#4 RFI: From an External URL Into your Application
Understanding RFI isn’t just about finding a bug; it’s about recognizing a critical design flaw that, if exploited, hands an attacker the…
[Continue reading on InfoSec Write-ups »](https://infosecwrit … ⌘ Read more
When I end my day fixing a bug ⌘ Read more
When I fix a bug in prod before anyone notices ⌘ Read more
The $2,000 Bug That Changed My Life: How a Tiny URL Parameter Broke Web-Store Pricing !! ⌘ Read more
“The $10,000 Handlebars Hack: How Email Templates Led to Server Takeover”
While studying advanced template injection techniques, I came across one of the most fascinating bug bounty stories I’ve ever encountere … ⌘ Read more
How I Reported a Pre-Account Hijack Affecting Any Gmail User (Even Google Employees)- My Bug… ⌘ Read more
DietPi October 2025 Update Adds Support for NanoPi R3S, R76S, and Reworked Dashboard
The October 18th release of DietPi v9.18 introduces support for new FriendlyELEC single-board computers, a redesigned DietPi-Dashboard with improved security, and the addition of the LazyLibrarian eBook and audiobook manager. The update also includes bug fixes, filesystem improvements, and expanded compatibility for virtual devices DietPi: DietPi is a lightweight, Debian-base … ⌘ Read more
Release Candidate for iOS 26.1, macOS Tahoe 26.1, iPadOS 26.1 Available for Testing
Release Candidate builds of iOS 26.1, macOS Tahoe 26.1, and iPadOS 26.1, are now available for users participating in the beta testing programs for Apple system software. Release Candidate (RC) builds are typically the final version in a beta period, absent any major bugs, and the release of an RC build indicates the final versions … [Read More](https://osxdaily.com/202 … ⌘ Read more
↳
In-reply-to
»
Hmmm 🧐 I'm annectodaly not convinced so-called "AI"(s) really save time™. -- I have no proof though, I would need to do some concrete studies / numbers... -- But, there is one benefit... It can save you from typing and from worsening RSI / Carpal Tunnel.
⤋ Read More
@movq@www.uninformativ.de I guess I wasn’t talking about the speed of interesting text/context, but more the “slowness” of these tools. I think I can build/ solutions and fix bugs faster most of the time? Hmmm 🤔 I think the only thing it’s able to do better than me is grasp large codebases and do pattern machines a bit better, mostly because we’re limited by the interfaces we have to use and in my ase being vision impaired doesn’t help :/
Fixed following page template bug so cached feed counts render without errors. cc @bender@twtxt.net
Tuckr - Stow alternative with symlink checking
I’ve been using Stow for a few years now. At the time (2020) Stow had a bug where it would just fail with a cryptic error and the maintainer didn’t have time to fix it, the bug was there for 2 years or so. So I got fed up and decided to try and fix it but I didn’t know perl nor did I want to learn it, so I decided to rewrite Stow and fix the issue. To fix it I decided that I track all symlinks and give users a nice way to see what was going on. So the entire project was based on having a n … ⌘ Read more
Top security researcher shares their bug bounty process
For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to put the spotlight on a talented security researcher—@dev-bio!
The post Top security researcher shares their bug bounty process appeared first on The GitHub Blog. ⌘ Read more
Beta 4 of iOS 26.1, macOS Tahoe 26.1, iPadOS 26.1 Available for Testing
Apple has issued the fourth beta of iOS 26.1, iPadOS 26.1, and macOS Tahoe 26.1, for users enrolled in the beta testing programs for Apple system software. The betas continue to offer refinements, adjustments, improvements, and bug fixes to the various OS 26 operating systems. The latest 4th beta build includes a new Liquid Glass … [Read More](https://osxdaily.com/2025/10/20/beta-4-of-ios-26-1 … ⌘ Read more
Mathieu Pasquet: slixmpp v1.12
This version is out mostly to provide a stable version with compatibility with the newly released Python 3.14, there are nonetheless a few new things on top.
Thanks to all contributors for this release!
