When it's time to talk attacks, it's hard to get more evil than a technique that uses victims' own systems against them. Server-side request forgery (SSRF) is one of those evil attacks, and it's one ...

Server-side request forgery (SSRF) attacks consist of an attacker tricking the server into making an unauthorized request. The name itself implies that a request that should have otherwise been made ...

Varonis found a way to chain three bugs into one exploit that can lead to data exfiltration.

Microsoft recently patched three vulnerabilities in its Azure API Management service, two of which enabled server-side request forgery (SSRF) attacks that could have allowed hackers to access internal ...

Microsoft has fixed vulnerabilities in four separate services of its Azure cloud platform, two of which could have allowed attackers to perform a server-side request forgery (SSRF) attack — and thus ...

Cisco Unified Communications Manager vulnerability CVE-2026-20230 allows unauthenticated attackers to gain root access via SSRF and arbitrary file writes. Working proof-of-concept exploit code is ...

Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices. The ...

Researchers discovered the vulnerability in an API already integrated into many bank systems, which could have defrauded millions of users by giving attackers access to their funds. A server-side ...

Cisco warns of public PoC targeting CVE-2026-20230, a high-severity SSRF vulnerability in Unified CM and Unified CM SME.