Rust 1.87.0 released
To commemorate the tenth anniversary of the 1.0 release
of the Rust language,
version\
1.87.0 was announced live today at the 10 Years of Rust
celebration in Utrecht, Netherlands. Notable changes
include the addition of anonymous pipes to the standard library and
the ability for inline assembly ( asm!) to jump to labeled
blocks within Rust code. ⌘ Read more
[47°09′13″S, 126°43′49″W] Reading: 1.48 Sv
Security updates for Thursday
Security updates have been issued by Debian (open-vm-tools), Fedora (dnsdist), Gentoo (Node.js and Tracker miners), Red Hat (kernel and xdg-utils), SUSE (audiofile, go1.22-openssl, go1.24, grub2, kernel-devel, openssl-1_1, openssl-3, and python311-Django), and Ubuntu (ruby-rack). ⌘ Read more
** Blog Title: Not Your File: How Misconfigured MIME Types Let Me Upload Evil Scripts **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/blog-title-not-your … ⌘ Read more
☕Best Tool for Analyzing Java Files (90% of Hackers Don’t Know This)
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/best-tool-for-analyzing-java-files-90-of-hackers-dont-know-this- … ⌘ Read more
Expose & Explore: Discover misconfigured service protocols and ports using Linux
Internet Assigned Numbers Authority (IANA) is the organisation responsible for managing and assigning port number … ⌘ Read more
Hacking With No Tools: How to Break Web Apps Using Just Your Browser ️♂️
Hacking With No Tools: How to Break Web Apps Using Just Your Browser 🕵️♂️
[Continue reading on In … ⌘ Read more
Breaking In Through the Backdoor: Password Reset Gone Wrong
Imagine being able to take over any user’s account on a platform — even without their interaction. No phishing, no social engineering, and…
[Continue reading on InfoSec Wr … ⌘ Read more
從 Go 路由選擇看 “標準庫優先”:何時堅守?何時拓展?
大家好,我是 Tony Bai。最近,知名 Go 博主 Alex Edwards 更新了他那篇廣受歡迎的文章——“Which Go router should I use?1]”,特別提到了 [Go 1.22 版本對標準庫 http.ServeMux 的顯著增強。這篇文章再次引發了我們對 Go Web 開發中一個經典問題的思考:在選擇路由庫時,我們應該堅守標準庫,還是擁抱功能更豐富的第三方庫?這個 ⌘ Read more
從 Go 路由選擇看 “標準庫優先”:何時堅守?何時拓展?
大家好,我是 Tony Bai。最近,知名 Go 博主 Alex Edwards 更新了他那篇廣受歡迎的文章——“Which Go router should I use?1]”,特別提到了 [Go 1.22 版本對標準庫 http.ServeMux 的顯著增強。這篇文章再次引發了我們對 Go Web 開發中一個經典問題的思考:在選擇路由庫時,我們應該堅守標準庫,還是擁抱功能更豐富的第三方庫?這個 ⌘ Read more
🧮 USERS:1 FEEDS:2 TWTS:1341 ARCHIVED:87099 CACHE:2794 FOLLOWERS:22 FOLLOWING:14
Podman 5.5.0 released
Version\
5.5.0 of the Podman container-management tool has been
released. Notable features include the addition of a podman machine cp command to copy files into a running Podman\
VM, a podman artifact extract command to copy
contents of an OCI\
artifact to disk, and a --mount=artifa ... ⌘ [Read more](https://lwn.net/Articles/1021217/)
Announcing Kyverno Release 1.14!
TL;DR We are excited to announce the release of Kyverno 1.14.0, marking a significant milestone in our journey to make policy management in Kubernetes more modular, streamlined, and powerful. This release introduces two new policy types… ⌘ Read more
↳
In-reply-to
»
@bender Basically the way I'm reading this is
⤋ Read More
1 RPM. This is a rather aggressive rate limit actually. This basically makes Github inaccessible and useless for basically anything unless you're logged in. You can basically kiss "pursuing" casually, anonymously goodbye.
