JMP: Mitigating MITMs in XMPP
In October 2023, Jabber.ru, “the largest Russian XMPP messaging service”, discovered that both Hetzner and Linode had been targeting them with Machine-In-The-Middle (MITM) attacks for up to 6 months. MITM attacks are when an unauthorised third party intercepts traffic intended for someone else. At the point of interception, the attacker can inspect and even modify that traffic. TLS was created to mitigate this; all communication between the two parties is encrypted, so the third party sees … ⌘ Read more
Five quick hits: Behich puts Australia closer to World Cup qualification
Tony Popovic chooses substance over sparkle, Socceroos lack imagination in attack, and Aziz Behich provides an improbable wonder goal. These are five quick hits from Australia’s dramatic 1-0 defeat of Japan. ⌘ Read more
JMP: Mitigating MITMs in XMPP
In October 2023, Jabber.ru, “the largest Russian XMPP messaging service”, discovered that both Hetzner and Linode had been targeting them with Machine-In-The-Middle (MITM) attacks for up to 6 months. MITM attacks are when an unauthorised third party intercepts traffic intended for someone else. At the point of interception, the attacker can inspect and even modify that traffic. TLS was created to mitigate this; all communication between the two parties is encrypted, so the third party sees … ⌘ Read more
DOM XSS Exploit: Using postMessage and JSON.parse in iframe Attacks
[Write-up] DOM XSS Using Web Messages and JSON.parse.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/dom-xss-exploit-using … ⌘ Read more
Man jailed for four years over stabbing of ‘good Samaritan’ former reality TV contestant
A man who “savagely” attacked and stabbed former Bachelorette contestant Paddy Colliar, who was working as a topless waiter at a 60th birthday party, has been jailed for at least four years. ⌘ Read more
Charge dropped against US conspiracy theorist linked to Wieambilla attack
Donald Day Jr — who regularly communicated with Wieambilla killers Gareth, Stacey, and Nathaniel Train — is facing charges relating to making alleged threats and violating firearms laws. ⌘ Read more
Drones can be ‘anywhere, anytime’: Ukraine attack marks new era in warfare
Military analysts say Ukraine’s audacious attack on Russian air bases marks the next phase in tactical drone warfare, and all countries — including Australia — need to take note. ⌘ Read more
Putin vows revenge for Ukraine’s drone attack, Trump warns after phone call
The US president and his Russian counterpart spoke for more than an hour but Donald Trump said it was “not a conversation that will lead to immediate peace”. ⌘ Read more
Donald Trump spoke to Vladimir Putin again after the huge attack by the Ukrainians: “He said he would have to respond” ⌘ Read more
Serving as Putin’s Spokesperson, Trump Claims Russia is Planning to Retaliate Against Ukraine’s Surprise Attack ⌘ Read more
This is the Socceroos’ most important week in years — but best attack still a mystery
Despite a historic A-League season for young Australian forwards, Tony Popovic has trusted in the tried and true for this week’s crunch matches against Japan and Saudi Arabia as World Cup qualification beckons. ⌘ Read more
Queensland croc attack survivor joins calls for removal, culling
A father of two who managed to fight off a monster croc by stabbing it in the neck has voiced his support for a petition to more strictly control the animals in his region. ⌘ Read more
Images reveal aircraft lost in Ukraine’s ‘Spider’s Web’ attack on Russia
Operation Spider’s Web saw Ukraine reach deep into Russia and attack some of its most precious war machines. Images showing the damage inflicted are now beginning to emerge. ⌘ Read more
UN questions whether recent aid site attacks amount to war crimes
Palestinian authorities have accused Israeli forces of opening fire on civilians in three attacks in as many days, but the IDF denies shooting civilians. ⌘ Read more
Colorado fire-bomb suspect’s family being held for deportation
Federal agents are investigating “to what extent” Mohamed Sabry Soliman’s family knew about the attack, and if they provided any support. ⌘ Read more
Satellite imagery shows Ukraine attack destroyed and damaged Russian bombers ⌘ Read more
Putin Ally Says Ukraine Operation ‘Grounds for Nuclear Attack’ ⌘ Read more
DNS rebinding attacks explained: The lookup is coming from inside the house!
DNS rebinding attack without CORS against local network web applications. Explore the topic further and see how it can be used to exploit vulnerabilities in the real-world.
