Recently, Discord has issued a patch for a critical issue in the desktop version of their messaging app. This critical issue left users exposed to remote code execution (RCE) through the HTML iFrame used to preview links or videos shared in Discord. In a writeup published by bug bounty hunter Masato Kinugawa, a chain of exploits was created that allowed Kinugawa to inject and execute javascript inside the app itself. After reporting it to Discord, Kinugawa was awarded $5,000 USD for his find.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security