Security

CVE-2025-29927

how to gain code execution on millions of people and hundreds of popular apps

Senior executives are starting to realise that potential data breaches and other digital threats are strategic issues

Cross-site scripting (XSS) remains one of the most prevalent vulnerabilities on the web. The new standardized Sanitizer API provides a straightforward way for web developers to sanitize untrusted HTML before inserting it into the DOM. Firefox 148 is the first browser to ship this standardized security enhancing API, advancing a safer web for everyone. We expect other browsers to follow soon.

A DDoS attack attempts to overwhelm a targeted server. Learn about some of the biggest DDoS attacks ever, along with famous DDoS attacks from the past.

For the first time in bug bounty history, an autonomous penetration tester has reached the top spot on the US leaderboard.

MCP Servers Are the New APIs — And We’re Making the Same Security Mistakes Lessons from a decade of API security failures — applied to the MCP ecosystem Remember when REST APIs first exploded …

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

OpenAI Privacy Filter is an open-weight model for detecting and redacting personally identifiable information (PII) in text with state-of-the-art accuracy

Recent advances in quantum hardware and software have accelerated the timeline on which quantum attack might happen. Cloudflare is responding by moving our target for full post-quantum security to 2029.

The AI Security Platform that catches vulnerabilities in development. Trusted by 127 of the Fortune 500 and 300,000+ developers worldwide.

Feature: SCION: Proven in banking and healthcare, slow to spread everywhere else

Perform code reviews following Sentry engineering practices. Use when reviewing pull requests, examining code changes, or providing feedback on code quality. Covers security, performance, testing, and design review.

Industrial management platform for Firehound-Go scans.

Learn how to secure your Coolify installation with CrowdSec - a community-driven intelligent threat detection system that provides advanced protection against attacks with CAPTCHA challenges and real-time notifications.

Imagine… Last night, lightning struck our house and burned it down. I escaped wearing only my nightclothes. In an instant, everything was vaporised. Laptop? Cinders. Phone? Ashes. Home server? A smouldering wreck. Yubikey? A charred chunk of gristle. This presents something of a problem. In order to recover my digital life, I need to be able to log in to things. This means I need to know my u…

OpenSSF Working Group on Securing Software Repositories

GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing.

The Invicti SQL Injection Cheat Sheet is the definitive resource for payloads and technical details about exploiting many different variants of SQLi vulnerabilities.

In this series we will be showing step by step examples of common attacks. We will start off with an example of exploiting SQL Injection - a basic SQL injection exploitation of a web application and then privilege escalation to O.S root.

In this section, we explain: What SQL injection (SQLi) is. How to find and exploit different types of SQLi vulnerabilities. How to prevent SQLi. Labs If ...

Application level Denial of Service attacks are designed to render systems unresponsive, denying the services for users. They are notoriously difficult to detect & prevent, & often underestimated. This comprehensive guide explains how to identify and remove the conditions necessary for DoS attacks.

Defending against distributed denial of service (DDoS) attacks – ITSM.80.110

We'll cover preventing Broken Access Control in your code in this article. Also, check out The Diligent Developer Chronicles for training your team.

In this section, we describe: Privilege escalation. The types of vulnerabilities that can arise with access control. How to prevent access control ...

Dive into online security with a closer look at authentication and authorization. This article unravels how these key processes verify your identity and

An authorization library that supports access control models like ACL, RBAC, ABAC, ReBAC, BLP, Biba, LBAC, UCON, Priority, RESTful for Golang, Java, C/C++, Node.js, Javascript, PHP, Laravel, Python, .NET (C#), Delphi, Rust, Ruby, Swift (Objective-C), Lua (OpenResty), Dart (Flutter) and Elixir

Common Weakness Enumeration (CWE) is a list of software and hardware weaknesses.

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis