Securing the software supply chain: How distroless containers defend against npm malware attacks
The wake-up call: npm ‘is’ package compromise In July 2025, the npm package “is”—downloaded millions of times each week—was quietly hijacked. A simple phishing email to its maintainer opened the door for attackers to inject malicious… ⌘ Read more
↳
In-reply-to
»
@lyse LOLz! Way to destroy @prologic's newest playground! :-P
⤋ Read More
Cool. I think I’ve improved this abit. Update going out shortly… Also added optional support for displaying gravatar(s) if you supply your email address (optional of course).
“The $10,000 Handlebars Hack: How Email Templates Led to Server Takeover”
While studying advanced template injection techniques, I came across one of the most fascinating bug bounty stories I’ve ever encountere … ⌘ Read more
Not so proud to be American — ‘fed up’ expats renounce citizenship
Steve Hendrix, - msn
_Stephan: Today, I got the third email I have received since August from an SR reader living overseas telling me they are giving up their American citizenship. I have known many Americans living overseas, but until recently, I couldn’t remember any of them telling me they were giving up their American citizenship. However, as this article describes, renouncing American c … ⌘ Read more
“detect-fash” Feature Developed (and Rejected) for Systemd
“A utility to detect problematic software and configurations,” such as Omarchy Linux, Hyprland, & Ladybird, was developed by an account with a Russian Military email address. ⌘ Read more
Account Take Over | P1 — Critical
It started off like any other day until I got an unexpected email — an invite to a private bug bounty program. Curious, I jumped in. The…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/account-take-over-p1-critical-5468ce8218b9?sour … ⌘ Read more
The good thing about having a tablet now and spending time with it instead of my laptop the last few days is that I finally brought down my reading list in Miniflux a lot. I also answered emails and checked a few other tasks off my (mental) to-do list. ⌘ Read more
↳
In-reply-to
»
My open letter, to the European Commission digital markets act team:
⤋ Read More
@movq@www.uninformativ.de I am betting he will not. The letter was not focused, nor used, politician’s “lingo”. If it was sent via email then it will be even easier to dismiss. I wish I was not such a cynic! 😩
I keep getting this email occadionally:
Your iCloud storage is almost full
Now for various reasons, I don’t want my children to be using iCloud to store data, files, photos or any of the sort. They’re free to use iMessages, and other Apple services like the App Store, etc, but not storage.
So I’ve set about blocking iCloud Storage API(s) via AdGuard Home tonight as well as ensuring that my local network (client users) cannot bypass DNS policies and get out other sneaky ways, because some applications will just use other DNS servers, or DOH or DOT.
My Recon Automation Found an Email Confirmation Bypass
How a simple parameter led to a complete authentication bypass
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/my-recon-automation-found-an-email-confirmation-byp … ⌘ Read more
Gmail will no longer support checking emails from third-party accounts via POP
Article URL: https://support.google.com/mail/answer/16604719?hl=en
Comments URL: https://news.ycombinator.com/item?id=45439670
Points: 649
# Comments: 366 ⌘ Read more
Earlier this year, I used Purelymail until I switched back to a self-hosted email server. Today, I found out that Purelymail was sold shortly after I closed my account due to health reasons. The new owner has pledged to continue the service in the same spirit as its founder, who always provided excellent support when I needed it. My reason for switching wasn’t due to any dissatisfaction with Purelymail; I simply wanted more control and to host my data in Europe again. I wish Purelymail all the best and hope it conti … ⌘ Read more
↳
In-reply-to
»
@movq Right now I'm basically just blocking entire ASN(s) at this point and large blocks of IP(s) from Anthropic, OPenAI, Microsoft and others.
⤋ Read More
@prologic@twtxt.net I’m doing that now as well, but I don’t think this is a good solution. This is going to hurt “self-hosting” in the long run: I cannot afford true self-hosting where I actually do host everything here at home – instead, I must use a cloud provider / VPS for that. It is only a matter of time until my provider starts doing AI shit as well (or rather, the customers do it) and then what? I get blocked, e.g. I can’t send email to (some) people anymore. This is already bad and it’s going to get worse.
