Grammarly is the unicorn company that announced its open bug bounty program last September. Since that time, many security researchers posted their submissions and got paid well. Some of Grammarly’s issues are also useful for others. Like the recent XSS, that also bypasses an AWS WAF. The recent XSS report is a bit different among others. First of all, it was submitted by Frans Rosen, one of the top HackerOne hackers. He is the 6th…
Most of the Wallarm e-commerce customers are running WAF protection with Brute-Force attacks protection functionality
The risks involved with the operatorAliases option in Sequelize, the popular library for DBMSs
Consul is a software first released in 2014 for DNS-based service discovery. It provides distributed key-value storage, segmentation, and configuration.…
New critical Apache Unomi exploit was released yesterday. As an official press release says: “Apache Unomi is the industry’s first…
In the latest version of Wallarm Node, we integrated a new attack detection engine that will work with a combination…
On July 14th, Emil Lerner found and explored new ways of HTTP desync/smuggling exploitation based on HTTP/2 request processing issues.…
This year is full of extraordinary events and cybersecurity domains are not an exception. Massive WebSocket vulnerabilities are not so…
An easy to use Cloud WAF and API protection package We are thrilled to announce the launch of the new…
In the recent post (https://lab.wallarm.com/340-weak-jwt-secrets-you-should-check-in-your-code/), we presented a wallarm/jwt-secrets GitHub repository with a 340 JSON Web Token secrets available publicly.…
This article explains how to exploit Oracle WebLogic for remote code execution by using valid credentials. It’s useful during black-box…
Subscribe for the latest news
Subscribe