Dark Reading

SSRF 101: How Server-Side Request Forgery Sneaks Past Your Web Apps

When it's time to talk attacks, it's hard to get more evil than a technique that uses victims' own systems against them. Server-side request forgery (SSRF) is one of those evil attacks, and it's one ...
CSOonline

Azure API Management flaws highlight server-side request forgery risks in API development

Microsoft recently patched three vulnerabilities in its Azure API Management service, two of which enabled server-side request forgery (SSRF) attacks that could have allowed hackers to access internal ...
CSOonline

SSRF attacks explained and how to defend against them

Server-side request forgery (SSRF) attacks consist of an attacker tricking the server into making an unauthorized request. The name itself implies that a request that should have otherwise been made ...
Hosted on MSN

Researcher uncovers a critical SSRF vulnerability in ChatGPT’s Custom GPT

OpenAI’s large language model ChatGPT fixed a security flaw found earlier this week by a researcher within the “Actions” feature of Custom GPTs. Attackers could have exploited a Server-Side Request ...
Wired

How Apple Pay Buttons Can Make Websites Less Safe

Apple Pay has a slew of protective features that make it a secure method of online credit card transactions. And since 2016, third-party merchants and services have been able to embed Apple Pay into ...
Threat Post

Microsoft Azure Flaws Open Admin Servers to Takeover

Two flaws in Microsoft’s cloud-based Azure App Services could have allowed server-side forgery request (SSFR) and remote code-execution attacks. Researchers have disclosed two flaws in Microsoft’s ...
Krebs on Security

Tag Archives: server side request forgery

On Monday, a former Amazon employee was arrested and charged with stealing more than 100 million consumer applications for credit from Capital One. Since then, many have speculated the breach was ...