DOM XSS Exploit: Using postMessage and JSON.parse in iframe Attacks
[Write-up] DOM XSS Using Web Messages and JSON.parse.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/dom-xss-exploit-using … ⌘ Read more
Bypassing HackerOne Report Ban Using API Key
How a Banned Researcher Could Still Submit Reports Using the REST API
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bypassing-hackerone-report-ban-using-api-key-061711e873c6?source=rss—-7b … ⌘ Read more
[$] Device-initiated I/O
Peer-to-peer DMA (P2PDMA) has been part of
the kernel since the 4.20 release in 2018;
it provides a framework that allows devices to transfer data between themselves
directly, without using system RAM for the transfer. At the 2025 Linux
Storage, Filesystem, Memory Management, and BPF Summit (LSFMM+BPF), Stephen
Bates led a combined storage, filesystems, and memory-management session on
device-initiated I/O, which is perhaps what P2PDMA is … ⌘ Read more
AMD Radeon RX 9060 XT im Test: Ein neuer Herausforderer für Mittelklasse-GPUs
Mit genug Speicher und solider Leistung ist AMDs neue RDNA-4-Grafikkarte bestens für aktuelle Spiele gerüstet. Beim Kauf muss man trotzdem aufpassen. Ein Test von Martin Böckmann ( Grafikkarten, AMD)
Eight stable kernels released
Greg Kroah-Hartman has announced the release of the 6.15.1, 6.14.10, 6.12.32, 6.6.93, 6.1.141, 5.15.185, 5.10.238, and 5.4.294 stable kernels. As usual, each
contains a set of important fixes. ⌘ Read more
Security updates for Wednesday
Security updates have been issued by AlmaLinux (git, krb5, perl-CPAN, and rsync), Debian (tcpdf), Fedora (libmodsecurity, lua-http, microcode_ctl, and nextcloud), Red Hat (osbuild-composer), SUSE (389-ds, avahi, ca-certificates-mozilla, docker, expat, freetype2, glib2, gnuplot, gnutls, golang-github-teddysun-v2ray-plugin, golang-github-v2fly-v2ray-core, govulncheck-vulndb, helm, iperf, kernel, kernel-livepatch-MICRO-6-0_Update_2, kernel-livepatch-MICRO-6-0_Update_4, krb5, libarc … ⌘ Read more
Zahl der Reichen noch nie so hoch wie heute
Die Zahl der Reichen war noch nie so hoch wie heute. Zugleich war ihr gesamtes Vermögen noch nie so groß. Das geht aus dem am Mittwoch veröffentlichten „World Wealth Report“ des Beratungsunternehmens Capgemini hervor. Geschätzt 23,4 Millionen Menschen und damit 2,6 Prozent mehr als 2023 verfügten im vergangenen Jahr über ein anlagefähiges Vermögen von mindestens einer Million Dollar. In Österreich ging die Zahl dagegen zurück. ⌘ Read more
102,4 TBit/s: Broadcoms Tomahawk 6 hat bis zu 1.024 100-GBit-Ports
Größere Rechenzentren brauchen größere Switches. Broadcoms neuer Chip soll bis zu einer Million GPUs in KI-Clustern verbinden. ( Netzwerkhardware, Netzwerk)
‘Fought India for 4 days, got paid’: Former Afghan VP slams IMF, World Bank aid to Pakistan - BusinessToday ⌘ Read more
Purple Teaming: When Hackers and Defenders Join Forces ⌘ Read more
Top File Read Bug POCs that made $20000
Learning & Methodology to find File Read from top 5 POCs by Elite hackers
SOC L1 Alert Triage: TryHackMe ⌘ Read more
JWT the Hell?! How Weak Tokens Let Me Become Admin with Just a Text Editor ️
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/jwt-the-hell-how-weak-to … ⌘ Read more
Cybersecurity Interview Questions For Freshers ⌘ Read more
Live: Erin Patterson to face more questions in triple-murder trial
Erin Patterson will give evidence for a third day in her triple-murder trial in Morwell. She’s accused of murdering three relatives by serving them a meal that contained poisonous mushrooms. Follow the trial live. ⌘ Read more
Live: ‘Can’t remember’: Waters brushes off reports of a heated exchange with Cox
Greens leader Larissa Waters says she “can’t remember” if Dorinda Cox told her to “grow a spine” during a heated exchange after the senator’s failed leadership bid. Follow live. ⌘ Read more
CD Projekt Red: So spektakulär verhext The Witcher 4 die Unreal Engine
Welt, Grafik, Ciri: Eine Tech-Demo verrät mehr über The Witcher 4. Golem.de konnte die Szenen vorab sehen und erklärt Details. Von Peter Steinlechner ( The Witcher 4, Rollenspiel)
Security updates for Tuesday
Security updates have been issued by AlmaLinux (varnish), Debian (asterisk and roundcube), Fedora (systemd), Mageia (golang), Red Hat (ghostscript, perl-CPAN, python36:3.6, and rsync), SUSE (govulncheck-vulndb, libsoup-2_4-1, and postgresql, postgresql16, postgresql17), and Ubuntu (mariadb, open-vm-tools, php-twig, and python-tornado). ⌘ Read more
404 to $4,000: Exposed .git, .env, and Hidden Dev Files via Predictable Paths”
How Bug Bounty Hunters Can Turn Common 404s Into Critical Information Disclosure Bounties
[Continue reading on InfoSec Write-u … ⌘ Read more
How One Path Traversal in Grafana Unleashed XSS, Open Redirect and SSRF (CVE-2025–4123)
Abusing Client Path Traversal to Chain XSS, SSRF and Open Redirect in Grafana
[Continue rea … ⌘ Read more
**2. Setting Up the Ultimate Hacker’s Lab (Free Tools Only) **
“You don’t need a fortune to break into bug bounty. You just need the right mindset — and the right setup.”
