Seclog - #13
Spotlight: MyBB RCE, Bitwarden design flaw, Microsoft Teams RCE, Hacking Redis, SSH Key injection etc.
Photo by Mateus Campos Felipe on Unsplash
seclinks
Publisher’s Weekly Review of A Hacker’s Mind - Schneier on Security
SSH key injection in Google Cloud Compute Engine [Google VRP]
Towards a global framework for cross-border data flows and privacy protection
(DRAFT) Fearless CORS: a design philosophy for CORS middleware libraries (and a Go implementation)
Adding security headers to your SvelteKit application - EdOverflow
Simple Parenting Hacks: Tips and Scripts from a Hacker Dad · rez0
secvideo
Empathy, Bitwarden, Lexmark, Exchange, Dragonbridge, & Derek Johnson Talks About Hive - SWN #269
From zero to 6-digit bug bounty earnings in 1 year - Johan Carlsson - BBRD podcast #3
sectool
secgit
praetorian-inc/gato: GitHub Self-Hosted Runner Enumeration and Attack Tool
eddiechu/File-Smuggling: HTML smuggling is not an evil, it can be useful
projectdiscovery/pdtm: ProjectDiscovery's Open Source Tool Manager
jhy/jsoup: jsoup: the Java HTML parser, built for HTML editing, cleaning, scraping, and XSS safety.