CSO Online

Software supply chain risks join the OWASP top 10 list, access control still on top

There were some changes to the recently updated OWASP Top 10 list, including the addition of supply chain risks. But old ...
Security Boulevard

ACFW firewall test prologue – still failing at the basics

The results of our soon-to-be-published Advanced Cloud Firewall (ACFW) test are hard to ignore. Some vendors are failing badly at the basics like SQL injection, command injection, Server-Side Request ...
Security Boulevard

SAML Development Guide

A comprehensive SAML development guide for engineering leaders. Learn about assertions, metadata, and securing single sign-on for enterprise CIAM.
Hackaday

This Week In Security: PostHog, Project Zero Refresh, And Thanks For All The Fish

There’s something immensely satisfying about taking a series of low impact CVEs, and stringing them together into a full exploit. That’s the story we have from [Mehmet Ince] of Prodraft, who found a ...
inforum

USDA approves North Dakota request to ban candy, soda purchases with SNAP

Agriculture Secretary Brooke Rollins and Health and Human Services Robert F. Kennedy Jr. announced the waiver for North Dakota and five other states Some baking ingredients such as chocolate chips ...
cryptopolitan

ChatGPT hacked using custom GPTs exploiting SSRF vulnerability

Researcher uncovers a critical SSRF vulnerability in ChatGPT’s Custom GPT “Actions” feature, risking exposure of internal cloud credentials. Exploit allowed access to Azure Instance Metadata Service, ...
GitHub

YApi--SSRF(Server-Side Request Forgery)

Entry point: (Open import): /api/open/import_data receives the url parameter, and the server directly requests the remote resource and parses it as JSON. if (!content ...
Bleeping Computer

Microsoft fixes highest-severity ASP.NET Core flaw ever

Earlier this week, Microsoft patched a vulnerability that was flagged with the "highest ever" severity rating received by an ASP.NET Core security flaw. This HTTP request smuggling bug (CVE-2025-55315 ...
SecurityWeek

ChatGPT Targeted in Server-Side Data Theft Attack

OpenAI has fixed this zero-click attack method called ShadowLeak by researchers. Researchers at web security company Radware recently discovered what they described as a service-side data theft attack ...
Nextgov

How the federal government can tackle its on-prem sensitive data dilemma

In April, cybersecurity experts and Microsoft issued urgent warnings following a surge in attacks targeting critical vulnerabilities in on-premises Microsoft Exchange and SharePoint servers, both ...
acm.org

Turning Servers Against the Cloud

You expect the guardians at the gate of any system to keep attacks out; you don’t expect them to turn against internal systems and networks and ravage those on behalf of threat actors. Yet that’s what ...