@bender@twtxt.net 5, 4, 3, 2, 1 🤣
↳
In-reply-to
»
RIP GitHub https://github.blog/changelog/2025-05-08-updated-rate-limits-for-unauthenticated-requests/
⤋ Read More
@bender@twtxt.net Basically the way I’m reading this is 1 RPM. This is a rather aggressive rate limit actually. This basically makes Github inaccessible and useless for basically anything unless you’re logged in. You can basically kiss “pursuing” casually, anonymously goodbye.
Imagine if I imposed that kind of rate limit on twtxt.net?! 🤣
Security updates for Wednesday
Security updates have been issued by AlmaLinux (emacs, firefox, gnutls, java-17-openjdk, java-21-openjdk, osbuild-composer, python39:3.9, and thunderbird), Arch Linux (screen), Debian (varnish), Fedora (chromium), Gentoo (Atop, FreeType, and Spidermonkey), Mageia (java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk and postgresql15, postgresql13), Oracle (389-ds-base, emacs, firefox, kernel, libsoup, libtiff, mod_auth_openidc:2.3, nodejs:20, nodejs:22, … ⌘ Read more
HAProxy 實現 MySQL 的負載均衡
使用 HAProxy 實現 MySQL 的負載均衡:1、DS 服務器、負載均衡服務器停掉 LVS 負載均衡的配置:[root@server04 ]# ./lvsdrdsmysql.sh stop[root@server04 ]#[root@server04 ~]# ipvsadm -LnIP Virtual Server version 1.2.1 (size=4096)Prot LocalA ⌘ Read more
** JWT Exploitation: How I Forged Tokens and Took Over Accounts**
🔐Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/jwt-exploitation-how-i-forged-tokens-and-took-over-accounts-2e7ab1cf4df8?sour … ⌘ Read more
How I Found a Way to Prolong Password Reset Code Expiry
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-a-way-to-prolong-password-reset-code-expiry-6214391023de?source=rss—-7b7 … ⌘ Read more
How I Deleted Any User’s Account— No Interaction Needed
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-deleted-any-users-account-no-interaction-needed-faae0442ff4f?source=rss—-7b722bfd1 … ⌘ Read more
**Forget Me Not: How Broken Logout Functionality Let Me Ride Sessions Forever **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/forget-me-not-how-broken-logout-function … ⌘ Read more
🧮 USERS:1 FEEDS:2 TWTS:1340 ARCHIVED:87069 CACHE:2784 FOLLOWERS:22 FOLLOWING:14
[47°09′09″S, 126°43′53″W] Reading: 1.45 Sv
1 year without my baby. Miss him every day ⌘ Read more
Security updates for Tuesday
Security updates have been issued by Debian (libeconf and rubygems), Fedora (libxmp), Gentoo (glibc), Oracle (java-1.8.0-openjdk, kernel, libxslt, and virtuoso-opensource), SUSE (augeas, git-lfs, kanidm, and tomcat10), and Ubuntu (linux-lts-xenial). ⌘ Read more
$256 Bounty : XSS via Web Cache Poisoning in Discourse
How Injecting Headers and Poisoning Cache Led to Stored Cross-Site Scripting
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/256-bounty-xss-via-web-cache-poisoning-in-d … ⌘ Read more
The Human Firewall: Why Your Employees Are Both Your Greatest Vulnerability and Asset
In the high-stakes world of cybersecurity, organizations invest millions in sophisticated technologic … ⌘ Read more
DCShadow Attacks: Subverting Active Directory Replication for Stealthy Persistence
Technique that allows adversaries to manipulate directory data by simulating the behavior of a legitimate Doma … ⌘ Read more
Part 1: How to Become a Pentester in 2025: Free & Affordable Online Labs ⌘ Read more
** How Hackers Bypass Login Pages with SQL, Logic Flaws, and Headers **
Welcome to the underworld of cybersecurity! 🌐 In this blog, we dive deep into how hackers bypass login pages — the digital gatekeepers of…
[Continue rea … ⌘ Read more
SameSite? SameMess: How I Bypassed Cookie Protections to Hijack Sessions ️♂️
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/samesi … ⌘ Read more
iPhone Shipments Crash 50% in China as Local Brands Dominate
Foreign-branded smartphone shipments in China, dominated by Apple’s iPhone, dropped dramatically in March 2025, plunging 49.6% year-over-year according to data released by The China Academy of Information and Communications Technology (CAICT).
