** How to Turn Cybersecurity Into a Full-Time Income (My Blueprint)**
💡Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-turn-cybersecurity-into-a-full-time-income-my-blueprint-f4d70 … ⌘ Read more
The Hacker’s Library: Uncovering the Best Books ⌘ Read more
** Rack::Static Vulnerability Exposes Ruby Servers to Data Breaches! **
Hold onto your keyboards, Ruby developers! 😱 A critical security flaw in the Rack::Static middleware has been uncovered, potentially…
[Continue reading on InfoS … ⌘ Read more
How useful are portable battery power stations for the home?
Similar to mains power you can take with you, and able to be topped up by solar, battery stations are a new option when it comes to camping power or household back-up. ⌘ Read more
⏱️ There were no visible errors, no hints… only the server’s hesitation told me the truth.
It didn’t scream. It whispered… and I heard it.
[Continue reading on I … ⌘ Read more
**Path Traversal Attack: How I Accessed Admin Secrets **
Path Traversal Attack: How I Accessed Admin Secrets 📂
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/path-traversal-attack-how-i-accessed-admin-secrets-fa5de1865031?source … ⌘ Read more
Top 5 Open Source Tools to Scan Your Code for Vulnerabilities
These tools help you find security flaws in your code before attackers do.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/top-5-open-source-tools-to-s … ⌘ Read more
@andros@twtxt.andros.dev One thing I really liked about the hacker news rss feeds is the link to the comments. Reckon you can add that to the feed? 🤔
@prologic@twtxt.net
I think it is mature enough now: https://isah-twtxt.andros.dev
If anyone is interested in transforming an RSS feed to twtxt using n8n, send me a DM 😜
Administrator | HackTheBox ⌘ Read more
**The Fastest Way to Learn Web Hacking in 2025 (With Free Resources) **
🔓Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-fastest-way-to-learn-web-hacking-in-2025-with-free-resourc … ⌘ Read more
Hidden Tricks to Spot Phishing Emails Before They Trick You!
Phishing emails are like traps set by cybercriminals to trick you into sharing personal details, clicking dangerous links, or downloading…
[Continue reading on InfoSec Write-ups … ⌘ Read more
** Hostile Host Headers: How I Hijacked the App with One Sneaky Header **
Hey there!😊
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/hostile-host-headers-how-i-hijacked-the-app-with-one-sneaky-hea … ⌘ Read more
Unrestricted Access to All User Information | REST API Oversharing ⌘ Read more
GitLab CI for Python Developers: A Complete Guide
Automating Testing, Linting, and Deployment for Python projects using GitLab CI/CD
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/gitlab-ci-for-python-developers-a-complete-guide-83794cb91 … ⌘ Read more
** How I discovered a hidden user thanks to server responses ?**
My first real step into web hacking and it wasn’t what i thought it would be.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-discovered-a-hidde … ⌘ Read more
PNPT Exam Review — 2025 ⌘ Read more
How to Build a Threat Detection Pipeline from Scratch (Like a Cyber Ninja!)
Hey, cyber fam! Have you ever asked yourself:
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-build-a-threat … ⌘ Read more
Nothing changed… except for one detail. And that was enough to hack
Sometimes, hacking doesn’t require any exploit… just good observation.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/nothing-c … ⌘ Read more
Email Verification Bypass during Account Creation | Insecure Design ⌘ Read more
How to Create a Botnet Using One Tool: A Proof of Concept for Educational Purposes Aspiring…
Learn how attackers build and control botnets — safely and ethically — using … ⌘ Read more
**Burp, Bounce, and Break: How Web Cache Poisoning Let Me Control the App **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/burp-bounce-and-break-how-web-cache-poisoning-let-me-con … ⌘ Read more
OWASP Juice Shop | Part 2 — Bully Chatbot ⌘ Read more
OWASP Juice Shop | Part 1 — ScoreBoard Solution — StrawHat Hackers ⌘ Read more
How to Set Up a Honeypot for Your Apache2 Server ⌘ Read more
The Nintendo Switch 2 is $700, are video games getting more expensive?
