When it's time to talk attacks, it's hard to get more evil than a technique that uses victims' own systems against them. Server-side request forgery (SSRF) is one of those evil attacks, and it's one ...

Microsoft recently patched three vulnerabilities in its Azure API Management service, two of which enabled server-side request forgery (SSRF) attacks that could have allowed hackers to access internal ...

Server-side request forgery (SSRF) attacks consist of an attacker tricking the server into making an unauthorized request. The name itself implies that a request that should have otherwise been made ...

Cisco Unified Communications Manager vulnerability CVE-2026-20230 allows unauthenticated attackers to gain root access via ...

Apple Pay has a slew of protective features that make it a secure method of online credit card transactions. And since 2016, third-party merchants and services have been able to embed Apple Pay into ...

One (CVE-2022-41040) is a is a Server-Side Request Forgery (SSRF) vulnerability, an exploit that allows attackers to make server-side application requests from an unintended location – for example, ...

WPScan and the United States Government National Vulnerability Database published a notice of a vulnerability discovered in the HubSpot WordPress plugin. The vulnerability exposes users of the plugin ...

Security firm Palo Alto Networks Inc. has uncovered a serious Server-Side vulnerability in Atlassian Corp. PLC’s Jira issue tracking product that exposes data stored using the product. The Server-Side ...

ESET researchers have discovered and analyzed a previously undocumented trojan that steals payment information from e-commerce websites' customers. The trojan, which we named IIStealer, is detected by ...

On Monday, a former Amazon employee was arrested and charged with stealing more than 100 million consumer applications for credit from Capital One. Since then, many have speculated the breach was ...