web development
With AI’s help, North Korean hackers stumbled into a near-undetectable attack
For many years, state-sponsored hacking was defined by human expertise in finding security holes, writing malware and exploits, pulling off social engineering and phishing …
North Korean IT workers set their sights on European organizations
North Korean IT workers are expanding their efforts beyond the US, and are seeking to fraudulently gain employment with organizations around the world, but most especially in …
Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)
A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web …
Securing modern web apps: A case for framework-aware SAST
If you were to write a web application entirely by yourself, it would be a rather daunting task. You would need to write the UI elements from lower-level APIs, set up and …
Private browsing is not that private, but it can be
Private, “Incognito mode” browsing sessions are not as foolproof as most users believe them to be. “After a private session terminates, the browser is …
Websites built by freelance developers are plagued with security failures
Websites developed by “budget” developers, without portfolios or references, tend to be plagued with critical security failures, research has shown. For this project, the …
Featured news
Resources
Don't miss
- JSP webshells being dropped on unpatched PTC Windchill instances
- Mozilla warns of indirect prompt injection risk in AI coding agents
- DarkMoon: Open-source AI pentesting platform
- Sycophantic chatbots and the harms that build over many chats
- Companies keep bolting AI onto their products, and the security bill is coming due