High-end games and systems are more popular than ever, but what about their price tags? ⌘ Read more
I Lost $3,750 in 30 Seconds — The ATO Bug 99% of Hackers Miss (Here’s How to Avoid It)
The 1 Burp Suite Mistake That Cost Me $3,750 — Fix It in 30 Seconds
[Continue reading on InfoSec Writ … ⌘ Read more
SOC L1 Alert Reporting : Step-by-Step Walkthrough | Tryhackme
As a SOC analyst, it is important to detect high-severity logs and handle them to protect against disasters. A SOC analyst plays the…
[Continue reading on InfoSec Write-ups … ⌘ Read more
**404 to 0wnage: How a Broken Link Led Me to Admin Panel Access **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/404-to-0wnage-how-a-broken-link-led-me-to-admin-panel-access-2b58e1fffaa3?source=r … ⌘ Read more
How to Start Bug Bounty in 2025 (No Experience, No Problem)
✅Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-start-bug-bounty-in-2025-no-experience-no-problem-89adc68da592?source=rss—-7b … ⌘ Read more
️ Hacking and Securing Kubernetes: A Deep Dive into Cluster Security
Disclaimer: This document is for educational purposes only. Exploiting systems without authorization is illegal and punishable by … ⌘ Read more
↳
In-reply-to
»
Btw @andros ; The automated feed you put together for Hacker News... Does it at any point rewrite parts of the feed as it goes along? 🤔 I've had to unfollow it because I've found in practise it makes a twt, then seems to modify that same twt (observed by content manually) at least twice. This ends up becoming effectively an "Edit" and essentially duplicate (looking) posts 😢
⤋ Read More
@prologic@twtxt.net @andros@twtxt.andros.dev You can delete these feeds (created by me):
https://feeds.twtxt.net/project26/twtxt.txt
https://lor.sh/@Katze_942.rss <- i’m added him but can’t find file
the only rss i follow is https://feeds.twtxt.net/posts-from-atdarkcat09atdc09-ru/twtxt.txt
Blizzard developers reflect on 30 years of Warcraft
Blizzard game developers Darren Williams and Ely Cannon sit down with 9News.com.au to reflect on 30 years of Warcraft. ⌘ Read more
️ Free TryHackMe Jr Penetration Tester Roadmap with Resources and Labs
A free, TryHackMe-inspired roadmap with resources and labs to kickstart your penetration testing journey.
[Continue read … ⌘ Read more
5 Tools I Wish I Knew When I Started Hacking ⌘ Read more
Black Basta Leak Analysis ⌘ Read more
I Clicked a Random Button in Google Slides — Then Google Paid Me $2,240
The strange trick that exposed a hidden security flaw (and how you can find bugs like this too).
[Continue reading on InfoSec Write-ups »](https://in … ⌘ Read more
Lab: Exploiting an API endpoint using documentation
We will solve this lab based on the API documentation exposed to delete Carlos’s user.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lab-exploiting-an-api-endpoint-using-d … ⌘ Read more
** HTTP Parameter Pollution: The Dirty Little Secret That Gave Me Full Backend Access ️**
Free Link🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.co … ⌘ Read more
Chaining Bugs Like a Hacker: IDOR to Account Takeover in 10 Minutes
🚀Free Article Link…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/chaining-bugs-like-a-hacker-idor-to-account-takeover-in-1 … ⌘ Read more
Reflected XSS using Bookmark ⌘ Read more
Exposed Secrets in JavaScript Files
🔥Free Article https://medium.com/@Abhijeet_kumawat_/exposed-secrets-in-javascript-files-430a76834952?sk=ffd9ca6c8ede38ac77dcb68a507b9299
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/exposed-secrets-in-javascript-fi … ⌘ Read more
**How I Hijacked OAuth Tokens Through a Parallel Auth Flow Race Condition — $8500 P1 Bug Bounty ** ⌘ Read more
BL!ND.exe || Breaching Databases in Total Silence ⌘ Read more
Time-Based Blind SQL Injection: “Hack the Clock” ⌘ Read more
Wazuh Installation & Configuration: A Step-by-Step Tutorial
Hello, my digital adventurers! In this article, I will provide you with a step-by-step guide for installing and configuring the Wazuh…
[Continue reading on InfoSec Write-ups » … ⌘ Read more
**CORSplay of the Century: How I Hijacked APIs with One Misconfigured Header **
Free Link🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/corsplay-of-the-century-how-i-hijacked-apis- … ⌘ Read more
**Bypassing Like a Pro: How I Fooled the WAF and Made It Pay **
Hi there!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bypassing-like-a-pro-how-i-fooled-the-waf-and-made-it-pay-e433193e1d9d?source=rss—-7b722bf … ⌘ Read more
WAF Bypass Masterclass: Using SQLMap with Proxychains and Tamper Scripts Against Cloudflare &…
A hands-on guide to understanding and testing WAF evasion techniques usin … ⌘ Read more
