Porch-Pirate – The Most Comprehensive Postman Recon / OSINT Client And Framework That Facilitates The Automated Discovery And Exploitation Of API Endpoints And Secrets Committed To Workspaces, Collections, Requests, Users And Teams

Porch Pirate started as a tool to quickly uncover Postman secrets, and has slowly begun to evolve into a multi-purpose reconaissance / OSINT framework for Postman. While existing tools are great proof ...

Continue Reading
Cosign malicious attachments can cause system-wide denial of service

Summary A remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available su ...

Continue Reading
Cosign malicious artifacts can cause machine-wide DoS

Maliciously-crafted software artifacts can cause denial of service of the machine running Cosign, thereby impacting all services on the machine. The root cause is that Cosign creates slices based on t ...

Continue Reading
Code Keepers: Mastering Non-Human Identity Management

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitati ...

Continue Reading
PostX – Gutenberg Blocks for Post Grid < 3.2.4 – Incorrect Authorization

Description The PostX – Gutenberg Blocks for Post Grid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, an ...

Continue Reading
PostX – Gutenberg Blocks for Post Grid < 3.2.4 – Incorrect Authorization

Description The PostX – Gutenberg Blocks for Post Grid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, an ...

Continue Reading
Why CISA is Warning CISOs About a Breach at Sisense

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to vie ...

Continue Reading
Security Bulletin: IBM Sterling B2B Integrator B2B API vulnerable to multiple issues due to Apache CXF

Summary IBM Sterling B2B Integrator uses Apache CXF. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-46363 DESCRIPTION: **Apache CX ...

Continue Reading

Back to Main

Subscribe for the latest news: