Master Web Fuzzing: A Cheat‑Sheet to Finding Hidden Paths
Hey there, back again with another post! 😄
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/master-web-fuzzing-a-cheat-sheet-to-finding-hidden-paths-6c2bcf5 … ⌘ Read more
Hash Me If You Can — How I Beat a 2-Second Hashing Challenge on RingZer0Team ⌘ Read more
** How to Use AI to Learn Bug Hunting & Cybersecurity Like a Pro (in 2025)**
Hey there 👋,
I’m Vipul, the mind behind The Hacker’s Log — where I break down the hacker’s mindset, tools, and secrets 🧠💻
[Continue reading … ⌘ Read more
** The Access Control Apocalypse: How Broken Permissions Gave Me Keys to Every Digital Door**
Hey there😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/th … ⌘ Read more
Authentication bypass via sequential user IDs in Microsoft SSO integration | Critical Vulnerability
If you’re a penetration tester or bug bounty hunter, n … ⌘ Read more
Account Take Over | P1 — Critical
It started off like any other day until I got an unexpected email — an invite to a private bug bounty program. Curious, I jumped in. The…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/account-take-over-p1-critical-5468ce8218b9?sour … ⌘ Read more
The weirdest bug:When Reflected XSS Won’t Let a Page Breathe ⌘ Read more
The Critical $1000 Bug:(blind SQL injection) ⌘ Read more
How to break RSA? A guide for Hackers and CTF players to crack the RSA encryption algorithm ⌘ Read more
Kerberos Authentication — In Layman terms ⌘ Read more
22. How to Get Invites to Private Programs
Unlock the secrets to landing exclusive private program invites and level up your bug bounty journey.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/22-how-to-get-invites-to-private-programs-9bbb5166 … ⌘ Read more
**Shooting at crowded South Carolina bar leaves 4 dead **
Four people were killed and at least 20 injured, several critically, after a shooting at a crowded bar in South Carolina on Sunday. ⌘ Read more
Security updates for Friday
Security updates have been issued by Debian (redis and valkey), Fedora (docker-buildkit, ibus-bamboo, pgadmin4, webkitgtk, and wordpress), Mageia (kernel-linus, kmod-virtualbox & kmod-xtables-addons, and microcode), Oracle (compat-libtiff3 and udisks2), Red Hat (rsync), Slackware (python3), SUSE (chromium, cJSON, digger-cli, glow, go1.24, go1.25, go1.25-openssl, grafana, libexslt0, libruby3_4-3_4, pgadmin4, python311-python-socketio, and squid), and Ubuntu (dpdk, libhtp, v … ⌘ Read more
Best Apple Deals of the Week: AirPods 4 for $89, AirTag for $64.99, and More Prime Day Sales Still Available
This week was Prime Big Deal Days, and although the event is officially over, we’re still tracking great leftover discounts on Amazon. This includes ongoing low prices on AirPods 4, MacBook Air, iPads, and more.
How I found an unauthenticated goldmine of PII ⌘ Read more
Living Off the Cloud: Abusing Cloud Services for Red Teaming | Cyber Codex ⌘ Read more
21. Tips for Staying Consistent and Avoiding Burnout
What if the secret to lasting success isn’t working harder, but pacing yourself smarter?
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/21-tips-for-staying-consistent-an … ⌘ Read more
Business Logic Error - Bypassing Payment with Test Cards ⌘ Read more
My BTL1 Review ⌘ Read more
Unbelievable Security Hole: JWT Secret in a Series-B Funded Company
It started as a routine penetration test. Little did I know I was about to uncover one of the most basic yet catastrophic security…
[Continue reading on … ⌘ Read more
The $500 Stored XSS Bug in SideFX’s Messaging System
Hacking the Inbox: How a $500 Stored XSS Bug Exposed SideFX’s Messaging Flaw
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-500-stored-xss-bug-in-sidefxs-messaging-sys … ⌘ Read more
A Beginner’s Guide to Finding Hidden API Endpoints in JavaScript Files
How to discover what others miss in plain sight
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/a-beginners-guide-to-finding-h … ⌘ Read more
Thousands more university jobs cut as financial crisis deepens
University workers will vote on national strike action this month over a 1.4% pay offer made in the summer. ⌘ Read more
Thousands more university jobs cut as financial crisis deepens
University workers will vote on national strike action this month over a 1.4% pay offer made in the summer. ⌘ Read more
How I Solved TryHackMe Madness CTF: Step-by-Step Beginner-Friendly Walkthrough for 2025
How I Solved “Madness”: An Easy TryHackMe CTF Walkthrough
[Continue reading on InfoSec W … ⌘ Read more
Learn what MITM attack is, and how to identify the footprints of this attack in the network traffic.
Imagery HTB WriteUp: Season 9 Machine 2 ⌘ Read more
How I found Multiple Bugs on CHESS.COM & they refused
I found JS crash, disallowing anyone to view your profile and HTML Injection. But they ignored everything.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-multiple-bug … ⌘ Read more
CORS Vulnerability with Trusted Insecure Protocols BurpSuite Walkthrough
CORS misconfig + HTTP subdomain XSS analysis showing API key exfiltration, exploit breakdown and remediation.
[Continue reading on InfoSec W … ⌘ Read more
Getting Hands-On with Kerbrute: Practical AD Enumeration & Attack Tactics ⌘ Read more
Putin’s Gasoline Crisis Spreads: Sales Now Restricted in 4 Regions ⌘ Read more
Client ID Metadata Document Adopted by the OAuth Working Group
The IETF OAuth Working Group has adopted the Client ID Metadata Document specification! ⌘ Read more
Gold surges past $4,000 an ounce as uncertainty fuels rally
Analysts point to delays in the reporting of economic data due to the US government shutdown as one reason for the rise. ⌘ Read more
Gold surges past $4,000 an ounce as uncertainty fuels rally
Analysts point to delays in the reporting of economic data due to the US government shutdown as one reason for the rise. ⌘ Read more
Gold surges past $4,000 an ounce as uncertainty fuels rally
Analysts point to delays in the reporting of economic data due to the US government shutdown as one reason for the rise. ⌘ Read more
Gold surges past $4,000 an ounce as uncertainty fuels rally
Analysts point to delays in the reporting of economic data due to the US government shutdown as one reason for the rise. ⌘ Read more
Gold surges past $4,000 an ounce as uncertainty fuels rally
Analysts point to delays in the reporting of economic data due to the US government shutdown as one reason for the rise. ⌘ Read more
Gold surges past $4,000 an ounce as uncertainty fuels rally
Analysts point to delays in the reporting of economic data due to the US government shutdown as one reason for the rise. ⌘ Read more
Gold surges past $4,000 an ounce as uncertainty fuels rally
Analysts point to delays in the reporting of economic data due to the US government shutdown as one reason for the rise. ⌘ Read more
Gold surges past $4,000 an ounce as uncertainty fuels rally
Analysts point to delays in the reporting of economic data due to the US government shutdown as one reason for the rise. ⌘ Read more
Ashley is taking control (howlSFM) [resident evil 4] ⌘ Read more
Gold tops record $4,000 an ounce as uncertainty fuels rally
Analysts point to delays in the reporting of economic data due to the US government shutdown as one reason for the rise. ⌘ Read more
Gold tops record $4,000 an ounce as uncertainty fuels rally
Analysts point to delays in the reporting of economic data due to the US government shutdown as one reason for the rise. ⌘ Read more
Gold hits record $4,000 an ounce as uncertainty fuels rally
Analysts point to delays in the reporting of economic data due to the US government shutdown as one reason for the rise. ⌘ Read more
Gold hits record $4,000 an ounce as uncertainty fuels rally
Analysts point to delays in the reporting of economic data due to the US government shutdown as one reason for the rise. ⌘ Read more
Gold hits record $4,000 an ounce as uncertainty fuels rally
The value of the precious metal has risen by more than 25% since new US tariffs were announced in April. ⌘ Read more
How to Repair Outlook PST File without ScanPST.exe? ⌘ Read more
How the latest tech helped bring Borderlands 4 to life