Fixes- Bug in MUC self-ping ( XEP-0410) that would create a traceback in some uses
- Bug in SIMS ( XEP-0447) where all media would be marked as inline
- Python 3.14 breakage
- Prono … ⌘ Read more
25. Monetizing Your Skills Beyond Bug Bounty
Turn your hacking expertise into a thriving career beyond bounties.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/25-monetizing-your-skills-beyond-bug-bounty-a6b503d6b6dc?source=rss—-7b722bf … ⌘ Read more
When I run into a bug I thought I had fixed weeks ago ⌘ Read more
How I Found a $250 XSS Bug After Losing Hope in Bug Bounty
📌 Free Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-a-250-xss-bug-after-losing-hope-in-bug-bounty-8ab557df4d1d?source=rss—-7b722bf … ⌘ Read more
How to Find XSS Vulnerabilities in 2 Minutes [Updated]
My simple yet powerful technique for spotting XSS vulnerabilities during bug hunting.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/find-xss-vulnerabilities-in-just-2-minutes-d14b63d00 … ⌘ Read more
When we have to fix a bug in a hurry without being able to run the project locally ⌘ Read more
A Bug Hunter’s Guide to CSP Bypasses (Part 1) ⌘ Read more
CTF to Bug Bounty: Part 1 of the Beginner’s Series for Aspiring Hunters
From CTF flags to real-world bugs — your next hacking adventure starts here.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups. … ⌘ Read more
“The Overlooked P4 Goldmine: Turning Simple Flaws into Consistent Bounties”
We’ve all been there — scrolling through bug bounty platforms, seeing hunters post about critical RCEs and complex chain exploit … ⌘ Read more
** How to Use AI to Learn Bug Hunting & Cybersecurity Like a Pro (in 2025)**
Hey there 👋,
I’m Vipul, the mind behind The Hacker’s Log — where I break down the hacker’s mindset, tools, and secrets 🧠💻
[Continue reading … ⌘ Read more
Authentication bypass via sequential user IDs in Microsoft SSO integration | Critical Vulnerability
If you’re a penetration tester or bug bounty hunter, n … ⌘ Read more
Account Take Over | P1 — Critical
It started off like any other day until I got an unexpected email — an invite to a private bug bounty program. Curious, I jumped in. The…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/account-take-over-p1-critical-5468ce8218b9?sour … ⌘ Read more
The weirdest bug:When Reflected XSS Won’t Let a Page Breathe ⌘ Read more
The Critical $1000 Bug:(blind SQL injection) ⌘ Read more
22. How to Get Invites to Private Programs
Unlock the secrets to landing exclusive private program invites and level up your bug bounty journey.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/22-how-to-get-invites-to-private-programs-9bbb5166 … ⌘ Read more
The $500 Stored XSS Bug in SideFX’s Messaging System
Hacking the Inbox: How a $500 Stored XSS Bug Exposed SideFX’s Messaging Flaw
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-500-stored-xss-bug-in-sidefxs-messaging-sys … ⌘ Read more
How I found Multiple Bugs on CHESS.COM & they refused
I found JS crash, disallowing anyone to view your profile and HTML Injection. But they ignored everything.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-multiple-bug … ⌘ Read more
We found a bug in Go’s ARM64 compiler
Article URL: https://blog.cloudflare.com/how-we-found-a-bug-in-gos-arm64-compiler/
Comments URL: https://news.ycombinator.com/item?id=45516000
Points: 502
# Comments: 85 ⌘ Read more
How a top bug bounty researcher got their start in security
For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher — @xiridium!