The steep decline saw shipments fall to just 1.89 million units, down from 3.75 million during the … ⌘ Read more
🧮 USERS:1 FEEDS:2 TWTS:1339 ARCHIVED:87053 CACHE:2780 FOLLOWERS:22 FOLLOWING:14
Master CRLF Injection: The Underrated Bug with Dangerous Potential
Learn how attackers exploit CRLF Injection to manipulate HTTP responses, hijack headers and unlock hidden vulnerabilities in modern web…
[Continue rea … ⌘ Read more
↳
In-reply-to
»
Sometimes things go wrong when buying CDs second-hand. I bought an album quite cheap – but as it turned out, they only checked the cover, not the content, so I got something else instead which is actually much more expensive. 🤣
⤋ Read More
The album I got by accident is starting to grow on me. Not that bad. 🤔 It’s Dredg – El Cielo, btw: https://www.youtube.com/watch?v=e4JB8rmXaO8&list=PLRASiMqDV8psZSFQi7nUX4p0R8oRHbUy_&index=1
Compress-a-thon — CSP Bypass via Redirection — Pentathon 2025
Compress-a-thon is a “web exploitation” challenge that was featured in Pentathon 2025 Finale Jeopardy CTF Round. This challenge involved…
[Continue reading on InfoSec Write-ups »](https://inf … ⌘ Read more
SSRF via PDF Generator? Yes, and It Led to EC2 Metadata Access
👨💻Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ssrf-via-pdf-generator-yes-and-it-led-to-ec2-metadata-access-39b8e5b41840 … ⌘ Read more
**The Hidden Language: Exploiting GraphQL for Unauthorized Data Dump **
Free Link🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-hidden-language-exploiting-graphql-for-unauthorized-data-dump-8 … ⌘ Read more
Bug Hunting in JS Files: Tricks, Tools, and Real-World POCs
✅Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-in-js-files-tricks-tools-and-real-world-pocs-b4d43dd41d8e?source=rss—-7 … ⌘ Read more
**Top 5 Easiest Bugs for Beginners in Bug Bounty **
Top 5 Easiest Bugs for Beginners in Bug Bounty 🐞
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/top-5-easiest-bugs-for-beginners-in-bug-bounty-45dd81c49e03?source=rss—-7b722bfd1b8d- … ⌘ Read more
$10,000 Bounty: HackerOne Report Comments Leak via “Export as .zip”
How a new export feature unintentionally exposed private discussions in limited disclosure reports
[Continue reading on InfoSec Write-ups »](https://infose … ⌘ Read more
Understanding Stealer Logs and Their Role in Security Testing — Part 1 ⌘ Read more
API Key Exposure in NASA GitHub Repository Leads to Unauthorized Access to Academic Data
🔓Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteu … ⌘ Read more
Subdomain Takeover: My $450 Win & How You Can Do It Too
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/subdomain-takeover-my-450-win-how-you-can-do-it-too-3337ca0513b6?source=rss—-7b722 … ⌘ Read more
Hidden HackerOne & Bugcrowd Programs: How to Get Private Invites
“Private programs are where the real gold lies… but no one tells you how to get there. Let me break it down for you — with secrets most…
[Continue reading on In … ⌘ Read more
🧮 USERS:1 FEEDS:2 TWTS:1338 ARCHIVED:87031 CACHE:2786 FOLLOWERS:22 FOLLOWING:14
Powerbeats Pro 2 Available for Lowest Ever Price of $199.95, Plus Beats Pill at $99.95 and More
Amazon this weekend is discounting a collection of Beats headphones and speakers, including an all-time low price on the Powerbeats Pro 2. You can get this new 2025 model for $199.95 in all four colors, down from $249.99.
