Experimental News Clipping Site

Tag: web applications

  • Hacker News: Python’s official documentation contains textbook example of insecure code (XSS)

    by

    Kurt Seifried
    in

    Source URL: https://seclists.org/fulldisclosure/2025/Feb/15 Source: Hacker News Title: Python’s official documentation contains textbook example of insecure code (XSS) Feedly Summary: Comments AI Summary and Description: Yes Summary: The text highlights a critical security issue within Python’s documentation related to Cross-Site Scripting (XSS) vulnerabilities stemming from examples in the CGI module. This poses significant risks for web…

  • The Register: Microsoft Azure faceplants in Norway, taking government services with it

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/20/microsoft_azure_outage_norway/ Source: The Register Title: Microsoft Azure faceplants in Norway, taking government services with it Feedly Summary: Locals see red as public cloud’s service health dashboard shows green Norwegians fell victim to a prolonged Microsoft Azure outage today, which impacted businesses and took down multiple government websites delivering online services to citizens.… AI…

  • Hacker News: California bill would require bots to disclose that they are bots

    by

    Kurt Seifried
    in

    Source URL: https://www.veeto.app/bill/1955756 Source: Hacker News Title: California bill would require bots to disclose that they are bots Feedly Summary: Comments AI Summary and Description: Yes Summary: The legislation introduced by Assembly Member Wilson represents a significant shift in California’s regulation of automated online communications, requiring all bots to identify themselves, thus enhancing transparency around…

  • Microsoft Security Blog: Code injection attacks using publicly disclosed ASP.NET machine keys

    by

    Kurt Seifried
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2025/02/06/code-injection-attacks-using-publicly-disclosed-asp-net-machine-keys/ Source: Microsoft Security Blog Title: Code injection attacks using publicly disclosed ASP.NET machine keys Feedly Summary: Microsoft Threat Intelligence observed limited activity by an unattributed threat actor using a publicly available, static ASP.NET machine key to inject malicious code and deliver the Godzilla post-exploitation framework. In the course of investigating, remediating, and…

  • Bulletins: Vulnerability Summary for the Week of January 27, 2025

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/bulletins/sb25-034 Source: Bulletins Title: Vulnerability Summary for the Week of January 27, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 0xPolygonZero–plonky2  Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floor(num_routed_wires / 3) always…

  • Cisco Talos Blog: Talos IR trends Q4 2024: Web shell usage and exploitation of public-facing applications spike

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/talos-ir-trends-q4-2024/ Source: Cisco Talos Blog Title: Talos IR trends Q4 2024: Web shell usage and exploitation of public-facing applications spike Feedly Summary: This new report from Cisco Talos Incident Response explores how threat actors increasingly deployed web shells against vulnerable web applications, and exploited vulnerable or unpatched public-facing applications to gain initial access.…