#vulnerability-disclosure
#vulnerability-disclosure
[ follow ]
Information security
fromDataBreaches.Net
2 weeks agoPen testers accused of 'blackmail' after reporting Eurostar chatbot flaws - DataBreaches.Net
Pen Test Partners found four flaws in Eurostar's public AI chatbot enabling HTML injection and system-prompt leakage; the researchers were accused of blackmail.
fromTechCrunch
3 weeks agoExclusive: Home Depot exposed access to internal systems for a year, says researcher
When he tested the token, Zimmermann said that it granted access to hundreds of private Home Depot source code repositories hosted on GitHub and allowed the ability to modify their contents. The researcher said the keys allowed access to Home Depot's cloud infrastructure, including its order fulfillment and inventory management systems, and code development pipelines, among other systems. Home Depot has hosted much of its developer and engineering infrastructure on GitHub since 2015, according to a customer profile on GitHub's website.
Information security
fromComputerWeekly.com
1 month agoUK government pledges to rewrite Computer Misuse Act | Computer Weekly
Speaking on 3 December at the Financial Times Cyber Resilience Summit 2025, security minister Dan Jarvis said: "We've heard the criticisms about the Computer Misuse Act, and how it can leave many cyber security experts feeling constrained in the activity that they can undertake. These researchers play an important role in increasing the resilience of UK systems, and securing them from unknown vulnerabilities."
Law
fromThe Hacker News
1 month agoMeta Expands WhatsApp Security Research with New Proxy Tool and $4M in Bounties This Year
Meta on Tuesday said it has made available a tool called WhatsApp Research Proxy to some of its long-time bug bounty researchers to help improve the program and more effectively research the messaging platform's network protocol. The idea is to make it easier to delve into WhatsApp-specific technologies as the application continues to be a lucrative attack surface for state-sponsored actors and commercial spyware vendors.
Information security
fromTechzine Global
2 months agoAxis Communications builds cyber wall around popular IoT devices
Securing IoT devices must be a top priority from start to finish these days. Whereas the issue used to be seen mainly as an add-on, it is now a fundamental part of product development and partner policy. According to Fabian de Clippelaar, Engineer at Axis Communications, this shift did not come out of the blue. "The growing computing power of devices offers opportunities for innovation. But if that power is not applied or secured in the right way, it can also cause serious problems."
Information security
fromSecurityWeek
3 months agoIn Other News: $900k for XSS Bugs, HybridPetya Malware, Burger King Censors Research
Two researchers reported finding serious vulnerabilities, including ones that expose employee information and drive-through orders, in systems run by Restaurant Brands International (RBI), which owns the Tim Hortons, Burger King and Popeyes brands. The vulnerabilities were reported to the vendor and quickly fixed. In addition, RBI said the system targeted by the researchers is still in early development. However, the company still sent a DMCA complaint to the researchers to force them to remove the blog post detailing their findings.
Information security
[ Load more ]