I Built a Tool to Hack AI Models — Here’s What It Uncovered
A few months ago, I was auditing a chatbot deployed inside a financial services platform. It used a mix of retrieval-augmented generation…
[Continue reading on InfoSec Write-ups »](http … ⌘ Read more
**Caching Trouble: The Public Cache That Leaked Private User Data **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/caching-trouble-the-public-cache-that-leaked-private-user-data-0d410af5cb4c … ⌘ Read more
$500 Bounty: A Referer Leak in Brave’s Private Tor Window
When Anonymity Isn’t Anonymous: $500 Bounty for Revealing a Brave Referer Exposure
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/500-bounty-a-referer-leak-in … ⌘ Read more
Rust celebrates ten year anniversary with Rust 1.87.0 release
I generally don’t pay attention to the releases of programming languages unless they’re notable for some reason or another, and I think this one qualifies. Rust is celebrating its ten year anniversary with a brand new release, Rust 1.87.0. This release adds anonymous pipes to the standard library, inline assembly can now jump to labeled blocks in Rust code, and support for the i586 Windows target has been rem … ⌘ Read more
Part-2️♂️Bug Bounty Secrets They Don’t Tell You: Tricks From 100+ Reported Bugs
✨Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwri … ⌘ Read more
$500 Bounty: Race Condition in Hacker101 CTF Group Join
$500 for discovering a timing flaw in Hacker101’s invite system that let users join the same team multiple times
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/50 … ⌘ Read more
How a Simple Logic Flaw Led to a $3,250 Bounty
Claiming Unclaimed Restaurants on Zomato via OTP Manipulation
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-a-simple-logic-flaw-led-to-a-3-250-bounty-476d747bf57a?source=rss—-7b722 … ⌘ Read more
is there an idiomatic 1-command way to delete from suffix to end of some line later ⌘ Read more
On my blog: Real Life in Star Trek, Descent, part 1 https://john.colagioia.net/blog/2025/05/15/descent-1.html #scifi #startrek #closereading
Xiaomi joins Google Pixel in making its own smartphone chip
Following rumors, Xiaomi today announced that it will launch its very own chip for smartphones later this month. The “XRING 01” is a chip that the company has apparently been working on for over 10 years now. Details about the chip are scarce so far, but GizmoChina points to recent leaks that suggest the chip is built on a 4nm process through TSMC. The chip supposedly has a 1+3+4 layout and should lag just a bit … ⌘ Read more
** Blog Title: Not Your File: How Misconfigured MIME Types Let Me Upload Evil Scripts **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/blog-title-not-your … ⌘ Read more
☕Best Tool for Analyzing Java Files (90% of Hackers Don’t Know This)
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/best-tool-for-analyzing-java-files-90-of-hackers-dont-know-this- … ⌘ Read more
Expose & Explore: Discover misconfigured service protocols and ports using Linux
Internet Assigned Numbers Authority (IANA) is the organisation responsible for managing and assigning port number … ⌘ Read more
Hacking With No Tools: How to Break Web Apps Using Just Your Browser ️♂️
Hacking With No Tools: How to Break Web Apps Using Just Your Browser 🕵️♂️
[Continue reading on In … ⌘ Read more
Breaking In Through the Backdoor: Password Reset Gone Wrong
Imagine being able to take over any user’s account on a platform — even without their interaction. No phishing, no social engineering, and…
[Continue reading on InfoSec Wr … ⌘ Read more
Announcing Kyverno Release 1.14!
TL;DR We are excited to announce the release of Kyverno 1.14.0, marking a significant milestone in our journey to make policy management in Kubernetes more modular, streamlined, and powerful. This release introduces two new policy types… ⌘ Read more
↳
In-reply-to
»
@bender Basically the way I'm reading this is
⤋ Read More
1 RPM. This is a rather aggressive rate limit actually. This basically makes Github inaccessible and useless for basically anything unless you're logged in. You can basically kiss "pursuing" casually, anonymously goodbye.
@bender@twtxt.net 5, 4, 3, 2, 1 🤣
↳
In-reply-to
»
RIP GitHub https://github.blog/changelog/2025-05-08-updated-rate-limits-for-unauthenticated-requests/
⤋ Read More
@bender@twtxt.net Basically the way I’m reading this is 1 RPM. This is a rather aggressive rate limit actually. This basically makes Github inaccessible and useless for basically anything unless you’re logged in. You can basically kiss “pursuing” casually, anonymously goodbye.