The post How a top bug bounty researcher got their start in security appeared first on The GitHub Blog. ⌘ Read more
How a Single Signup Flaw Exposed 162,481 User Records
My $8,500 Bug Bounty Story and the Critical Lesson in Authentication
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-a-single-signup-flaw-exposed-162-481-user-re … ⌘ Read more
Mastering Google Dorking: Discovering Website Vulnerabilities
Deep Recon Made Simple: Powering Bug Hunting with Dorking Strategies
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/mastering-google-dorking-d … ⌘ Read more
MacOS Tahoe 26.0.1 Update Released to Fix Mac Studio Installation Bug
Apple has issued MacOS Tahoe 26.0.1 as a software update for Tahoe users. The update focuses primarly on resolving an issue for Mac Studio owners who were not able to install the initial MacOS Tahoe 26 release onto the M3 Ultra version of the Studio. Apparently other bug fixes and security improvements are included as … [Read More](https://osxdaily.com/2025/09/29/macos-tahoe-26-0-1-update-releas … ⌘ Read more
iOS 26.0.1 Update Released to Fix Various iPhone 17 Issues, & Blank Screen Icons
Apple has released the first update for iOS 26.0.1, which includes a handful of bug fixes specifically aimed at the new iPhone 17 lineup, as well as addressing an issue for all devices where Home Screen icons can appear blank after using various Liquid Glass customization settings, and another issue where VoiceOver might disable itself … [Read More](https://osxdaily.com/2 … ⌘ Read more
DietPi September 2025 Update Brings Faster Backups and Roon Server Early Access
The September 20th release of DietPi v9.17 introduces smaller and more efficient system images, faster backups with reduced disk usage, and a new toggle for Roon Server’s early access builds. The update also addresses SPI bootloader flashing issues on Rockchip devices, improves Raspberry Pi sound card handling, and includes multiple bug fixes across tools and […] ⌘ Read more
↳
In-reply-to
»
Task for this weekend:
⤋ Read More
@lyse@lyse.isobeef.org That looks like an older bug report. Which groff version is that (groff --version)?
↳
In-reply-to
»
Task for this weekend:
⤋ Read More
@movq@www.uninformativ.de I got an empty line through the table, similarly to one of the linked bug reports, just at a different location:
https://lyse.isobeef.org/tmp/screenshot-2025-09-27-13-56-13.png
↳
In-reply-to
»
Task for this weekend:
⤋ Read More
Okay, now that I knew what to look for, I found existing bug reports:
Most importantly:
This is resolved in the groff trunk.
🥳
Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives
For this year’s Cybersecurity Awareness Month, GitHub’s Bug Bounty team is excited to offer some additional incentives to security researchers!
The post [Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives](https://github.blog/security/vulnerability-research/kicking-off-cybersecurity-aware … ⌘ Read more
↳
In-reply-to
»
whyyyyy is my discover page only showing 7 twts!!!
⤋ Read More
@kat@yarn.girlonthemoon.xyz Mine shows 1/1 of 14 Twts 😆 I think this is a bug 🤯
Ignite Realtime Blog: Openfire 5.0.2 release!
The IgniteRealtime community is happy to announce a new release of its open source, real-time communications server server Openfire! Version 5.0.2 brings a number of stability improvements and bug fixes.
Notably, it addresses a recently identified security vulnerability, identifies as CVE-2025-59154. The issue allows for potential identity spoofing via unsafe Common Nam … ⌘ Read more
↳
In-reply-to
»
(#z25erwq) @lyse a content warning is kind of like a forum spoiler cut, or like the
⤋ Read More
<details> tag in HTML; it lets you write a sentence or so that someone can then click to expand to see the actual post. it's called a CW because most people use it to warn for potentially triggering/harmful subjects, but you can really use it for anything, like spoilers in a TV show or even for joke punchlines
@kat@yarn.girlonthemoon.xyz Ta. The only good use for <details> is to collapse long logs in bug analysis reports. Other than that, I find it rather annoying to expand sections manually.
As for spoilers, personally, I don’t care at all. Not the slightest bit. If there is something that I don’t wanna read, I just stop reading. ¯_(ツ)_/¯
But I’ve got the feeling that I’ve got an unpopular opinion on that matter. ;-)
Mathieu Pasquet: slixmpp v1.11
This new version includes a few new XEP plugins as well as fixes, notably
for some leftover issues in our rust JID code, as well as one for a bug that
caused issues in Home Assistant.
Thanks to everyone who contributed with code, issues, suggestions, and reviews!
CI and buildNicoco put in a lot of work in order to get all possible wheels built in CI. We now have manylinux and musl builds of everything doable within codeberg,
published to the codeberg pypi repo, and published on pypi. … ⌘ Read more
↳
In-reply-to
»
@itsericwoodward Also just a heads up, GIF(s) aren't supproted as an Avatar type on
⤋ Read More
yarnd (what runs twtxt.net). I'd change this to something that's more supproted like PNG, JPEG, etc.
@eric@itsericwoodward.com Name change is no worries! 😉 Interesting/funnily enough my client yarnd seems to have picked it up automatically which is nice (I’ve historically always had a few bugs to iron out there 🤣)