Firefox will upgrade more Mixed Content in Version 127
Most of the web already supports HTTPS: In fact, 93% of requests made by Firefox are already HTTPS. As a reminder, HTTP over TLS (HTTPS) fixes the security s...
Aggregating 6807 articles from trusted cybersecurity sources
Most of the web already supports HTTPS: In fact, 93% of requests made by Firefox are already HTTPS. As a reminder, HTTP over TLS (HTTPS) fixes the security s...
When you open a HTTP request or response, what do you instinctively look for? Suspicious parameter names?
Signed web tokens are widely used for stateless authentication and authorization throughout the web.
At Mozilla, we believe in an open web that is safe to use. To that end, we improve and maintain the security of people using Firefox around the world.
Have you ever found an HTTP desync vulnerability that seemed impossible to exploit due to its complicated constraints?
In this post we'll show you how to bypass CSP by using an often overlooked technique that can enable password theft in a seemingly secure configuration. What...
Welcome to the Top 10 Web Hacking Techniques of 2023, the 17th edition of our annual community-powered effort to identify the most innovative must-read web s...
In this post we'll show you how Java handles unicode escapes in source code strings in a way you might find surprising - and how you can abuse them to concea...
Update: The results are in!
Security research involves a lot of failure.
To provide transparency into our ongoing efforts to protect your privacy and security on the Internet, we are releasing a security audit of Mozilla VPN that ...
This is a gif of the exfiltration process (We've increased the speed so you're not waiting around for 1 minute). Read on to discover how this works.
A U.S.
FBI apprehends IRGC-linked cybercriminal, Russian hackers steal Signal backup keys, and unknown hackers breach the DHS information network.
Vercel breach happened after an employee used an unvetted AI tool. Attackers exploited it as a trusted link to access systems, steal data, and extort $2M.
Medical technology giant Medtronic is notifying more than 3.8 million individuals that their personal and medical information was compromised in a recent dat...
Hackers reportedly gained access to HSIN servers in late May and early June, potentially exposing sensitive but unclassified information.
Hackers gained access to Aflac Japan's systems between June 15 and June 25, stealing personal information from the company's policyholder portal.
A suspected Scattered Spider member has been extradited to the United States to face charges linked to cyberattacks against U.S.
Healthcare device firm Medtronic is notifying affected customers about a data breach that exposed their personal data to an unauthorized third party. [.
The controversy surfaced when former Huntress analyst Ben Folland alleged that a current employee disclosed law enforcement inquiries to Devman, a ransomware...
A complaint unsealed this week accuses a 19-year-old of participating in incidents including a breach of a "luxury-jewelry retailer" in 2025.
Intruder has announced the launch of its Free plan, providing security, IT, and DevOps teams ongoing access to professional-grade vulnerability management, c...
The Gentlemen ransomware group has emerged in 2026 as a highly adaptive and technically sophisticated ransomware-as-a-service (RaaS) operation targeting larg...