Borderlands 4 takes the video game series to new heights. As Gearbox Software’s Anthony Nicholson explains to 9news.com.au, the help of the latest technology bought this new world to life. Borderlands 4 is out now. ⌘ Read more
**Hidden API Endpoints: The Hacker’s Secret Weapon **
I’m a cybersecurity enthusiast and the writer behind The Hacker’s Log — where I break down how real hackers think, find, and exploit…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ … ⌘ Read more
Adversary TTP Simulation Lab ⌘ Read more
How a Single Signup Flaw Exposed 162,481 User Records
My $8,500 Bug Bounty Story and the Critical Lesson in Authentication
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-a-single-signup-flaw-exposed-162-481-user-re … ⌘ Read more
Hikers feared being buried by snow in Mount Everest blizzard
Hundreds of hikers are still trapped at an elevation of more than 4,900 metres as rescuers work to clear deep snow. ⌘ Read more
IBM Granite 4.0 Models Now Available on Docker Hub
Developers can now discover and run IBM’s latest open-source Granite 4.0 language models from the Docker Hub model catalog, and start building in minutes with Docker Model Runner. Granite 4.0 pairs strong, enterprise-ready performance with a lightweight footprint, so you can prototype locally and scale confidently. The Granite 4.0 family is designed for speed, flexibility,… ⌘ Read more
Deals: AirTags 4-pack for $65, M3 iPad Air from $449, & More
AirTags are super useful personal trackers with many uses from tracking a bag, purse, dog, cat, luggage, backpack, car keys, package, bike, car, or just about anything else you can imagine wanting to keep an eye on through the Find My network. Amazon is currently offering the AirTag 4-pack for just $65 ($16 per AirTag), … [Read More](https://osxdaily.com/2025/10/06/deals-airtags-4-pack-for-65-m3-ipad-air-from-449-m … ⌘ Read more
From $4,000 to $21,000 — lab training in Tasmania could be a thing of the past
Tasmanian TAFE graduates worry as some locally taught courses that helped them forge a career may disappear as the cost to study them increases dramatically. ⌘ Read more
Actuator Unleashed: A Guide to Finding and Exploiting Spring Boot Actuator Endpoints ⌘ Read more
Breaking Into HackTheBox: My Journey from Script Kiddie to Root
How I went from copying Pastebin scripts to actually understanding what I was doing — and how you can too.
[Continue reading on InfoSec Write-ups »](https://i … ⌘ Read more
SQHell: Manually hunting SQL injection with detailed explanation ⌘ Read more
Week 12— Async API Calls: fetch, Axios, and Promises ⌘ Read more
OSINT: Google Dorking Hacks: The X-Ray Vision for Google Search
You type in some keywords, scroll past 10 pages of useless results, and wonder why the internet’s hiding the good stuff. Sound familiar?
[Continue reading on Inf … ⌘ Read more
New Data Exfiltration Technique Using Brave Sync ⌘ Read more
Topmanager: Wo das Kabelnetz in Deutschland Docsis 4.0 bekommt
In Deutschland fällt der Sprung auf Docsis 4.0 so schwer, dass das Thema jeden Pressesprecher nervös macht. Ein Manager erzählt uns, warum. ( Docsis 4.0, Vodafone)
Excel 2025 CTF | Anonymous (Miscellaneous) challenge Writeup ⌘ Read more
Mastering Google Dorking: Discovering Website Vulnerabilities
Deep Recon Made Simple: Powering Bug Hunting with Dorking Strategies
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/mastering-google-dorking-d … ⌘ Read more
** Secrets Hackers Don’t Tell: Recon Techniques That Actually Pay**
You see it in the movies: a hacker slams the keyboard, green text scrolls by, and BAM! They’re in. The entire breach takes 90 seconds.