, Fedora (thunderbird), Mageia (firefox and thunderbird), SUSE (389-ds, apparmor, cargo-c, chromium, go1.24, govulncheck-vulndb, java-1_8_0-openjdk, kanidm, libsoup, mozjs102, openssl-1_1, openssl-3, python-Django, sccache, tealdeer, tomcat, transfig, wasm-bindgen, and wireshark), and Ubuntu (libreoffice and python-h11). ⌘ Read more
[47°09′23″S, 126°43′05″W] Reading: 1.10000 PPM
golang 每日一庫之依賴注入庫 samber-do
do 是 Go 語言中一個輕量級的依賴注入(Dependency Injection, DI)容器,由 samber 開發。它基於 Go 1.18+ 泛型實現,爲 Go 提供了一個類型安全的 DI 方案。do 庫的設計理念是簡化服務組件之間的依賴管理,取代手工創建依賴關係的繁瑣工作,使不同組件之間鬆散耦合、更易測試與維護。與反射型 DI 框架不同,do 在註冊和解析依賴時不使用反射,因此性能開銷很 ⌘ Read more
golang 每日一庫之依賴注入庫 samber-do
do 是 Go 語言中一個輕量級的依賴注入(Dependency Injection, DI)容器,由 samber 開發。它基於 Go 1.18+ 泛型實現,爲 Go 提供了一個類型安全的 DI 方案。do 庫的設計理念是簡化服務組件之間的依賴管理,取代手工創建依賴關係的繁瑣工作,使不同組件之間鬆散耦合、更易測試與維護。與反射型 DI 框架不同,do 在註冊和解析依賴時不使用反射,因此性能開銷很 ⌘ Read more
MCP 超強源碼解讀!Streamable HTTP 如何實現服務端向客戶端通信
在最新的 Model Context Protocol(MCP,模型上下文協議)版本(2025-03-26)[1] 中引入了 Streamable HTTP 的通信方式,取代了舊版本中的 SSE 通信方式,成爲了新的遠程 MCP 調用標準。Streamable HTTP 通信下的 client 向 server 的請求不需要像之前必須保持 SSE 的長連接,而是通過 client 發起 HTTP ⌘ Read more
Go 1-24 震撼發佈!這些新特性你必須知道!
一、工具鏈重大升級 🛠️————-更智能的模塊校驗機制 新版本引入了 verify 命令go mod verify -json通過結構化輸出模塊校驗結果,完美解決了開發者在持續集成(CI)流程中解析校驗結果的痛點。舊版本只能獲得簡單提示$ go mod verifyall modules verified新版本結構化輸出$ go mod verify -json{ ”Pat ⌘ Read more
Go 1-24 震撼發佈!這些新特性你必須知道!
一、工具鏈重大升級 🛠️————-更智能的模塊校驗機制 新版本引入了 verify 命令go mod verify -json通過結構化輸出模塊校驗結果,完美解決了開發者在持續集成(CI)流程中解析校驗結果的痛點。舊版本只能獲得簡單提示$ go mod verifyall modules verified新版本結構化輸出$ go mod verify -json{ ”Pat ⌘ Read more
UUIDs: A False Sense Of Security
Hi Hunters, would you like to learn about a broken access control vulnerability that I discovered recently for a client.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/uuids-a-false-sense-of-security-10467497daae?source=rss—-7b7 … ⌘ Read more
$50,000 Bounty: GitHub Access Token
How a hidden token in a desktop app could have compromised one of the world’s biggest e-commerce platforms
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/50-000-bounty-github-access-token-c29cb6f00182?source=rss—-7b722bf … ⌘ Read more
️Recon Automation Like a Pro: My 5-Stage System to Catch More Bugs
✅Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/%EF%B8%8Frecon-automation-like-a-pro-my-5-sta … ⌘ Read more
Top 10 Ways Hackers Exploit Web Applications (and How to Prevent Them)
Hackers don’t wait for big websites. They look for easy mistakes. Let’s fix them before they find yours.