Burp Suite Beyond Basics: Hidden Features That Save Time and Find More Bugs
📌Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/burp-suite-beyond-basics-hidden-f … ⌘ Read more
Obfuscation Isn’t a Fix, And It Cost Them $2,500 — A Real-World Case Study ⌘ Read more
ResolverRAT: A Sophisticated Threat Targeting Healthcare and Pharma
he healthcare and pharmaceutical sectors are prime targets for cybercriminals due to their sensitive data and critical infrastructure. In…
[Continue read … ⌘ Read more
** CVSS 10.0 Critical Vulnerability in Erlang/OTP’s SSH: Unauthenticated Remote Code Execution Risk**
A critical security vulnerability (CVE-2025–32433) with a CVSS … ⌘ Read more
Automating GraphQL Bug Bounty Hunting with GrapeQL ⌘ Read more
️♂️ “I Didn’t Plan to Find a P1… But My Script Had Other Plans ” ⌘ Read more
Top 20 Linux Commands Every Pentester Should Know ⌘ Read more
Secret tricks to get hidden information in Bug Bounty
This article gives you a best and hidden tricks to find secret or hidden information from GitHub. we can call hidden approach on GitHub.
[Continue reading on InfoSec Write-ups »](https:/ … ⌘ Read more
Hacking and Securing Docker Containers: A Deep Dive into Common Vulnerabilities and Test Cases
Disclaimer: This document is for educational purposes only. Exploiti … ⌘ Read more
Why The End of MITRE’s CVE Isn’t A Big Deal ⌘ Read more
Hacking Linux with Zombie Processes ⌘ Read more
️ Blind XSS Attack in Production: My Favorite Exploit with a Delayed Surprise
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/%EF%B8%8F-bli … ⌘ Read more
ProcessOne: ejabberd 25.04
Just a few weeks after previous release, ejabberd 25.04 is published with an important security fix, several bug fixes and a new API command.
Release Highlights:
If you are upgrading from a previous version, there are no change … ⌘ Read more
↳
In-reply-to
»
@<@marado@ciberlandia.pt https://tilde.pt/~marado/twtxt.txt> Hey! do you see this? 🧐
⤋ Read More
@xuu@txt.sour.is like, badly broken. I mean, the guy doesn’t even use twtxt (it is more like an RSS feed for him). So, yeah, even if it was the correct mention it would never reach the intended ears. 😂
Reimagining the SOC Analyst Role Using AI — What is Actually Realistic? ⌘ Read more
Best Cybersecurity Certifications for Beginners and Experts in 2025
Cybersecurity — has fastly become one of the critical fields in Bigtech, making certifications essential for career advancement. Companies…
[Cont … ⌘ Read more
“Sysmon Unleashed: Tracking and Tackling Malicious Activity on Windows”
Introduction
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/sysmon-unleashed-tracking-and-tackling-malicious-act … ⌘ Read more
** OWASP Top 10 for LLMs in 2025: Security Test Cases You Must Know**
As Large Language Models (LLMs) continue to integrate into critical systems, securing them has become a top priority. In 2025, OWASP…
[Continue reading on I … ⌘ Read more
**Click, Recon, Jackpot! ️♂️ How a Subdomain Led Me to an S3 Treasure Trove **
Free Link🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/click-recon-jackpo … ⌘ Read more
⚡️Oops, They Logged It! Turning LFI into Remote Shell Like a Pro ⚔️
Free Link🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/%EF%B8%8Foops-they-logged-it-turning-l … ⌘ Read more
Mastering the Linux Terminal: 10 Essential Network Commands You Need to Know
Hello, my digital adventurers!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/mastering-the-l … ⌘ Read more
** Uncovering Hidden APIs: How One Forgotten Endpoint Made Me $500**
🚀Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/uncovering-hidden-apis-how-one-forgotten-endpoint-made-me-500-424e6388c … ⌘ Read more
How to Spot a Phishing Email in 5 Seconds (Real Examples)
And What to Do When Your Smart Home and a Stalker’s AirTag Team Up Against You
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-spot-a-phishing-email-in-5-second … ⌘ Read more
$10,000 worth GitHub Access Tokens | Secret Search Operators
Secret but basic GitHub dorks & search operators that can lead to $10k bounty worth Acess Tokens.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/10- … ⌘ Read more
MisCloud — HackTheBox Sherlock Writeup ⌘ Read more
A Complete Guide to Securing Secrets in AWS Lambda
Learn how to securely manage secrets in AWS Lambda using environment variables, KMS encryption, Secrets Manager, and more.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/a-c … ⌘ Read more
Fast Flux: The DNS Botnet Technique Alarming National Security Agencies ⌘ Read more
Think You’re Safe? Here’s How Hackers Actually Break Into Your Accounts in 2025
How secure are you really when even two-factor authentication isn’t enough anymore?
