Wazuh: The Free SIEM That Fights Like a Paid One ⌘ Read more
HACK-ERA CTF — Phase 1 Walkthrough ⌘ Read more
$840 Bounty: How I Stole OAuth Tokens from Twitter
A critical OAuth misconfiguration allowed stealing tokens with just a click
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/840-bounty-how-i-stole-oauth-tokens-from-twitter-733f8 … ⌘ Read more
Plug, Boot, Vanish: How I Turned a USB Stick into a Portable Privacy Fortress ⌘ Read more
深入解讀 MCP 協議最新版本的 4 大升級【下】:批處理與增強的工具註解
本篇接着爲大家解讀 MCP 協議最新修訂版本(2025-03-26)的四個較大升級的後兩項(上篇翻閱:深入解讀 MCP 協議最新版本的 4 大升級【上】:傳輸機制與安全授權):JSON-RPC 批處理 增強的工具註解 01JSON-RPC 批處理JSON-RPC 2.0 規範本身支持批量(Batch)模式,允許一次性發送一個包含多個請求對象的數組,服務器隨後可以返回 ⌘ Read more
Google requires Android applications on Google Play to support 16 KB page sizes
About a year ago, we talked about the fact that Android 15 became page size-agnostic, supporting both 4 KB and 16 KB page sizes. Google was already pushing developers to get their applications ready for 16 KB page sizes, which means recompiling for 16 KB alignment and testing on a 16 KB version of an Android device or simulator. Google is taking the next step now, requiring … ⌘ Read more
Is there any way to retain vim 7.4 search setting while using vim 9.1? ⌘ Read more
Bug Hunting in JS Files: Tricks, Tools, and Real-World POCs
🗝️Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-in-js-files-tricks-tools-and-real-world-pocs-70406e3eb72e?source=rss—-7 … ⌘ Read more
Building a Secure Home Network in 2025: Practical Tips ⌘ Read more
A Guide to SQL Injection Attacks: Hackers Don’t Want You to Know This!
Imagine your website as a big toy box filled with treasures — like user info, passwords, or blog posts — and you’ve got a robot helper…
[Contin … ⌘ Read more
Privilege Escalation with Docker Container ⌘ Read more
Tool Review — TraceWeb.io Extension ⌘ Read more
$100 Bounty: How a Spoofed Email Could Change Any Username on HackerOne
A simple email spoofing trick could let anyone hijack your HackerOne username and profile link
[Continue reading on InfoSec Write-ups »] … ⌘ Read more
️♂️ Unlisted but Not Unseen: How I Found the Admin Panel in a JavaScript Comment
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteu … ⌘ Read more
Mastering Linux Part 3: A Beginner’s Guide to APT and YUM Package Management
A Beginner’s Guide to APT and YUM Package Management
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com … ⌘ Read more
How to setup a Monthly Free VPS for Bug Hunting
In this article, I explained how to setup and use (GitHub CodeSpaces) for bug hunting
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-setup-a-monthly-free-vps-for-bug-hunting-d4 … ⌘ Read more
Revisiting the Past, Hacking the Future
From Invalid Reports to Real Vulnerabilities: The Path to Growth in Hacking
Hackers Love Your APIs: How to Defend Against 2025’s Biggest API Threats ⌘ Read more
A Penetration Tester’s Journey
Part 4 of “Beginner to Master in Linux” — A Penetration Tester’s Journey
AI Agents Unleashed: The Rise of Autonomous Systems Transforming Industries
The emergence of AI agents signifies a transformative shift in generative AI, evolving from simple chatbots to sophisticated … ⌘ Read more
Is Your App Protected? The Branch API Vulnerability You Need to Know About
$fallback_url is a helpful feature in Branch’s deep linking system — until someone uses it to redirect your users to phishing … ⌘ Read more
A Must-Have Tool for Bug Hunters: Find Open Redirect Vulnerabilities on Linux
Automate open redirection detection, save hours of manual testing, and level up your bug bounty recon game.
