Tuckr - Stow alternative with symlink checking
I’ve been using Stow for a few years now. At the time (2020) Stow had a bug where it would just fail with a cryptic error and the maintainer didn’t have time to fix it, the bug was there for 2 years or so. So I got fed up and decided to try and fix it but I didn’t know perl nor did I want to learn it, so I decided to rewrite Stow and fix the issue. To fix it I decided that I track all symlinks and give users a nice way to see what was going on. So the entire project was based on having a n … ⌘ Read more
Top security researcher shares their bug bounty process
For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to put the spotlight on a talented security researcher—@dev-bio!
The post Top security researcher shares their bug bounty process appeared first on The GitHub Blog. ⌘ Read more
Beta 4 of iOS 26.1, macOS Tahoe 26.1, iPadOS 26.1 Available for Testing
Apple has issued the fourth beta of iOS 26.1, iPadOS 26.1, and macOS Tahoe 26.1, for users enrolled in the beta testing programs for Apple system software. The betas continue to offer refinements, adjustments, improvements, and bug fixes to the various OS 26 operating systems. The latest 4th beta build includes a new Liquid Glass … [Read More](https://osxdaily.com/2025/10/20/beta-4-of-ios-26-1 … ⌘ Read more
Mathieu Pasquet: slixmpp v1.12
This version is out mostly to provide a stable version with compatibility with the newly released Python 3.14, there are nonetheless a few new things on top.
Thanks to all contributors for this release!
Fixes- Bug in MUC self-ping ( XEP-0410) that would create a traceback in some uses
- Bug in SIMS ( XEP-0447) where all media would be marked as inline
- Python 3.14 breakage
- Prono … ⌘ Read more
25. Monetizing Your Skills Beyond Bug Bounty
Turn your hacking expertise into a thriving career beyond bounties.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/25-monetizing-your-skills-beyond-bug-bounty-a6b503d6b6dc?source=rss—-7b722bf … ⌘ Read more
When I run into a bug I thought I had fixed weeks ago ⌘ Read more
How I Found a $250 XSS Bug After Losing Hope in Bug Bounty
📌 Free Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-a-250-xss-bug-after-losing-hope-in-bug-bounty-8ab557df4d1d?source=rss—-7b722bf … ⌘ Read more
How to Find XSS Vulnerabilities in 2 Minutes [Updated]
My simple yet powerful technique for spotting XSS vulnerabilities during bug hunting.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/find-xss-vulnerabilities-in-just-2-minutes-d14b63d00 … ⌘ Read more
When we have to fix a bug in a hurry without being able to run the project locally ⌘ Read more
A Bug Hunter’s Guide to CSP Bypasses (Part 1) ⌘ Read more
CTF to Bug Bounty: Part 1 of the Beginner’s Series for Aspiring Hunters
From CTF flags to real-world bugs — your next hacking adventure starts here.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups. … ⌘ Read more
“The Overlooked P4 Goldmine: Turning Simple Flaws into Consistent Bounties”
We’ve all been there — scrolling through bug bounty platforms, seeing hunters post about critical RCEs and complex chain exploit … ⌘ Read more
** How to Use AI to Learn Bug Hunting & Cybersecurity Like a Pro (in 2025)**
Hey there 👋,
I’m Vipul, the mind behind The Hacker’s Log — where I break down the hacker’s mindset, tools, and secrets 🧠💻
[Continue reading … ⌘ Read more
Authentication bypass via sequential user IDs in Microsoft SSO integration | Critical Vulnerability
If you’re a penetration tester or bug bounty hunter, n … ⌘ Read more
Account Take Over | P1 — Critical
It started off like any other day until I got an unexpected email — an invite to a private bug bounty program. Curious, I jumped in. The…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/account-take-over-p1-critical-5468ce8218b9?sour … ⌘ Read more
The weirdest bug:When Reflected XSS Won’t Let a Page Breathe ⌘ Read more
The Critical $1000 Bug:(blind SQL injection) ⌘ Read more
22. How to Get Invites to Private Programs
Unlock the secrets to landing exclusive private program invites and level up your bug bounty journey.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/22-how-to-get-invites-to-private-programs-9bbb5166 … ⌘ Read more
The $500 Stored XSS Bug in SideFX’s Messaging System
Hacking the Inbox: How a $500 Stored XSS Bug Exposed SideFX’s Messaging Flaw
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-500-stored-xss-bug-in-sidefxs-messaging-sys … ⌘ Read more
How I found Multiple Bugs on CHESS.COM & they refused
I found JS crash, disallowing anyone to view your profile and HTML Injection. But they ignored everything.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-multiple-bug … ⌘ Read more
We found a bug in Go’s ARM64 compiler
Article URL: https://blog.cloudflare.com/how-we-found-a-bug-in-gos-arm64-compiler/
Comments URL: https://news.ycombinator.com/item?id=45516000
Points: 502
# Comments: 85 ⌘ Read more
How a top bug bounty researcher got their start in security
For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher — @xiridium!