↳
In-reply-to
»
hey! i asked this a while ago but i have to ask again -- is anyone willing to offer space on their yarn pod to my friend? i would love to invite her to my own but she's unable to access my site for personal reasons. she's really interested in seeing what yarn is about so if anyone is willing and able, let me know!
⤋ Read More
@prologic@twtxt.net i’ll email you!
Unless your Terms of use update email looks and reads the same as the one I got yesterday from mastodon.social, I don’t wanna know about it, nor do I agree to it.
@movq@www.uninformativ.de > That guy over there in the corner…
I’m literally sitting in a corner chuckles. I rarely get any emails nowadays. But if I do and it is not plain-text, then my Mutt gets to bark at it and I, just… won’t read it. 🤷🏽♂️
@movq@www.uninformativ.de make that 4 people! i use plain text when i can because this page convinced me lmfao
@lyse@lyse.isobeef.org … because you, me, and that guy over there in the corner are the only three people left using plain-text email. 🫤 (And probably Stallman.)
**Abuse-ception: How I Turned the Abuse Report Feature Into a Mass Email Spammer **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/abuse-ception-how-i-turned-the- … ⌘ Read more
$7,500 Bug: Exposing Any HackerOne User’s Email via Private Program Invite
How One GraphQL Query Turned Private Invites into Public Data Leaks
[Continue reading on InfoSec Write-ups »](https://infosecwrite … ⌘ Read more
How a Welcome Email Can Be Used for Malicious Redirection
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-a-welcome-email-can-be-used-for-malicious-redirection-fd833ec71550? … ⌘ Read more
**Header Injection to Hero: How I Hijacked Emails and Made the Server Sing **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/header-injection-to-hero-how-i-hijacked-emails-an … ⌘ Read more
**Silent but Deadly: How Blind XSS in Email Notifications Gave Me Root Alerts **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/silent-but-deadly-how-blind-xss-in-email … ⌘ Read more
Where is “Hide My Email” on iPhone & iPad?
The “Hide My Email” feature on iPhone is incredibly useful, allowing you to create random unique email addresses that forward to your real email address inbox. This feature can help protect your privacy by allowing you to sign up for apps or services without sharing your real email address, while enhancing security from phishing attempts, … Read More ⌘ Read more
Where is “Hide My Email” on iPhone & iPad?
The “Hide My Email” feature on iPhone is incredibly useful, allowing you to create random unique email addresses that forward to your real email address inbox. This feature can help protect your privacy by allowing you to sign up for apps or services without sharing your real email address, while enhancing security from phishing attempts, … Read More ⌘ Read more
E-COM: the $40 million USPS project to send email on paper
How do you get email to the folks without computers? What if the Post Office printed out email, stamped it, dropped it in folks’ mailboxes along with the rest of their mail, and saved the USPS once and for all? And so in 1982 E-COM was born—and, inadvertently, helped coin the term “e-mail.” ↫ Justin Duke The implementation of E-COM was awesome. You’d enter the messages on your computer, send it to the post office usi … ⌘ Read more
VPS troubles and the weekend
This weekend I went to the cottage with P on Friday. I hoped I would
have a nice weekend reading in front of the wood stove, but I had also
planned to spend at least a few hours trying to configure Maddy as the
new mail server for hack.org et al.
Then the web server I moved to the new VPS died. Again. I connected to
the VNC console and, like before, the Linux kernel couldn’t find its
root disk. A simple:
# mount /dev/vda2 /sysroot; exit
in the emergency shell solved thi … ⌘ Read more
↳
In-reply-to
»
My main domain name turned 24 years old today. That feels weird.
⤋ Read More
@prologic@twtxt.net I will pull the email. The year is about right.
↳
In-reply-to
»
My main domain name turned 24 years old today. That feels weird.