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/2-se … ⌘ Read more
** 19 Billion Stolen Passwords?! Here’s Why You Should Care — And How to Beat the Hackers** ⌘ Read more
Cracking JWTs: A Bug Bounty Hunting Guide [Part 3] ⌘ Read more
Webhook Vulnerabilities: Hidden Vulnerabilities in Automation Pipelines
How misconfigured webhooks in CI/CD, Slack, and third-party integrations can expose secrets, trigger SSRF, and lead to critical…
[Conti … ⌘ Read more
The Invisible Bottleneck: How IT Hierarchies Impact Growth ⌘ Read more
{CyberDefenders Write-up}OskiCategory: Threat Intel ⌘ Read more
Exploiting the Gaps in Password Reset Verification
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/exploiting-the-gaps-in-password-reset-verification-9bb86ec95d29?source=rss—-7b722bfd1b8d– … ⌘ Read more
Breaking: Minimum and award wages to rise 3.5 per cent from July
Millions of Australian workers will get a 3.5 per cent pay rise from July 1, following the Fair Work Commission’s annual review of the minimum wage and award agreements. Inflation is currently at 2.4 per cent annually. ⌘ Read more
Had to unexpectedly say goodbye to our little Ellie. She was only 4 years old. ⌘ Read more
Would you accept seven weeks without bank access? Why is super different?
Australia’s superannuation pool is worth nearly $4.2 trillion — the funds are undoubtedly extremely adept at taking members’ money. But when it comes helping members to access it, they are falling short. ⌘ Read more
OSWE Web Hacking Tips (IPPSEC): My Study Journey href=”https://txt.sour.is/search?q=%231”>#1** ⌘ Read more
Learning YARA: A Beginner SOC Analyst’s Notes
Learn how to build a YARA-powered malware detection and automation system using n8n, GPT, and hybrid analysis tools. This hands-on guide…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/learnin … ⌘ Read more
Tilde Games: Exploiting 8.3 Shortnames on IIS Servers ⌘ Read more
$540 Bounty: How a Misconfigured Warning Endpoint in Apache Airflow Exposed DAG Secrets
CVE-2023–42780: An Improper Access Control Bug That Let Low-Privileged Users View DAG Impo … ⌘ Read more
**From Forgot Password to Forgot Validation: A Broken Flow That Let Me Take Over Accounts **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/from … ⌘ Read more
** From alert(1) to Real-world Impact: Hunting XSS Where Others Don’t Look** ⌘ Read more
Bug Bounty from Scratch | Everything You Need to Know About Bug Bounty
📌Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-bounty-from-scratch-everything-you-need-to-know … ⌘ Read more
My First P1 ⌘ Read more
Wazuh: The Free and Open Source SIEM/XDR Platform ⌘ Read more
↳
In-reply-to
»
I had a lot of fun with my modems these past few days:
⤋ Read More
This is my highlight, really, haven’t seen this in action in a loooooooong time:
A User to Admin: How I Went From Nobody to Owning the Admin Panel ⌘ Read more
** DevSecOps Phase 4B: Manual Penetration Testing** ⌘ Read more
Google Dorking: A Hacker’s Best Friend
Hey, hacker friends! Ever wonder why people say Google is a hacker’s best friend? Well, I’m about to show you why.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/google-dorking-a-hackers-best-friend-716dfb3e9739? … ⌘ Read more
The Hidden Admin Backdoor in Reddit Ads
An Invisibility Cloak for Attackers: How One Admin Created a Stealth Account That Even the Owner Couldn’t See or Remove
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-hidden-admin-backdoor-in-reddit-ads … ⌘ Read more
Bypassing Regex Validations to Achieve RCE: A Wild Bug Story
Free Article Lin
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bypassing-regex-validations-to-achieve-rce-a-wild-bug-story-6476faccbc23?source=r … ⌘ Read more
The Year We Lost Control: How the AI Race Could End Humanity — or Save It
By now, you’ve probably heard whispers of a future shaped entirely by artificial intelligence. From Nobel laureates to the godfather of AI…
… ⌘ Read more
Nigeria arrests 4 Pakistani nationals over terror links ⌘ Read more
