Threat Post

SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts

Researchers discovered the vulnerability in an API already integrated into many bank systems, which could have defrauded millions of users by giving attackers access to their funds. A server-side ...
Hosted on MSN

Researcher uncovers a critical SSRF vulnerability in ChatGPT’s Custom GPT

OpenAI’s large language model ChatGPT fixed a security flaw found earlier this week by a researcher within the “Actions” feature of Custom GPTs. Attackers could have exploited a Server-Side Request ...
Computer Weekly

SSRF attacks hit 100,000 businesses globally since November

Security teams are warned to be on the lookout for a growing wave of opportunistic and largely untargeted cyber attacks exploiting two related exploit chains to target Microsoft Exchange servers. This ...
CSOonline

Hackers target SSRF flaws to steal AWS credentials

In a new campaign, threat actors have been trying to access EC2 Instance Metadata, which consists of sensitive virtual server information like IP address, instance ID, and security credentials by ...
Dark Reading

Critical RCE Lexmark Printer Bug Has Public Exploit

A critical security vulnerability allowing remote code execution (RCE) affects more than 120 different Lexmark printer models, the manufacturer warned this week. And, there's proof of concept (PoC) ...
TechRepublic

The 10 vulnerabilities most commonly discovered by bug bounty hunters in 2020

The 10 vulnerabilities most commonly discovered by bug bounty hunters in 2020 Your email has been sent HackerOne's list was topped by cross-site scripting, and found improper access control and SSRF ...
SecurityWeek

Atlassian Patches Critical Apache Tika Flaw

Atlassian has released updates for Bamboo, Bitbucket, Confluence, Crowd, Fisheye/Crucible, and Jira to patch 29 ...