BugCrowd Bug Bounty Disclosure: P1 – Log4Shell (CVE-2021-44228) – By aminei
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
OSINT
BugCrowd Bug Bounty Disclosure: P1 – HTTP Desync Attack (Request Smuggling) – Mass Session Hijacking – By AnkitSingh
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P5 – Lack of Security Headers – By F_Robot
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P4 – html injection in [https://edoiu.doi.gov/login/signup.php] – By CryptoKnight028
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P3 – Subdomain Takeover for rtncf-rci.ral.r4.fws.gov – By thelicato
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P2 – Privilege Escalation of Publisher Account due to IDOR – By AlWaYsHuNt
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P3 – Able to change other publishers’ payment details – By AlWaYsHuNt
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P1 – RCE in Bitbucket DataCenter via HazelCastPort – By SnowyOwl
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P5 – Broken Access Control Issue. – By jeetbhdr
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P3 – postMessage XSS in Tesla Payment page – By TheTime
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P4 – Xss on – employers.indeed.com – By ig420_vrush
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P5 – Information Disclosure via url tampering – By murderfalcon
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P5 – CSRF Leads to Logout any Loggedin user from their session – By DeadSniper
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P5 – Information exposure through Directory Listing – By jaibalaji
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P5 – Clickjack Bug in Website – By ethicalpanther
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
A week in security (April 18 – 24)
Last week on Malwarebytes Labs: Why you shouldn’t automate your VirusTotal uploadsNorth Korean Lazarus APT group targets blockchain tech companiesWatch out...
BlackCat Ransomware gang breached over 60 orgs worldwide
At least 60 entities worldwide have been breached by BlackCat ransomware, warns a flash report published by the U.S. FBI....
Experts warn of a surge in zero-day flaws observed and exploited in 2021
The number of zero-day vulnerabilities exploited in cyberattacks in the wild exploded in the last years, security firm report. Google...
CISA: Google Releases Security Updates for Chrome
Google Releases Security Updates for Chrome Google has released Chrome version 100.0.4896.127 for Windows, Mac, and Linux. This version addresses...
CISA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure The cybersecurity authorities of the United States, Australia, Canada, New Zealand,...
CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA Adds Three Known Exploited Vulnerabilities to Catalog CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog,...
CISA: North Korean State-Sponsored APT Targets Blockchain Companies
North Korean State-Sponsored APT Targets Blockchain Companies CISA, the Federal Bureau of Investigation (FBI), and the U.S. Treasury Department have...
CISA: Oracle Releases April 2022 Critical Patch Update
Oracle Releases April 2022 Critical Patch Update Oracle has released its Critical Patch Update for April 2022 to address 520...
CISA: Drupal Releases Security Updates
Drupal Releases Security Updates Drupal has released security updates to address vulnerabilities affecting Drupal 9.2 and 9.3. An attacker could...