Touchscreen Smart Box Based on ESP32-P4 with Wi-Fi 6 or Ethernet
The ESP32-P4 Smart 86 Box is a compact development board with a 4-inch capacitive touchscreen, designed for HMI, smart control panels, and edge processing. Its 86 mm form factor allows it to be easily installed in wall-mounted enclosures for use in embedded automation and smart terminal applications. As the name implies, this board is built […] ⌘ Read more
Security Logs Made Simple: The Foundation of Cybersecurity Monitoring ⌘ Read more
Why Multi-Factor Authentication Matters: A Guide I Wrote After Getting Hacked. ⌘ Read more
Memory Analysis Introduction | TryHackMe Write-Up | FarrosFR
Non-members are welcome to access the full story here.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/memory-analysis-introduction-tryhackme-write-up-farrosfr-32e … ⌘ Read more
Passkeys: The Waterproof Defense Against Phishing Attacks
The Passkeys — a next-generation authentication technology poised to be a game-changer, offering what many describe as a truly waterproof…
[Continue reading on InfoSec Write-ups … ⌘ Read more
A Hidden Backdoor: Bypassing reCAPTCHA on the Sign-up Page
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/a-hidden-backdoor-bypassing-recaptcha-on-the-sign-up-page-2b5b3c18257f … ⌘ Read more
Aditya Birla Capital Threat Intelligence Report: A 360° View of External Digital Risks ⌘ Read more
** Cache Me If You Can: How I Poisoned the CDN and Hijacked User Sessions**
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/cache-me-if-you-can-how-i-poisoned-the-cdn-and-hijacked … ⌘ Read more
Unauthenticated Remote Code Execution in vBulletin 6.0.1 via replaceAdTemplate Method ⌘ Read more
Leaking in Plain Sight: How Short Links Expose Sensitive Data ⌘ Read more
Walkthrough - Host & Network Penetration Testing: System-Host Based Attacks CTF 2 ⌘ Read more
Walkthrough — Assessment Methodologies: Vulnerability Assessment CTF 1 ⌘ Read more
4 years ago my Girlfriend was taking a walk in the middle of nowhere in Arizona when she heard the tinest of cries coming from a PVC pipe. When she looked she found these little babies. She brought them home showered them with love. ⌘ Read more
↳
In-reply-to
»
hey @prologic heads up - my pod is suddenly having weird 400 bad request errors on things like posting twts, new user registration, following, and more. it's not just me because a friend is also having these issues as a new user and can't post. i saw one exception in the logs but i'm not sure if it's related, i'll link it in a reply to this
⤋ Read More
@kat@yarn.girlonthemoon.xyz https://snippets.4-walls.net/kat/f1381409ed8244f0a60e0a7a6de23365
The 4 North Korean officials arrested over a botched destroyer launch are in mortal danger ⌘ Read more
4 trends shaping open source funding—and what they mean for maintainers
Get insights on the latest trends from GitHub experts while catching up on these exciting new projects.
The post 4 trends shaping open source funding—and what they mean for maintainers appeared first on The GitHub Blog. ⌘ Read more
GitHub Recon: The Underrated Technique to Discover High-Impact Leaks in Bug Bounty
Master the Art of Finding API Keys, Credentials and Sensitive Data in Public Repositories
[Continue re … ⌘ Read more
**Uncovering Amazon S3 Bucket Vulnerabilities: A Comprehensive Guide for Ethical Hackers **
How to Identify, Exploit, and Secure S3 Bucket Misconfigurations
[Continue reading on InfoSec Wr … ⌘ Read more
Logic Flaw: Deleting HackerOne Team Reports Without Access Rights
How a GraphQL Mutation Allowed Unauthorized Report Deletion Across Teams
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/logic-flaw … ⌘ Read more
AI-Powered SQLMap: Smarter SQL Injection Testing Guide ⌘ Read more
Bypassing Windows Defender & AVs with an LNK Exploit to Gain a Reverse Shell ⌘ Read more
This One Hacker Trick Got Me Access to an Admin Dashboard ️
Sometimes, it’s not about brute force. It’s about finesse. One header. One oversight. One open door.