The post [DNS rebinding attacks explained: The lookup is coming from inside the house!](https://github.blog/security/application-security/dns-rebinding-attacks-explained-the-lookup-is-coming-from- … ⌘ Read more
Tech Journalist Engages in Lies & Doublespeak to Defame Lunduke
As part of a GNOME puff piece, a Tech Journalist for a Free and Open Source publication went on an unhinged attack on all things “Lunduke”. ⌘ Read more
Hundreds of prisoners escape after earthquake in Pakistan
More than 200 inmates attacked guards and fled after they were allowed to leave their cells because of earthquake tremors. ⌘ Read more
Man sentenced for attacking housemate, stealing dog from pound
Kyle Hiscox broke into Domestic Animal Services ACT to steal his own dog Nova, and then attacked a housemate with a hockey stick, leaving the victim so scarred they left Canberra. ⌘ Read more
Putin likes to have the upper hand, but before Istanbul Zelenskyy played an ace
Vladimir Putin and Volodymyr Zelenskyy sent delegates to Istanbul to talk peace, but a day prior Ukraine sent its strongest signal to Russia and any third-party brokers: The war is not lost, writes Emily Clark. ⌘ Read more
Teens who attack rugby great during home invasion have sentences upheld
The boy — aged 15 at the time of the offence — were sentenced to seven and eight years in prison respectively after attacking rugby union great Toutai Kefu and his family at their home. ⌘ Read more
Colorado terror attack suspect charged with hate crime
FBI documents allege Mohamed Sabry Soliman used a makeshift flamethrower and threw Molotov cocktails at a pro-Israel group in an attack he says he planned for more than a year. ⌘ Read more
Ukraine’s drone attack on Russian warplanes was a serious blow to the Kremlin’s strategic arsenal ⌘ Read more
Ukraine attack on Russian nuclear bombers overshadows peace talks in Turkiye
Negotiations yielded little progress but Volodymyr Zelenskyy confirmed there would be a fresh prisoner of war-swap between the two countries. ⌘ Read more
Wild videos capture fiery scenes from a massive Ukrainian drone attack on Russian bombers shielded by tires ⌘ Read more
‘Now The War Has Reached Us Too,’ Russians Far From Ukraine Say After Drone Attacks ⌘ Read more
Ukraine’s drone attack the latest in a series of daring David versus Goliath hits against Russian targets ⌘ Read more
Hundreds walk in solidarity after ‘unspeakable’ attack on running woman
Hundreds of Canberrans take part in a solidarity walk to show support for a woman grabbed from behind and assaulted while running at the Mulligan’s Flat Nature Reserve in Bonner last Monday. ⌘ Read more
What we know about the suspected ‘terror attack’ at the Colorado mall
Six people are injured after an attack on a group of people raising awareness about Israeli hostages held in Gaza. The FBI is treating the incident in Boulder, Colorado, as an act of terrorism but local police are refusing to speculate on the motive. ⌘ Read more
22yo woman dies in Darwin hospital after alleged domestic violence attack
A 22-year-old woman has died at Royal Darwin Hospital 10 days after an alleged domestic violence attack. A man has been charged as police continue to investigate. ⌘ Read more
How Ukraine pulled off its ‘extremely complex’ drone attack on Russia
Ukraine’s security services say they have destroyed 34 per cent of Russia’s air missile carriers with a bold drone attack. Here’s what we know. ⌘ Read more
Trump was not informed of Ukraine attack on Russia ⌘ Read more
Ukraine did not inform US of large-scale attack on Russian airfields in advance, says Axios ⌘ Read more
FBI investigating ‘targeted terror attack’ in Colorado
Local police in Boulder, Colorado and FBI agents establish an evacuation zone at a popular pedestrian area, where authorities say “several victims” have been targeted. ⌘ Read more
Molotov Cocktails thrown at peaceful vigil for the Israeli hostages in Boulder, multiple injured. FBI calls it a targeted terrorist attack ⌘ Read more
Trump was not informed of Ukraine attack on Russia ⌘ Read more
“Russia’s Pearl Harbor”—Ukraine surprise drone attack hits nuclear bombers ⌘ Read more
Ukraine launches major drone attack on Russian bombers, security official says | Ukraine ⌘ Read more
The Hidden Admin Backdoor in Reddit Ads
An Invisibility Cloak for Attackers: How One Admin Created a Stealth Account That Even the Owner Couldn’t See or Remove
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-hidden-admin-backdoor-in-reddit-ads … ⌘ Read more
Ukraine reportedly strikes down over 40 Russian strategic bombers in mass drone attack ⌘ Read more
‘Russian bombers are burning en masse’ — Ukraine’s SBU drones hit ‘more than 40’ aircraft in mass attack, source claims ⌘ Read more
Samus using screw attack (AkaiRiot) ⌘ Read more
Half Spectre, Full Exploit: Hardening Rowhammer Attacks with Half-Spectre Gadgets
Comments ⌘ Read more
Russia Accused of Staging Attack on Putin’s Helicopter ⌘ Read more
Pakistani terrorist behind deadly Pahalgam attack is former Para commando, probe finds ⌘ Read more
Kremlin staged drone attack on Putin’s helicopter ⌘ Read more
Ukrainian forces repel over 170 Russian attacks, fiercest fighting on Pokrovsk front – Ukraine’s General Staff ⌘ Read more
Passkeys: The Waterproof Defense Against Phishing Attacks
The Passkeys — a next-generation authentication technology poised to be a game-changer, offering what many describe as a truly waterproof…
[Continue reading on InfoSec Write-ups … ⌘ Read more
Walkthrough - Host & Network Penetration Testing: System-Host Based Attacks CTF 2 ⌘ Read more
What do your cats do that makes you laugh out loud? Mine hides behind a see through curtain eying my toes to attack ⌘ Read more
After 3 days of consecutive attacks on Ukraine, Russia calls UN meeting over alleged European ‘threats to peace’ ⌘ Read more
[$] Glibc project revisits infrastructure security
The GNU C Library
(glibc) is the core C library for most Linux distributions, so it is a
crucial part of the open-source ecosystem—and an attractive
target for any attackers looking to carry out supply-chain
attacks. With that being the case, securing the project’s
infrastructure using industry best practices and improving the
security of its development practices are a frequent topic among glibc
developers. A recent discussion suggests that improveme … ⌘ Read more
[$] System-wide encrypted DNS
The increasing sophistication of attackers has organizations
realizing that perimeter-based security models are inadequate. Many
are planning to transition their internal networks to a zero-trust\
architecture. This requires every communication on the network to
be encrypted, authenticated, and authorized. This can be achieved in
applications and services by using modern communication
protocols. However, the world still depends on Domain Name Syste … ⌘ Read more
Hundreds of drones attack Russia with impacts, disruption reported in Moscow ⌘ Read more
Did Harvard reject Barron Trump? Truth behind his college choice has sparks buzz online
, - The Economic Times (India)
_Stephan: I have been following closely Trump’s attack on Harvard. At one level it is clearly part of MAGAt coup to intimidate or take over universities, so they do what the MAGAt fascists want, indoctrinate instead of educate. But there is something weird and personal about what Trump is doing and saying. According … ⌘ Read more
Demystifying Cookies : The Complete Guide for Bug Bounty Hunters — Part 1
Everything you need to know about cookies to expand your attack surface and find real bugs.
[Continue reading on InfoSec Write-ups »](h … ⌘ Read more
Russia can attack Europe 2-4 years after war’s end, faster with lifted sanctions, Ukrainian intel chief warns ⌘ Read more
Russia says Trump’s attack on Putin due to “emotional overstrain” ⌘ Read more
Trump calls Putin ‘absolutely crazy’ after largest Russian attack on Ukraine - BBC News ⌘ Read more
Russia launches war’s largest air attack on Ukraine, kills at least 12 people ⌘ Read more
Trump calls Putin ‘crazy’ after largest Russian attack on Ukraine ⌘ Read more
Zelensky says ‘US silence’ over Russian attacks ‘encourages Putin’ ⌘ Read more
German Foreign Minister Johann Wadephul called for additional EU sanctions against Russia on May 25 following Russia’s large-scale overnight attack on Ukraine that killed 12 and injured 79. ⌘ Read more
Ukraine’s Zelenskyy denounces U.S. silence after massive Russian drone-and-missile attacks ⌘ Read more
Russia launches mass attack on Kyiv, Ukrainian cities for second night in row ⌘ Read more
Russia launches major aerial attack on Ukraine capital ⌘ Read more
Ukraine is using helium-filled balloons to extend the range of its attack drones ⌘ Read more
Kyiv comes under large-scale Russian drone and missile attack with explosions heard throughout city ⌘ Read more
Is GNOME Conducting False Flag Attacks to Smear Lunduke?
Very bizarre things are happening within GNOME. ⌘ Read more
$750 Bounty: for HTTP Request Smuggling on Data.gov
How a cleverly crafted desync attack revealed a hidden path to client-side compromise, JS injection and potential cookie theft
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ … ⌘ Read more
Training Solo: On the Limitations of Domain Isolation Against Spectre-v2 Attacks
Comments ⌘ Read more
DCShadow Attacks: Subverting Active Directory Replication for Stealthy Persistence
Technique that allows adversaries to manipulate directory data by simulating the behavior of a legitimate Doma … ⌘ Read more
Master CRLF Injection: The Underrated Bug with Dangerous Potential
Learn how attackers exploit CRLF Injection to manipulate HTTP responses, hijack headers and unlock hidden vulnerabilities in modern web…
[Continue rea … ⌘ Read more
A Guide to SQL Injection Attacks: Hackers Don’t Want You to Know This!
Imagine your website as a big toy box filled with treasures — like user info, passwords, or blog posts — and you’ve got a robot helper…
[Contin … ⌘ Read more
Stop Uncapped Cloud Billing
This emerging community was created when its author got a single-day cloud bill of $97k due to a DoS attack that killed his small business.
[$] Injecting speculation barriers into BPF programs
The disclosure of the Spectre\
class of hardware vulnerabilities created a lot of pain for kernel
developers (and many others). That pain was especially acutely felt in the
BPF community. While an attacker might have to painfully search the kernel
code base for exploitable code, an attacker using BPF can simply write and
load their own speculation gadgets, which is a much more efficient way of
operating. The BPF comm … ⌘ Read more
i love it when k-pop girls get to do unusual genres. you ever wanted to hear a k-pop girl group do something massive attack-ish with a bit of breakbeat? well we got it https://www.youtube.com/watch?v=jy0qJC6IbgY
Secure your Python applications: Best practices for developers
Practical security tips every Python developer should know — from dependency safety to protecting against injection attacks and securing…
[Continue reading on InfoSec Write … ⌘ Read more
Nagatoro third attack animation video by Zukanyan ⌘ Read more
**IDOR Attacks Made Simple: How Hackers Access Unauthorized Data **
IDOR Attacks Made Simple: How Hackers Access Unauthorized Data 🔐
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/idor-attacks-made-simple-h … ⌘ Read more
So, the “AI” bots have reached my website. Looks like they’re just slowly crawling everything at the moment – no DDoS-like attack yet. I wonder if that has something to do with my website being 100% static HTML. There are no GET parameters they can tweak and, at the end of the day, there’s not that much data on my server anyway … And maybe they have no idea what stagit is, so it doesn’t trigger “standard behavior”, like “this is a Gitea instance, let’s crawl this like crazy!”?
** The $2500 bug: Remote Code Execution via Supply Chain Attack** ⌘ Read more
Does anyone else wakes up to their feet being groomed and attacked every morning 🌅 ⌘ Read more
**Path Traversal Attack: How I Accessed Admin Secrets **
Path Traversal Attack: How I Accessed Admin Secrets 📂
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/path-traversal-attack-how-i-accessed-admin-secrets-fa5de1865031?source … ⌘ Read more
Top 5 Open Source Tools to Scan Your Code for Vulnerabilities
These tools help you find security flaws in your code before attackers do.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/top-5-open-source-tools-to-s … ⌘ Read more
How to Create a Botnet Using One Tool: A Proof of Concept for Educational Purposes Aspiring…
Learn how attackers build and control botnets — safely and ethically — using … ⌘ Read more
CNCF Announces Graduation of in-toto Security Framework, Enhancing Software Supply Chain Integrity Across Industries
NYU Tandon-developed software security framework achieves highest CNCF maturity level, combating rising software supply chain attacks SAN FRANCISCO, CA, April 23, 2025 – The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native… ⌘ Read more
@aelaraji@aelaraji.com sounds like a panic attack to me 🤯
Also, I should cut down on coffee. Seriously, I’ve nearly had a … I honestly don’t know what it was; A Panic attack? A heart attack? I dunno, I just felt like my heart and lungs were so about to burst I had to go for a run to cope.
Update. This is the face of a cat who got sent home cause he attacked the vet and now has to come back drugged up. ⌘ Read more
‘Deep red rural America’ hurts most as Trump attacks on liberal programs backfire: report
Jennifer Bowers Bahney, Contributing Writer - Raw Story
_Stephan: Just as I, and many others have predicted, MAGAt world is going to experience the worst effects of the Trump coup and dismantlement of the economy and government. And in many ways, MAGAt voters didn’t even think about that when they voted. Here is an example of what I mean. I think … ⌘ Read more
SHE SURVIVED! She was attacked by a male cat when I found her downstairs. Thought she would be gone, but she survived!🥹 ⌘ Read more
️ Blind XSS Attack in Production: My Favorite Exploit with a Delayed Surprise
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/%EF%B8%8F-bli … ⌘ Read more
@eapl.me@eapl.me This is one of my concerns too. The moment you post publicly ciphertext, you open yourself up for future attacks on the ciphertext, which you really want to avoid if you can. If you have a read of the Salty.im Spec you’ll note we went to great lengths to protect the user’s privacy as well as their identity and make it incredibly hard to guess at inboxes. It’s still a WIP, but I’d love to see it progressed even further – I truly feel strongly about a purely decentralised messaging ecosystem 👌