[Continue reading on InfoSe … ⌘ Read more
Hiding in Plain Sight: Steganography, C2, and SVG Files ⌘ Read more
The Price of Neglect. The Big Questions Behind Jaguar Land Rover’s Government £1.5 B Cyber Bailout. ⌘ Read more
My Recon Automation Found an Email Confirmation Bypass
How a simple parameter led to a complete authentication bypass
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/my-recon-automation-found-an-email-confirmation-byp … ⌘ Read more
Expressway — HackTheBox walkthough ⌘ Read more
Red Stone One Carat — TryHackMe Challenge Write-up ⌘ Read more
TryHackMe Infinity Shell Walkthrough: Web Shell Forensics & CTF Guide ⌘ Read more
KubeCon + CloudNativeCon North America 2025 Co-Located Event Deep Dive: Kubernetes on Edge Day
The inaugural Edge Day launched as a co-located event at KubeCon + CloudNativeCon EU in 2022, recognizing that data at the edge is here to stay. Once called the ‘Internet of Things’ and later ‘Industry 4.0,’… ⌘ Read more
Why some human GII.4 noroviruses are better than others at infecting cells
Human noroviruses, GII.4 strains in particular, are the chief drivers of acute viral gastroenteritis around the world, a condition for which there are no vaccines or antivirals. Understanding how these viruses enter cells in the gut, a first step toward developing an infection, can lead to effective therapeutics. ⌘ Read more
Seven new stable kernels
Greg Kroah-Hartman has announced the release of the 6.16.10, 6.12.50, 6.6.109, 6.1.155, 5.15.194, 5.10.245, and 5.4.300 stable kernels. All of these kernels
have lots of important fixes throughout the kernel tree. ⌘ Read more
Security updates for Wednesday
Security updates have been issued by AlmaLinux (kernel, kernel-rt, mysql:8.0, and openssh), Debian (libcommons-lang-java, libcommons-lang3-java, libcpanel-json-xs-perl, libjson-xs-perl, libxml2, open-vm-tools, and u-boot), Fedora (bird, dnsdist, mapserver, ntpd-rs, python-nh3, and rust-ammonia), Oracle (kernel and mysql:8.0), Red Hat (cups, postgresql:12, and postgresql:13), SUSE (cJSON-devel, gimp, kernel-devel, kubecolor, open-vm-tools, openssl-1_1, openssl-3, and ruby3.4-ruby … ⌘ Read more
Amanhã no #SescAvPaulista rola o último encontro do semestre do Grupo de Estudos em #Python (https://hackmd.io/@sesc-av-paulista/estudos-em-python), se quiser participar é só chegar 14h para pegar uma senha grátis. A atividade é das 14h30 às 16h30.
Em outubro vou dar este curso quintas à tarde com 4 encontros:
https://www.sescsp.org.br/programacao/ilustracoes-vetoriais-para-grandes-formatos-com-programacao/
↳
In-reply-to
»
@lyse That looks like an older bug report. Which groff version is that (
⤋ Read More
groff --version)?
@movq@www.uninformativ.de It’s an ancient 1.22.4. :-)
Hey @itsericwoodward@itsericwoodward.com, I just wanna let you know that twtstrm/0.4.0 sends a broken User-Agent header. Instead of the URL, the nick is repeated.
MCP Horror Stories: The Drive-By Localhost Breach
This is Part 4 of our MCP Horror Stories series, where we examine real-world security incidents that expose the devastating vulnerabilities in AI infrastructure and demonstrate how Docker MCP Gateway provides enterprise-grade protection against sophisticated attack vectors. The Model Context Protocol (MCP) has transformed how developers integrate AI agents with their development environments. Tools like… ⌘ Read more
↳
In-reply-to
»
Here is just a small list of things™ that I'm aware will break, some quite badly, others in minor ways:
⤋ Read More
@prologic@twtxt.net I know we won’t ever convince each other of the other’s favorite addressing scheme. :-D But I wanna address (haha) your concerns:
I don’t see any difference between the two schemes regarding link rot and migration. If the URL changes, both approaches are equally terrible as the feed URL is part of the hashed value and reference of some sort in the location-based scheme. It doesn’t matter.
The same is true for duplication and forks. Even today, the “cannonical URL” has to be chosen to build the hash. That’s exactly the same with location-based addressing. Why would a mirror only duplicate stuff with location- but not content-based addressing? I really fail to see that. Also, who is using mirrors or relays anyway? I don’t know of any such software to be honest.
If there is a spam feed, I just unfollow it. Done. Not a concern for me at all. Not the slightest bit. And the byte verification is THE source of all broken threads when the conversation start is edited. Yes, this can be viewed as a feature, but how many times was it actually a feature and not more behaving as an anti-feature in terms of user experience?