[Continue … ⌘ Read more
**Query Confusion: How HTTP Parameter Pollution Made the App Spill Secrets **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/query-confusion-how-http-parameter-pollution-made … ⌘ Read more
Securing Apache2 + PHP: Practical guide for safer web hosting
A practical security checklist to harden your Apache2 + PHP stack and protect your web applications from common vulnerabilities.
[Continue reading on InfoSec Write-ups »](https:// … ⌘ Read more
$2,900 Bounty: Public S3 Bucket Exposure in Shopify
How a Simple S3 Misconfiguration Exposed Private Images Across Shopify Stores and Earned a $2,900 Bounty
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/2-900-bounty-public-s … ⌘ Read more
Running - 4 miles: 4.00 miles, 00:09:40 average pace, 00:38:41 duration
nice and easy run on the treadmill. not sure how much i am going to run this week in anticipation for the final run.
#running #treadmill
2025 Mobile App Pentesting Guide: Tools, Techniques & Real-World Examples ⌘ Read more
Beyond Alert Boxes: Exploiting DOM XSS for Full Account Takeover
Hello Hunters, as you all know, XSS is one of the most common web vulnerabilities, often underestimated but capable of causing severe…
[Continue reading on … ⌘ Read more
Hack Any Mobile Phone Remotely
Ethically — but note — this used to work great with phone under android 10
Containers vs Virtual Machines: Key Differences, Benefits, and Use Cases Explained
Discover the difference between containers and virtual machines, their benefits, and use cases to make smarter inf … ⌘ Read more
Threat Profiling 101: How to Create a Threat Profile
Learn how to create effective threat profiles to identify and prioritize relevant cyber threats for your organization.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/th … ⌘ Read more
The Ultimate Guide to Cyber Threat Actors: Exploring Hackers, Hacktivists, and Their Tactics
How can we understand the impact of hackers and hacktivists on global cyberse … ⌘ Read more
$1000 Bounty: Account Takeover via Host Header Injection in Password Reset Flow
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/1000-boun … ⌘ Read more
uv:統一的 Python 包管理
花下貓語:uv 項目自發布起就大受歡迎,目前 Github star 52.6 K,遠超過它的同類競品們。前不久,它的創始人在 X 上披露了一組驚人的數據:uv 曾佔據了 PyPI 超過 20% 的流量,用戶每天通過它發起約 4-5 億次下載請求!我在去年翻譯過 uv 首發時的新聞文章 [1],根據博客後臺不完整的統計,從 Google 搜索進入的訪問量已經超過 3000,妥妥成爲了我博客的搜索訪 ⌘ Read more
(Updated) ESP32-C5-DevKitC-1 with 240MHz RISC-V Processor, Zigbee, and Thread Connectivity
The ESP32-C5-DevKitC-1 is another upcoming entry-level development board designed for IoT applications, featuring the ESP32-C5-WROOM-1 module. This board supports key wireless protocols, including Wi-Fi 6 (2.4 GHz and 5 GHz), Bluetooth LE 5, Zigbee, and Thread. The ESP32-C5-WROOM-1 module is equipped with a 32-bit RISC-V single-core processor running at 240 MHz along … ⌘ Read more
This is Gypsy and she has worn this for 4 days straight. The mask falls off easily and every time it has fallen off, she meows constantly until you put it back on her head. I guess, until she gets tired of it, I will have to call her Bat-Gypsy 😂 such a weird lovable cat with loads of personality. ⌘ Read more
My cat had 4 babies 🥹 ⌘ Read more
** Bypassing Regex Validations to Achieve RCE: A Wild Bug Story**
✨Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bypassing-regex-validations-to-achieve-rce-a-wild-bug-story-4c523f69b9f8?sourc … ⌘ Read more
$750 Bounty: Sensitive Data Exposure
When Deep Links Go Deeply Wrong: The Zomato Insecure WebView Story