Reflected XSS at Philips.com. A full write-up; reflected XSS was… | by Jonathan Bouman
Proof of concept Are you aware of any (private) bug bounty programs? I would love to get an invite. Please get in touch with me:…
Month: April 2023
CISA orders agencies to patch Backup Exec bugs used by ransomware gang
On Friday, U.S. Cybersecurity and Infrastructure Security Agency (CISA) increased by five its list of security issues that threat actors have used in attacks, three…
BOUNTY THURSDAYS – LIVE #1 (SVG-XML/Redirects/OOB servers and Community Questions)
BOUNTY THURSDAYS – LIVE #1 (SVG-XML/Redirects/OOB servers and Community Questions) Source link
Applying Offensive Reverse Engineering to Facebook Gameroom
Late last year, I was invited to Facebook’s Bountycon event, which is an invitation-only application security conference with a live-hacking segment. Although participants could submit…
Meet Anthalon, fighting for freedom of the press
In today’s world, censorship and suppression of free speech are rampant in many parts of the globe. Governments and non-governmental organizations (NGOs) are constantly struggling…
Remotely Managing Hyper-V in a Workgroup Environment
A few weekends ago, I decided (because apparently I’m a masochist) that I was tired of the free version of ESXi running my home lab…
Massive Balada Injector campaign attacking WordPress sites since 2017
An estimated one million WordPress websites have been compromised during a long-lasting campaign that exploits “all known and recently discovered theme and plugin vulnerabilities” to…
How I could Steal Your Google Bug Hunter Account with Two Clicks in IE – Ron Chan
This post is another evidence to show how difficult to parse a URL correctly. IE has URL parsing problem, this idea is originated from Sergey Bobrov.…
Apple fixes two zero-days exploited to hack iPhones and Macs
Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads. “Apple is aware of…
No BS Guide – Better Subdomain Enumeration
No BS Guide – Better Subdomain Enumeration Source link
Exploit available for critical bug in VM2 JavaScript sandbox library
Proof-of-concept exploit code has been released for a recently disclosed critical vulnerability in the popular VM2 library, a JavaScript sandbox that is used by multiple software…
Hacker cats · rez0
A collection of AI-generated Hacker Cats If you want to see an image in full resolution, you can right click on the image and select…