[Continue reading on InfoSec Write- … ⌘ Read more
HACK-ERA CTF — Phase 1 Walkthrough ⌘ Read more
$840 Bounty: How I Stole OAuth Tokens from Twitter
A critical OAuth misconfiguration allowed stealing tokens with just a click
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/840-bounty-how-i-stole-oauth-tokens-from-twitter-733f8 … ⌘ Read more
Bluetooth 6.1 Update Set to Improve Privacy, Battery Life of iPhone Accessories
The Bluetooth Special Interest Group (SIG) has released Bluetooth 6.1 as part of its new bi-annual update schedule. The update introduces Randomized Resolvable Private Address (RPA), a feature designed to enhance both privacy and power efficiency.
 && iTerm2(cask): CursorShape for Insert Mode - How? ⌘ Read more
Is there any way to retain vim 7.4 search setting while using vim 9.1? ⌘ Read more
[$] LWN.net Weekly Edition for May 8, 2025
Inside this week’s LWN.net Weekly Edition:
Front: Debian and essential packages; Custom BPF OOM killers; Speculation barriers for BPF programs; More LSFMM+BPF 2025 coverage.
Briefs: Deepin on openSUSE; AUTOSEL; Mission Center 1.0.0; OASIS ODF; Redis license; USENIX ATC; Quotes; …
Announcements: Newsletters, conferences, security updates, patches, and more. ⌘ Read more
Bug Hunting in JS Files: Tricks, Tools, and Real-World POCs
🗝️Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-in-js-files-tricks-tools-and-real-world-pocs-70406e3eb72e?source=rss—-7 … ⌘ Read more
A Guide to SQL Injection Attacks: Hackers Don’t Want You to Know This!
Imagine your website as a big toy box filled with treasures — like user info, passwords, or blog posts — and you’ve got a robot helper…
[Contin … ⌘ Read more
$100 Bounty: How a Spoofed Email Could Change Any Username on HackerOne
A simple email spoofing trick could let anyone hijack your HackerOne username and profile link
[Continue reading on InfoSec Write-ups »] … ⌘ Read more
️♂️ Unlisted but Not Unseen: How I Found the Admin Panel in a JavaScript Comment
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteu … ⌘ Read more
Mastering Linux Part 3: A Beginner’s Guide to APT and YUM Package Management
A Beginner’s Guide to APT and YUM Package Management
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com … ⌘ Read more
🧮 USERS:1 FEEDS:2 TWTS:1334 ARCHIVED:86974 CACHE:2839 FOLLOWERS:22 FOLLOWING:14
Security updates for Wednesday
Security updates have been issued by Fedora (incus and nodejs20), Red Hat (freetype, kernel, kernel-rt, libsoup, libtiff, redis, redis:6, and thunderbird), SUSE (apparmor, chromium, grafana, ImageMagick, java-11-openjdk, java-17-openjdk, libsoup, libsoup2, libxslt, opensaml, rabbitmq-server, rubygem-rack-1_6, sqlite3, and thunderbird), and Ubuntu (kernel, libfcgi, libraw, libsoup2.4, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ib … ⌘ Read more
Step 1: Show belly. Step 2: Bite the fool. ⌘ Read more
How to setup a Monthly Free VPS for Bug Hunting
In this article, I explained how to setup and use (GitHub CodeSpaces) for bug hunting
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-setup-a-monthly-free-vps-for-bug-hunting-d4 … ⌘ Read more
Revisiting the Past, Hacking the Future
From Invalid Reports to Real Vulnerabilities: The Path to Growth in Hacking
A Penetration Tester’s Journey
Part 4 of “Beginner to Master in Linux” — A Penetration Tester’s Journey
AI Agents Unleashed: The Rise of Autonomous Systems Transforming Industries
The emergence of AI agents signifies a transformative shift in generative AI, evolving from simple chatbots to sophisticated … ⌘ Read more
Is Your App Protected? The Branch API Vulnerability You Need to Know About
$fallback_url is a helpful feature in Branch’s deep linking system — until someone uses it to redirect your users to phishing … ⌘ Read more
A Must-Have Tool for Bug Hunters: Find Open Redirect Vulnerabilities on Linux
Automate open redirection detection, save hours of manual testing, and level up your bug bounty recon game.
[Continue … ⌘ Read more