⤋ Read More
According to a very old email one of my more personal family domains was registered in 2013 making it 12 years old, so I was closed 🤣 my public facing one is much much older 🤣
$100 Bounty: How a Spoofed Email Could Change Any Username on HackerOne
A simple email spoofing trick could let anyone hijack your HackerOne username and profile link
[Continue reading on InfoSec Write-ups »] … ⌘ Read more
@ About the URL, since it no longer used for hashing there might be no need to change it. I agree that we keep all the parts that already are out there for the most parts. Instead of a contact field you could also just use links like: link = Email mailto:user@example.dk or link = Signal https://signal.me/sthF4raI5Lg_ybpJwB1sOptDla4oU7p[...]
@andros@twtxt.andros.dev Thanks for consolidating a lot of good ideas. Especially how you have deiced to just extend the mention syntax for location-based treads. This might even be backward compatible with older (pre-yarn) clients.
What about using Z for UTC +00:00- is that allowed in your specs?
Regarding url = I would suggest to only allow one and the maybe add url_old = or url_alt = !?
I’m still not a fan of a DM feature, even thou it helps that i have now been split out into a separate feed file. Instead if would suggest a contact = field for where people can put an email or other id/link for an established chat protocol like signal or matrix.
The Ultimate Guide to Email Input Field Vulnerability Testing
Real-world methods and payloads for testing email field security
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-ultimate-guide-to-email- … ⌘ Read more
$3750 Bounty: Account Creation with Invalid Email Addresses
How a Simple Email Validation Flaw Earned a $3,750 Bounty
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/3750-bounty-account-creation-with-invalid-em … ⌘ Read more
↳
In-reply-to
»
Finally I propose that we increase the Twt Hash length from
⤋ Read More
7 to 12 and use the first 12 characters of the base32 encoded blake2b hash. This will solve two problems, the fact that all hashes today either end in q or a (oops) 😅 And increasing the Twt Hash size will ensure that we never run into the chance of collision for ions to come. Chances of a 50% collision with 64 bits / 12 characters is roughly ~12.44B Twts. That ought to be enough! -- I also propose that we modify all our clients and make this change from the 1st July 2025, which will be Yarn.social's 5th birthday and 5 years since I started this whole project and endeavour! 😱 #Twtxt #Update
I also fundamentally do not believe in the notion that Twtxt should be readable and writable by humans. We’ve thrown this “argument” around in support of some of the proposals, and I just don’t buy it (sorry). As an analogy, nobody writes Email by hand and transmits them to mail servers vai SMTP by hand. We use tools to do this. Twtxt/Yarn should be the same IMO.
**WooCommerce Users Beware: Fake Patch Phishing Campaign Unleashes Site Backdoors **
Imagine this: you’re running your WooCommerce store, sipping coffee ☕, and an urgent email lands in your inbox. It scr … ⌘ Read more
Just like we don’t write emails by hand anymore (See: #a3adoka), we don’t manually write Twts or update our twtxt.txt feeds. Instead, we use modern Twtxt clients that conform to the specifications at Twtxt.dev for a seamless, automated experience. #Twtxt #Twt #UserExperience
Nobody writes emails by hand using RFC 5322 anymore, nor do we manually send them through telnet and SMTP commands. The days of crafting emails in raw format and dialing into servers are long gone. Modern email clients and services handle it all seamlessly in the background, making email easier than ever to send and receive—without needing to understand the protocols or formats behind it! #Email #SMTP #RFC #Automation
Hidden Tricks to Spot Phishing Emails Before They Trick You!
Phishing emails are like traps set by cybercriminals to trick you into sharing personal details, clicking dangerous links, or downloading…
[Continue reading on InfoSec Write-ups … ⌘ Read more
Email Verification Bypass during Account Creation | Insecure Design ⌘ Read more
Synology confirms that higher-end NAS products will require its branded drives
“Synology-branded drives will be needed for use in the newly announced Plus series, with plans to update the Product Compatibility List as additional drives can be thoroughly vetted in Synology systems,” a Synology representative told Ars by email. “Extensive internal testing has shown that drives that follow a rigorous validation process when paired with Synology systems are … ⌘ Read more
↳
In-reply-to
»
guys i may be stupid. i confused IRC bouncer with IRC server
⤋ Read More
@kat@yarn.girlonthemoon.xyz is there anything i can even run or is this like email where you should just use libera and shut up