Reflected XSS at fotoservice.hema.nl | by Jonathan Bouman
Proof of concept. Above the browser. Below a private slack channel displaying the credentials. BackgroundReflected XSS bugs are great fun to find; they are everywhere…
Month: March 2023
Winter Vivern APT hackers use fake antivirus scans to install malware
An advanced hacking group named ‘Winter Vivern’ targets European government organizations and telecommunication service providers to conduct espionage. The group’s activities align with the interests…
US Federal Agency Hacked Using Telerik Vulnerability in IIS Server
As a result of a joint effort of the CISA, FBI, and MS-ISAC, a public advisory was published recently. This public advisory claims that between…
Rubrik customer, partner data exposed in possible Clop attack
Rubrik, a supplier of cloud data management and security services, has disclosed a data breach, possibly attributable to the Clop (aka Cl0p) ransomware operation, arising…
Loyola University Data Breach, Hackers Threaten to Leak Data
Peru-based Universidad San Ignacio de Loyola (USIL), also called St. Ignatius of Loyola University, has allegedly been breached. Hacker has claimed to have access to…
Open Sesame: Escalating Open Redirect to RCE With Electron Code Review | by Eugene Lim | The Startup
For better or worse, Node.js has rocketed up the developer popularity charts. Thanks to frameworks like React, React Native, and Electron, developers can easily build…
Microsoft support ‘cracks’ Windows for customer after activation fails
In an unexpected twist, a Microsoft support engineer resorted to running an unofficial ‘crack’ on a customer’s Windows PC after a genuine copy of the operating system…
Chains on Chains: Chaining multiple low-level vulns into a Critical. | by Daniel Marte
Hello! Hope all is well. I know it has been a while since my last writeup! Just a quick little introduction for those who do…
IT Sustainability Think Tank: How IT leaders can address the sustainability gap
There is no doubt that every business is a digital business today. Technology is the new normal and the next normal for companies of all…
Pornhub Removes Ad Recruiting Soldiers For Russian War
Soon after the Wagner Group advertisements recruiting soldiers for the Russian war on Pornhub went viral, the pornographic video-streaming website removed them from the platform.…
Call to Diligent Defenders of Cybersecurity
The Cybersecurity and Infrastructure Security Agency (CISA) is hiring cybersecurity experts, students, and enthusiasts to work towards a robust security workforce and continue its mission…
Week 3: Real Talk on Real Numbers | by d0nut | d0nut reads
A really fancy paint by numbers.. err, maybe it was a safari for finding different kinds of numbers? In continuation of the philosophical and foundational…