Imagine if I imposed that kind of rate limit on twtxt.net?! 🤣
** JWT Exploitation: How I Forged Tokens and Took Over Accounts**
🔐Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/jwt-exploitation-how-i-forged-tokens-and-took-over-accounts-2e7ab1cf4df8?sour … ⌘ Read more
How I Found a Way to Prolong Password Reset Code Expiry
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-a-way-to-prolong-password-reset-code-expiry-6214391023de?source=rss—-7b7 … ⌘ Read more
How I Deleted Any User’s Account— No Interaction Needed
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-deleted-any-users-account-no-interaction-needed-faae0442ff4f?source=rss—-7b722bfd1 … ⌘ Read more
**Forget Me Not: How Broken Logout Functionality Let Me Ride Sessions Forever **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/forget-me-not-how-broken-logout-function … ⌘ Read more
1 year without my baby. Miss him every day ⌘ Read more
$256 Bounty : XSS via Web Cache Poisoning in Discourse
How Injecting Headers and Poisoning Cache Led to Stored Cross-Site Scripting
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/256-bounty-xss-via-web-cache-poisoning-in-d … ⌘ Read more
The Human Firewall: Why Your Employees Are Both Your Greatest Vulnerability and Asset
In the high-stakes world of cybersecurity, organizations invest millions in sophisticated technologic … ⌘ Read more
DCShadow Attacks: Subverting Active Directory Replication for Stealthy Persistence
Technique that allows adversaries to manipulate directory data by simulating the behavior of a legitimate Doma … ⌘ Read more
Part 1: How to Become a Pentester in 2025: Free & Affordable Online Labs ⌘ Read more
** How Hackers Bypass Login Pages with SQL, Logic Flaws, and Headers **
Welcome to the underworld of cybersecurity! 🌐 In this blog, we dive deep into how hackers bypass login pages — the digital gatekeepers of…
[Continue rea … ⌘ Read more
SameSite? SameMess: How I Bypassed Cookie Protections to Hijack Sessions ️♂️
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/samesi … ⌘ Read more
A brief history of the numeric keypad
The title is a lie. This isn’t brief at all. Picture the keypad of a telephone and calculator side by side. Can you see the subtle difference between the two without resorting to your smartphone? Don’t worry if you can’t recall the design. Most of us are so used to accepting the common interfaces that we tend to overlook the calculator’s inverted key sequence. A calculator has the 7–8–9 buttons at the top whereas a phone uses the 1–2–3 format. Subtle, but … ⌘ Read more
Master CRLF Injection: The Underrated Bug with Dangerous Potential
Learn how attackers exploit CRLF Injection to manipulate HTTP responses, hijack headers and unlock hidden vulnerabilities in modern web…
[Continue rea … ⌘ Read more
↳
In-reply-to
»
Sometimes things go wrong when buying CDs second-hand. I bought an album quite cheap – but as it turned out, they only checked the cover, not the content, so I got something else instead which is actually much more expensive. 🤣
⤋ Read More
The album I got by accident is starting to grow on me. Not that bad. 🤔 It’s Dredg – El Cielo, btw: https://www.youtube.com/watch?v=e4JB8rmXaO8&list=PLRASiMqDV8psZSFQi7nUX4p0R8oRHbUy_&index=1
Compress-a-thon — CSP Bypass via Redirection — Pentathon 2025
Compress-a-thon is a “web exploitation” challenge that was featured in Pentathon 2025 Finale Jeopardy CTF Round. This challenge involved…
[Continue reading on InfoSec Write-ups »](https://inf … ⌘ Read more
SSRF via PDF Generator? Yes, and It Led to EC2 Metadata Access
👨💻Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ssrf-via-pdf-generator-yes-and-it-led-to-ec2-metadata-access-39b8e5b41840 … ⌘ Read more
**The Hidden Language: Exploiting GraphQL for Unauthorized Data Dump **
Free Link🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-hidden-language-exploiting-graphql-for-unauthorized-data-dump-8 … ⌘ Read more
Bug Hunting in JS Files: Tricks, Tools, and Real-World POCs
✅Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-in-js-files-tricks-tools-and-real-world-pocs-b4d43dd41d8e?source=rss—-7 … ⌘ Read more
**Top 5 Easiest Bugs for Beginners in Bug Bounty **
Top 5 Easiest Bugs for Beginners in Bug Bounty 🐞
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/top-5-easiest-bugs-for-beginners-in-bug-bounty-45dd81c49e03?source=rss—-7b722bfd1b8d- … ⌘ Read more
$10,000 Bounty: HackerOne Report Comments Leak via “Export as .zip”
How a new export feature unintentionally exposed private discussions in limited disclosure reports
[Continue reading on InfoSec Write-ups »](https://infose … ⌘ Read more
Understanding Stealer Logs and Their Role in Security Testing — Part 1 ⌘ Read more
API Key Exposure in NASA GitHub Repository Leads to Unauthorized Access to Academic Data
🔓Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteu … ⌘ Read more