I don’t get your argument. If the feed in question is offline, one can simply look in local caches and see if there is a message at that particular time, just like looking up a hash. Where’s the difference? Except that the lookup key is longer or compound or whatever depending on the cache format.
Even a new hashing algorithm requires work on clients etc. It’s not that you get some backwards-compatibility for free. It just cannot be backwards-compatible in my opinion, no matter which approach we take. That’s why I believe some magic time for the switch causes the least amount of trouble. You leave the old world untouched and working.
If these are general concerns, I’m completely with you. But I don’t think that they only apply to location-based addressing. That’s how I interpreted your message. I could be wrong. Happy to read your explanations. :-)
ProcessOne: Why Europe’s ‘Chat Control’ Proposal Will Cripple European Communication Industry While Failing to Protect Children
On October 14th, the European Concil will vote on a regulation that … ⌘ Read more
Silent Component Updates & Redesigned Update Experience
Following on from our previous initiative to improve how Docker Desktop delivers updates, we are excited to announce another major improvement to how Docker Desktop keeps your development tools up to date. Starting with Docker Desktop 4.46, we’re introducing automatic component updates and a completely redesigned update experience that puts your productivity first. Why We’re… ⌘ Read more
ProcessOne: Spotify’s Direct Messaging Gambit
Last week, Spotify quietly launched direct messaging across its platform in selected areas, allowing users to share tracks and playlists through private conversations within the app. The feature was rolled out with mini … ⌘ Read more
I’ve got a prototype of my hardcopy simulator going. I’m typing on the keyboard and the “display” goes to the printer:
https://movq.de/v/56feb53912/s.png
https://movq.de/v/235c1eabac/MVI_8810.MOV.mp4
The biiiiiiiiiig problem is that the print head and plastic cover make it impossible to see what’s currently being printed, because this is not a typewriter. This means: In order to see what I just entered, I have to feed the paper back and forth and back and forth … it’s not ideal.
I got that idea of moving back/forth from Drew DeVault, who – as it turned out – did something similar a few years back. (I tried hard to read as little as possible of his blog post, because figuring things out myself is more fun. But that could mean I missed a great idea here or there.)
But hey, at least this is running on my Pentium 133 on SuSE Linux 6.4, printer connected with a parallel cable. 😍
(Also, yes, you can see the printouts of earlier tests and, yes, I used ed(1) wrong at one point. 🤪 And ls insisted on using colors …)
↳
In-reply-to
»
Bloody AI clowns:
⤋ Read More
Here’s an interesting thought/angle on this topic:
gemini://gemini.conman.org/boston/2025/08/21.1
A further check showed that all the network blocks are owned by one organization—Tencent [4]. I’m seriously thinking that the CCP (Chinese Communist Party) encourage this with maybe the hope of externalizing the cost of the Great Firewall [5] to the rest of the world.
The XMPP Standards Foundation: MongooseIM 6.4 - Simplified and Unified
MongooseIM is a scalable and efficient instant messaging server. It implements the open, proven, extensible and constantly evolving XMPP protocol, which is an excellent choice when it comes to instant messaging. To communicate with other XMPP entities, the server uses three main types of interfaces, listed in the table below.
XMPP InterfacePurposeConnection typeReworked in v … ⌘ Read more
Why everyone is quitting social media ⌘ Read more
Erlang Solutions: MongooseIM 6.4: Simplified and Unified
MongooseIM is a scalable and efficient instant messaging server. With the latest release 6.4.0, it has become more powerful yet easier to use and maintain. Thanks to the internal unification of listeners and connection handling, the configuration is easier and more intuitive, while numerous new options are supported.
New features include support for TLS 1.3 with optional channel binding for improved security, single round-trip authent … ⌘ Read more
BlueSCSI Wi-Fi Desk Accessory 1.4 Released ⌘ Read more
Tip on how to convert a big #PDF into a smaller one:
gs -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/ebook -dNOPAUSE -dQUIET -dBATCH -sOutputFile=smaller.pdf big.pdf