📰 SecLinks
Go Go XSS Gadgets: Chaining a DOM Clobbering Exploit in the Wild | Brett Buerhaus - Detailed analysis of a DOM clobbering-based XSS exploit. Read More
Understanding Task Injection Vulnerabilities: A Bug Bounty Perspective - Insights into task injection vulnerabilities from a bug bounty viewpoint. Read More
The "KeyTrap" DNS Vulnerability [LWN.net] - Exploration of a critical DNS flaw. Read More
CSP Bypass on PortSwigger.net using Google Script Resources - Analysis of a CSP bypass using Google script resources. Read More
Attacking APIs - Strategies and methods for effective API attacks. Read More
GreyNoise Labs - Code Injection or Backdoor: A New Look at Ivanti’s CVE-2021-44529 - Investigating the Ivanti exploit. Read More
“To Live is to Fight, to Fight is to Live! - IBM ODM Remote Code Execution - Analysis of a remote code execution vulnerability in IBM ODM. Read More
Critical RCE Patched in Bricks Builder Theme - Patchstack - Discussion of a critical RCE vulnerability in the Bricks Builder theme. Read More
curl HTTP/3 Security Audit | daniel.haxx.se - A security audit of curl's HTTP/3 implementation. Read More
Bypassing Origin Policies to Exploit Local Network Devices | CYTRES - Techniques for exploiting local network devices by bypassing origin policies. Read More
AI for Security: Eight Areas of Opportunity - Menlo Ventures - Exploring the potential of AI in cybersecurity. Read More
Exploiting Cacheable Responses - Attack Ships on Fire - Techniques for exploiting cacheable HTTP responses. Read More
Nom for Security: A Proactive Security Review of Nomulus - Google Bug Hunters - A proactive security review of Google's Nomulus. Read More
Azure DevOps Zero-Click CI/CD Vulnerability - Uncovering a zero-click vulnerability in Azure DevOps. Read More
Strengthening Cyber Defenses: Best Practices for Email Security Headers - Best practices for implementing email security headers. Read More
TruffleHog Now Detects AWS Canaries without Setting Them Off ◆ Truffle Security Co. - TruffleHog's new capability to detect AWS canaries. Read More
Herr Bischoff's Blocklists - Comprehensive blocklists for improved online security and privacy. Read
🐦 SecTweet
Ron Masas on X - Discussion of stored XSS vulnerabilities in ChatGPT. View Tweet
Thomas Roccia 🤘 on X - Insights into analyzing data leaks in foreign languages. View Tweet
CertiK Alert on X - Alert about the DeezNutz_404 project exploit. View Tweet
🎥 SecVideo
- Vision Pro Teardown: Behind the Complex and Creepy Tech - A teardown analysis of the Vision Pro technology. Watch Here
💻 SecGit
xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability - Information on a Microsoft Outlook remote code execution vulnerability. Explore on GitHub
cloudflare/cfssl: CFSSL: Cloudflare's PKI and TLS toolkit - Cloudflare's toolkit for PKI and TLS. Explore on GitHubI hope this format meets your expectations!