Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library
Overview On August 24th, 2022, we reported a vulnerability to Netlify affecting their Next.js “netlify-ipx” repository which would allow an...
Read more →News Archive
View All →
ChiBrrCon 2020: Don’t Cross Me! Same Origin Policy and all the “cross” vulns
ChiBrrCon 2020: Don’t Cross Me! Same Origin Policy and all the “cross” vulns Source link
Read more →![[Google VRP] SSRF in Google Cloud Platform StackDriver – Ron Chan](https://cybernoz.com/wp-content/uploads/2023/03/Google-VRP-SSRF-in-Google-Cloud-Platform-StackDriver-–-Ron.png "[Google VRP] SSRF in Google Cloud Platform StackDriver – Ron Chan 4")
[Google VRP] SSRF in Google Cloud Platform StackDriver – Ron Chan
During the process of testing GAE after reading this awesome blog post, I found a debug application in Google Cloud...
Read more →
Week in review: Public MS Word RCE PoC, API exploitation, Patch Tuesday forecast
Microsoft to boost protection against malicious OneNote documentsMicrosoft has announced that, starting in April 2023, they will be adding enhanced...
Read more →
FROM 0 to $$$$ – MY BIGGEST BUG BOUNTY LEARNINGS!
FROM 0 to $$$$ – MY BIGGEST BUG BOUNTY LEARNINGS! Source link
Read more →
Unconscious Bias & Barriers Impact Neurodiverse Workforce
In an exclusive interview with The Cyber Express, Holly Foxcroft, Head of Neurodiversity in Cyber Research and Consulting, discussed neurodiversity...
Read more →
Bountycon2020 Presentation | Richard’s Infosec blog
I was recently invited to present at BountyCon 2020. This was supposed to early March in Singapore where flights and...
Read more →
IceFire Ransomware Attacks Both Windows and Linux
Recently, security analysts at SentinelOne got to know about an infamous IceFire ransomware that has been found attacking both Windows...
Read more →
How to Spend Time Well, A Framework · rez0
For a healthy person in a first world country, the number of things we could do is near infinite. And...
Read more →
Include This In Your Hacking Workflow by Continuous Monitoring with AuthoGraphQL (How-to guide)
Include This In Your Hacking Workflow by Continuous Monitoring with AuthoGraphQL (How-to guide) Source link
Read more →
Samesite by Default and What It Means for Bug Bounty Hunters
31 January 2020 You have probably heard of the SameSite attribute addition to HTTP cookies since Chrome 51 (and a...
Read more →
Exploiting a Blind SQL Injection via XSS – RCE Security
Introduction You probably have read about my recent swamp of CVEs affecting a WordPress plugin called Transposh Translation Filter, which...
Read more →