CSOonline

SSRF attacks explained and how to defend against them

Server-side request forgery (SSRF) attacks consist of an attacker tricking the server into making an unauthorized request. The name itself implies that a request that should have otherwise been made ...
Threat Post

SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts

Researchers discovered the vulnerability in an API already integrated into many bank systems, which could have defrauded millions of users by giving attackers access to their funds. A server-side ...
Hosted on MSN

Researcher uncovers a critical SSRF vulnerability in ChatGPT’s Custom GPT

OpenAI’s large language model ChatGPT fixed a security flaw found earlier this week by a researcher within the “Actions” feature of Custom GPTs. Attackers could have exploited a Server-Side Request ...
Dark Reading

Microsoft Patches 4 SSRF Flaws in Separate Azure Cloud Services

Microsoft has fixed vulnerabilities in four separate services of its Azure cloud platform, two of which could have allowed attackers to perform a server-side request forgery (SSRF) attack — and thus ...
Computer Weekly

SSRF attacks hit 100,000 businesses globally since November

Security teams are warned to be on the lookout for a growing wave of opportunistic and largely untargeted cyber attacks exploiting two related exploit chains to target Microsoft Exchange servers. This ...
CSOonline

Hackers target SSRF flaws to steal AWS credentials

In a new campaign, threat actors have been trying to access EC2 Instance Metadata, which consists of sensitive virtual server information like IP address, instance ID, and security credentials by ...
Dark Reading

Ransomware Attackers Bypass Microsoft's ProxyNotShell Mitigations With Fresh Exploit

The operators of a ransomware strain called Play have developed a new exploit chain for a critical remote code execution (RCE) vulnerability in Exchange Server that Microsoft patched in November. The ...