— A Hacker’s Mindset 🧠
[Continue reading on InfoSec … ⌘ Read more
Cracking JWTs: A Bug Bounty Hunting Guide [Part 1] ⌘ Read more
ChatGPT Jailbreaking: A Sneaky Loophole That Exposes Ethical Gaps ⌘ Read more
Walkthrough — Assessment Methodologies: Information Gathering CTF 1 ⌘ Read more
**Unsafe Redirects = Unlimited Ride: How Open Redirect Led Me to Internal Dashboards **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/unsafe-redirects-unlimi … ⌘ Read more
I Tried 10 Recon Tools for 7 Days — Here’s What Actually Found Bugs
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/i-tried-10-recon-tools-for-7-days-heres-what-actually-found-bug … ⌘ Read more
Federal Court Blocks Trump Tariffs That Could Have Pushed iPhone Prices to Over $4,000
A federal court has ruled that President Donald Trump exceeded his authority in attempting to impose sweeping tariffs on imported goods, including Apple products, halting plans that could have dramatically raised iPhone prices across the United States (via _[CNET](https://www.cnet.com/personal-finance/federal-court-blocks-trumps-tariffs-finding-the-president-overstepp … ⌘ Read more
MYIR Launches Sub-$100 i.MX 91 Board for Embedded and Industrial Use
MYIR has introduced the MYC-LMX91, a compact SoM powered by NXP’s energy-efficient i.MX 91 processor. Designed for smart devices, the module targets applications such as industrial gateways, EV chargers, smart home systems, medical platforms, and building automation. The MYC-LMX91 is built around the 1.4 GHz Arm Cortex-A55-based i.MX 91 (MIMX9131CVVXJAA) and comes equipped with 1GB […] ⌘ Read more
$500 Bounty: Shopify Referrer Leak: Hijacking Storefront Access with a Single Token
Referrer Header Leaks + Iframe Injection = Storefront Password Bypass
[Continue reading on InfoSec Writ … ⌘ Read more
Extracting saved passwords in Chrome using python ⌘ Read more
Profiler: Your Digital Detective Platform ⌘ Read more
Hacking Insights: Gaining Access to University of Hyderabad Ganglia Dashboard ⌘ Read more
Part 3: How to Become a Pentester in 2025: Programming & Scripting Foundations for pentester ⌘ Read more
$750 Bounty: for HTTP Reset Password Link in Mattermost
How an Unsecured Protocol in a Critical Workflow Opened the Door for Network-Based Account Takeovers
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/750-bounty-for … ⌘ Read more
Day 5: DOM XSS in jQuery anchor href attribute sink using location.search ⌘ Read more
Exploiting Web Cache Poisoning with X-Host Header Using Param Miner
[Write-up] Web Cache Poisoning Using an Unknown Header.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/exploiting-web-ca … ⌘ Read more
**Header Injection to Hero: How I Hijacked Emails and Made the Server Sing **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/header-injection-to-hero-how-i-hijacked-emails-an … ⌘ Read more
hosted opengist because i got bored. works with authelia
ZooKeeper 實現分佈式鎖
基礎–ZooKeeper 的 4 個節點持久節點:默認的節點類型,一直存在於 ZooKeeper 中 持久順序節點:在創建節點時,ZooKeeper 根據節點創建的時間順序對節點進行編號 臨時節點:當客戶端與 ZooKeeper 斷開連接後,該進程創建的臨時節點就會被刪除 臨時順序節點:按時間順序編號的臨時節點 ZK 分佈式鎖相關基礎知識zk 分佈式鎖一般由多個節點構成( ⌘ Read more
Beyond best practices: Using OWASP ASVS to bake security into your delivery pipeline for 2025
How to turn a community-driven checklist into a living part of your SDLC.
[Cont … ⌘ Read more
Find Secrets in Hidden Directories Using Fuzzing ️
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/find-secrets-in-hidden-directories-using-fuzzing-%EF%B8%8F-1666d6f34fd8?source=rss—-7b722bfd1b8d- … ⌘ Read more
Day 4: DOM XSS in innerHTML sink using source location.search: Zero to Hero Series — Portswigger ⌘ Read more
Lab: Exploiting server-side parameter pollution in a query string
Server Side parameter pollution
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lab-exploiting-server-side-parameter-pollution-in-a … ⌘ Read more