Seclog - #21
Spotlight: Finding & Exploiting in H.264 Decoders, Fuzzing to JS, The Rule Of 2, Bypassing Amazon Kids+, DevOps threat matrix, LOLDrivers, etc.
Photo by Tayawee Supan on Unsplash
Spotlight: Finding & Exploiting in H.264 Decoders, Fuzzing to JS, The Rule Of 2, Bypassing Amazon Kids+, DevOps threat matrix, LOLDrivers, Twitter Algorithm CVE, Cloudflare's flan, securing JSON.parse, WTFBins, etc.
seclinks
XSS without HTML: Client-Side Template Injection with AngularJS
We put GPT-4 in Semgrep to point out false positives & fix code
Tool Release – shouganaiyo-loader: A Tool to Force JVM Attaches
A web security story from 2008: silently securing JSON.parse
The Uninvited Guest: IDORs, Garage Doors, and Stolen Secrets
secvuln
sectweet
Matt Jay on Twitter: "YubiKey and FIDO2 auth can make you virtually phishing proof?
Donncha Ó Cearbhaill on Twitter: "Super proud of our team at @AmnestyTech" / Twitter