The post How a top bug bounty researcher got their start in security appeared first on The GitHub Blog. ⌘ Read more
How a Single Signup Flaw Exposed 162,481 User Records
My $8,500 Bug Bounty Story and the Critical Lesson in Authentication
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-a-single-signup-flaw-exposed-162-481-user-re … ⌘ Read more
Mastering Google Dorking: Discovering Website Vulnerabilities
Deep Recon Made Simple: Powering Bug Hunting with Dorking Strategies
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/mastering-google-dorking-d … ⌘ Read more
MacOS Tahoe 26.0.1 Update Released to Fix Mac Studio Installation Bug
Apple has issued MacOS Tahoe 26.0.1 as a software update for Tahoe users. The update focuses primarly on resolving an issue for Mac Studio owners who were not able to install the initial MacOS Tahoe 26 release onto the M3 Ultra version of the Studio. Apparently other bug fixes and security improvements are included as … [Read More](https://osxdaily.com/2025/09/29/macos-tahoe-26-0-1-update-releas … ⌘ Read more
iOS 26.0.1 Update Released to Fix Various iPhone 17 Issues, & Blank Screen Icons
Apple has released the first update for iOS 26.0.1, which includes a handful of bug fixes specifically aimed at the new iPhone 17 lineup, as well as addressing an issue for all devices where Home Screen icons can appear blank after using various Liquid Glass customization settings, and another issue where VoiceOver might disable itself … [Read More](https://osxdaily.com/2 … ⌘ Read more
DietPi September 2025 Update Brings Faster Backups and Roon Server Early Access
The September 20th release of DietPi v9.17 introduces smaller and more efficient system images, faster backups with reduced disk usage, and a new toggle for Roon Server’s early access builds. The update also addresses SPI bootloader flashing issues on Rockchip devices, improves Raspberry Pi sound card handling, and includes multiple bug fixes across tools and […] ⌘ Read more
↳
In-reply-to
»
Task for this weekend:
⤋ Read More
@lyse@lyse.isobeef.org That looks like an older bug report. Which groff version is that (groff --version)?
↳
In-reply-to
»
Task for this weekend:
⤋ Read More
@movq@www.uninformativ.de I got an empty line through the table, similarly to one of the linked bug reports, just at a different location:
↳
In-reply-to
»
Task for this weekend:
⤋ Read More
Okay, now that I knew what to look for, I found existing bug reports:
Most importantly:
This is resolved in the groff trunk.
🥳
Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives
For this year’s Cybersecurity Awareness Month, GitHub’s Bug Bounty team is excited to offer some additional incentives to security researchers!
The post [Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives](https://github.blog/security/vulnerability-research/kicking-off-cybersecurity-aware … ⌘ Read more
↳
In-reply-to
»
whyyyyy is my discover page only showing 7 twts!!!
⤋ Read More
@kat@yarn.girlonthemoon.xyz Mine shows 1/1 of 14 Twts 😆 I think this is a bug 🤯
Ignite Realtime Blog: Openfire 5.0.2 release!
The IgniteRealtime community is happy to announce a new release of its open source, real-time communications server server Openfire! Version 5.0.2 brings a number of stability improvements and bug fixes.
Notably, it addresses a recently identified security vulnerability, identifies as CVE-2025-59154. The issue allows for potential identity spoofing via unsafe Common Nam … ⌘ Read more
↳
In-reply-to
»
(#z25erwq) @lyse a content warning is kind of like a forum spoiler cut, or like the
⤋ Read More
<details> tag in HTML; it lets you write a sentence or so that someone can then click to expand to see the actual post. it's called a CW because most people use it to warn for potentially triggering/harmful subjects, but you can really use it for anything, like spoilers in a TV show or even for joke punchlines
@kat@yarn.girlonthemoon.xyz Ta. The only good use for <details> is to collapse long logs in bug analysis reports. Other than that, I find it rather annoying to expand sections manually.
