GraphQL vs gRPC: Which One Creates More Secure APIs?

Learn about the security capabilities of GraphQL and gRPC, how they perform authentication/authorization, and how they compare to REST. In addition, discover common attack vectors for both API framewo ...

Continue Reading
Black Cat ransomware group wants $4.5m from Reddit or will leak stolen files

The ramifications of a Reddit breach which occurred [back in February]() are now being felt, with [the attackers threatening to leak the stolen data](). The February attack, billed as a "sophisticated ...

Continue Reading
CVE-2023-26436

Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to ...

Continue Reading
Overcoming Challenges in Delivering Machine Learning Models from Research to Production

So, you’ve finished your research. You developed a machine learning (ML) model, tested, and validated it and you’re now ready to start development, and then push the model to production. The ...

Continue Reading
Vega’s validators able to submit duplicate transactions

A vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral br ...

Continue Reading
XWiki Platform’s tags on non-viewable pages can be revealed to users

### Impact Tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. ### Patches This v ...

Continue Reading
XWiki Platform’s tags on non-viewable pages can be revealed to users

### Impact Tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. ### Patches This v ...

Continue Reading
XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email

### Impact Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). For instance, the following URL execute an `alter` on the browser: `/xwiki/bin/view/Main/?view ...

Continue Reading

Back to Main

Subscribe for the latest news: