คุณอาจชื่นชอบ
Slonser's Chrome 0day
Facebook page admin and email disclosure philippeharewood.com/page-admin-and…
I like to bypass XSS filters and sanitizers, so I keep forgetting to test for CSS exfiltration when I have HTML injection. This reminded me of the sic tool by @d0nutptr from a Singapore LHE, but there's also a cool list from @PortSwigger 👇 github.com/PortSwigger/cs…
2 AM in a Tokyo hotel room: @assetnote x Depi find a Dependency Confusion vuln that lands RCE on Netflix ! 🚀 Shout-out to @infosec_au for the "keep digging" spark & Netflix security for stellar triage. Full write-up in thread 🧵
10 ways to encode IPs to bypass validations 👇 8.8.1028 → Partial Decimal (Class B) Combines the 3rd and 4th octets: 4 × 256 + 4 = 1028 8.525316 → Partial Decimal (Class A) Combines the last three octets into one decimal number 0x08.8.004.004 → Mixed Encoding Hexadecimal +…
This is how DOM clobbering works. When you create an element with an id, the browser automatically creates a global variable for that ID: <a id="foo"></a> Now window.foo points to that single element. But when you create multiple elements with the same id: <a…
This #NahamCon2025 talk has generated over $50,000 in bounties for @YShahinzadeh and a few other hackers: Puny-Code, 0-Click Account Takeover. 🎥👉🏼youtu.be/4CCghc7eUgI
<img srcset=1 onerror=alert(1)>
The src attribute on <img> is no longer required. github.com/whatwg/html/is…
This includes a fun trick with User Activation. It can be used to detect when actions like shortcuts and clicks happen inside cross-origin iframes:
I creating a thingy called clipjacking imagine getting hacked by copying text on a website. It's basically clickjacking but better blog.jaisal.dev/articles/cwazy… Repost and follow or I'll steal your NFTs >:3
blog.jaisal.dev
Clipjacking: Hacked by copying text - Clickjacking but better
I created a new attack called clipjacking. One might even call it clickjacking but better. Read the post and I'll show you how to do it and some potential applications.
I think many people are familiar with the topic of blind CSS exfiltration, especially after the post by @garethheyes However, an important update has occurred since then, which I wrote below ->
🚨 1st KNOXSS GIVEAWAY of 2025 ! 🚨 LIKE + SHARE this to have a chance to win one of the following subscriptions: 1 Pro 3-month 1 Pro 6-month 1 Pro 1-year Winners of the draw will be announced next week. Good luck! 😀 knoxss.pro - XSS for pros.
the research paper is out: Next.js and the corrupt middleware: the authorizing artifact result of a collaboration with @inzo____ that led to CVE-2025-29927 (9.1-critical) zhero-web-sec.github.io/research-and-t… enjoy the read!
This bug is NUTS. @xssdoctor spent so much time, moved heaven and earth, and bent the app to his will. Normally something like this would be a Critical Thinkers drop on the CTBB Discord. But today, we'll drop the explanation live, and the lab will be in Cters on Discord.
Leaking the email of any YouTube user for $10,000 brutecat.com/articles/leaki…
brutecat.com
Leaking the email of any YouTube user for $10,000
What could've been the largest data breach in the world - an attack chain on Google services to leak the email address of any YouTube channel
We just released a new article on how we made 50,000$ in #BugBounty by doing a really cool Software Supply Chain Attack🔥 🔗Link: landh.tech/blog/20250211-…
⚠️ Giveaway time! ⚠️ 👇 📢 Our new course "Attacking AI" will be Feb 27-28! This two-day course equips security professionals with the tools and methodologies to identify vulnerabilities in AI systems. It's gonna be a BANGER. Syllabus: payhip.com/b/2qPZ1 We are giving…
payhip.com
Arcanum Information Security
Arcanum Information Security
HackenProof Hall of Fame: Weekly Edition! Say hello to our cyber rockstars who crushed it this week: 🏅 MVP: @KAVEYJOE – The ultimate Web3 guardian! ⚡ Rising Star: @geekboyranjeet – Making waves with every report! 🔥 Top Contributor: @Kerolos700 – A powerhouse of skills!…
Huge Congrats to Last Week’s Top Hackers! Let’s celebrate the outstanding achievements of our top-3 leaderboard heroes: 🥇 @LadsDem – Setting the standard for excellence! 🥈 @geekboyranjeet – Pushing boundaries with every report! 🥉 @ssankhwarfbl – A powerhouse of…
Honored to receive a reward and certificate of contribution from @NCIIPC for supporting the protection of critical information infrastructure by identifying key vulnerabilities. #bugbounty #hacking #nciipc
United States เทรนด์
- 1. #เพียงเธอตอนจบ 211K posts
- 2. LINGORM ONLY YOU FINAL EP 204K posts
- 3. Good Friday 50.5K posts
- 4. #FanCashDropPromotion N/A
- 5. #FridayVibes 5,071 posts
- 6. Ayla 30.8K posts
- 7. Tawan 59.5K posts
- 8. Cuomo 108K posts
- 9. Happy Friyay 1,032 posts
- 10. Dorado 4,216 posts
- 11. Justice 335K posts
- 12. #FursuitFriday 12.1K posts
- 13. Mamdani 257K posts
- 14. Shabbat Shalom 2,182 posts
- 15. RED Friday 2,545 posts
- 16. #FridayMotivation 3,381 posts
- 17. Flacco 102K posts
- 18. Finally Friday 2,387 posts
- 19. New Yorkers 45.6K posts
- 20. Bolton 256K posts
คุณอาจชื่นชอบ
-
Sheikh Rishad
@sheikhrishad0 -
Sunil Yedla
@sunilyedla2 -
Shiv chouhan
@1ndianl33t -
0x0Asif🇧🇩
@0x0asif -
Ahsan Shahid
@hunter0x8 -
Deepak Dhiman🇮🇳
@Virdoex_hunter -
Chevy Phillip
@chevyphillip -
Samuel V.
@sign3tsh3l1 -
Ninad Mathpati 🇮🇳
@Ninad_Mathpati -
Cr33pb0y
@cr33pb0y -
Imran Huda(Ahhad)
@imranHudaA -
Avanish Pathak
@avanish46 -
Udit Bhadauria
@udit_thakkur -
Jon Nichols
@spencer_5cent -
Aditya sharma 🇮🇳
@Assass1nmarcos
Something went wrong.
Something went wrong.