of 10.0. Called SandBreak, this new vulnerability requires …

Harbor
High severity vulnerabilities found in Harbor open-source artifact registry

Oxeye security researchers have uncovered several new high severity variants of the IDOR (Insecure Director Object Reference) vulnerabilities (CVE-2022-31671, CVE-2022-31666, …

cloud
“ParseThru” vulnerability allows unauthorized access to cloud-native applications

A new vulnerability found in GoLang-based applications allows a threat actor to bypass validations under certain conditions and gain unauthorized access to cloud-native …

cloud
Take a dev-centric approach to cloud-native AppSec testing

The era of the cloud-native application is well and truly upon us: IDC researchers have predicted that by 2023, more that 500 million apps will be developed using cloud-native …

Oxeye
Product showcase: Oxeye.io – Cloud native application security testing

Delivering secure applications requires tooling built for automation in the modern tech stack. Oxeye provides a cloud-native application security testing solution that is …

Infosec products of the month: December 2021

Here’s a look at the most interesting products from the past month, featuring releases from Action1, AwareGO, BlackBerry, Box, Castellan Solutions, Cloudflare, Code42, Cossack …

Don't miss

Cybersecurity news