[Continue reading on InfoSec Write-ups … ⌘ Read more
One Random Recon, One Real Bounty: The Paytm Story
From countless dead ends to a single Swagger UI payload — the unexpected breakthrough that changed my bug hunting journey forever.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ghost-paytm-xss-bounty-4f5efe6a643b?source=rss—-7b … ⌘ Read more
There’s one way you can make your super more secure
Super funds are attractive targets for hackers, and recent attacks on funds have put the sector’s security practices under the microscope. ⌘ Read more
Introducing NEO Gamma - Another Step Closer to Home
NEO Gamma is the next generation of home humanoids designed and engineered by 1X Technologies. Source: 1X ⌘ Read more
New Elder Scrolls Online expansion unveiled
The next big expansion for the long running Elder Scrolls Online video game has been unveiled. A decade on, players will be able to continue the original storyline in Seasons of the Worm Cult. Coming to PC and consoles in June. ⌘ Read more
Did an AI chatbot help draft the US tariff policy?
If it did, it almost certainly warned that implementing it would be a bad idea. ⌘ Read more
↳
In-reply-to
»
I am not interested at all. If I want to interact/socialise/whatever on the Fediverse (which I do), I simply use it. I would like to keep twtxt separate.
⤋ Read More
Adding to this, we already tried. It didn’t go too well. Slightly related—because it is a third party “integration”—I might be a “smaller group” member, but I don’t care much about one-way feeds (mostly RSS from blogs, news articles, etc.) either.
I paid an athlete $120 to send me a personalised video. You can, too
Thousands of celebrities are sending personalised videos to paying fans. But how exactly does it work? ⌘ Read more
** Muddy weeknotes **
Some RSS exclusive week notes:
- I finished reading Emily St. James’ Woodworking
- I started reading Sally Rooney’s Intermezzo
- I took a break from re-watching Frieren for the third time
- I used that break to start watching The Apothecary Diaries, which isn’t at all what I assumed it was. It is more a detective show than anything else, so far, and I dig it
- I started to play Citizen Sleeper
- I cleaned so much, yet the house remains not clean
- It has stopped snowing (for now), we are now solidly in … ⌘ Read more
Nintendo’s plan for eight more years at the top of its game
Thanks to a focus on developer freedom, a powerful Nvidia chip and ongoing killer software, the Switch 2 has the ingredients for success. But also some challenges. ⌘ Read more
I played the Nintendo Switch 2, and it’s worth the hype
Nintendo’s hybrid console gets new gimmicks, new games, and a tech upgrade to meet the wider games industry. ⌘ Read more
The digital age is a pain in the digit – and my texting thumb is over it
So you’ve never had this condition, “texting thumb”? Keep scrolling – and scrolling – and you’ll get the feel of it. ⌘ Read more
Nintendo Switch 2 announced for a June 5 launch
The system supports 4K graphics, has an integrated voice chat platform and will cost $700. ⌘ Read more
After dominating television, Netflix is setting its sights on gaming
In a matter of years, Netflix’s new head of games, Alain Tascan, believes we’ll all be playing Netflix games on any device we choose. ⌘ Read more
Apple’s latest MacBook Air, Mac Studio put its new chips to good work
Apple’s M4 chip, which debuted in the iPad Pro last year, has made its way to the entire portfolio of Macs, bringing improvements in processing and graphics as well as AI. ⌘ Read more
ProcessOne: ejabberd 25.03
Release Highlights:
- Matrix Gateway Gets Room Support
- Multiple Simultaneous Password Types
- Execute API Commands Using XMPP Client
If you are upgrading from a previous version, please check the [changes in SQL schemas](https://www.process-one … ⌘ Read more
The race is on to build the world’s most important machine
Few would expect the future of one of the world’s fastest-growing industries to depend on a quiet Dutch town. ⌘ Read more