As for spoilers, personally, I don’t care at all. Not the slightest bit. If there is something that I don’t wanna read, I just stop reading. ¯_(ツ)_/¯
But I’ve got the feeling that I’ve got an unpopular opinion on that matter. ;-)
Mathieu Pasquet: slixmpp v1.11
This new version includes a few new XEP plugins as well as fixes, notably
for some leftover issues in our rust JID code, as well as one for a bug that
caused issues in Home Assistant.
Thanks to everyone who contributed with code, issues, suggestions, and reviews!
CI and buildNicoco put in a lot of work in order to get all possible wheels built in CI. We now have manylinux and musl builds of everything doable within codeberg,
published to the codeberg pypi repo, and published on pypi. … ⌘ Read more
↳
In-reply-to
»
@itsericwoodward Also just a heads up, GIF(s) aren't supproted as an Avatar type on
⤋ Read More
yarnd (what runs twtxt.net). I'd change this to something that's more supproted like PNG, JPEG, etc.
@eric@itsericwoodward.com Name change is no worries! 😉 Interesting/funnily enough my client yarnd seems to have picked it up automatically which is nice (I’ve historically always had a few bugs to iron out there 🤣)
Spiders are the only web developers that enjoy finding bugs.
↳
In-reply-to
»
Twtxt as a network is so neat. Sucks it isn't more widely adopted ): I feel like it'd be way easier to host than say, mastodon or GTS. & would require WAYYYY less resources. Not a diss on GTS, I love GTS , just saying because it's text files, I assume the minimum amount of ram needed to host any of the twtxt server software is very low.
⤋ Read More
@lyse@lyse.isobeef.org you will have to agree, though, that Yarn has contributed to make it possible to mass adopt (with its many glitches, bugs, and all) because, still, the web is king.
@twtxt.net@twtxt.net HI KIWU YOUR PROFILE’S A BIT BUGGED ON OUR END BUT IT’S OK IT’LL FIX ITSELF
Thinking about doing “Wayland Wednesday”. Only use Wayland every Wednesday. Collect bugs, report bugs, fix bugs.
↳
In-reply-to
»
QEMU on Wayland unusable, because it can’t grab the mouse … I’ll add it to my TODO list and investigate/report it eventually.
⤋ Read More
… which is probably a GTK bug.
Just realized: One of the reasons why I don’t like “flat UIs” is that they look broken to me. Like the program has a bug, missing pixmaps or whatever.
Take this for example:
I’m talking about this area specifically:
One UI element ends and the other one begins – no “transition” between them.
The style of old UIs like these two is deeply ingrained into my brain:
When all these little elements (borders, handles, even just simple lines, …) are no longer present, then the program looks buggy and broken to me. And I’m not sure if I’ll ever be able to un-learn that.
Saw this on Mastodon:
https://racingbunny.com/@mookie/114718466149264471
18 rules of Software Engineering
- You will regret complexity when on-call
- Stop falling in love with your own code
- Everything is a trade-off. There’s no “best” 3. Every line of code you write is a liability 4. Document your decisions and designs
- Everyone hates code they didn’t write
- Don’t use unnecessary dependencies
- Coding standards prevent arguments
- Write meaningful commit messages
- Don’t ever stop learning new things
- Code reviews spread knowledge
- Always build for maintainability
- Ask for help when you’re stuck
- Fix root causes, not symptoms
- Software is never completed
- Estimates are not promises
- Ship early, iterate often
- Keep. It. Simple.
Solid list, even though 14 is up for debate in my opinion: Software can be completed. You have a use case / problem, you solve that problem, done. Your software is completed now. There might still be bugs and they should be fixed – but this doesn’t “add” to the program. Don’t use “software is never done” as an excuse to keep adding and adding stuff to your code.
OpenBSD has the wonderful pledge() and unveil() syscalls:
https://www.youtube.com/watch?v=bXO6nelFt-E
Not only are they super useful (the program itself can drop privileges – like, it can initialize itself, read some files, whatever, and then tell the kernel that it will never do anything like that again; if it does, e.g. by being exploited through a bug, it gets killed by the kernel), but they are also extremely easy to use.
Imagine a server program with a connected socket in file descriptor 0. Before reading any data from the client, the program can do this:
unveil("/var/www/whatever", "r");
unveil(NULL, NULL);
pledge("stdio rpath", NULL);
Done. It’s now limited to reading files from that directory, communicating with the existing socket, stuff like that. But it cannot ever read any other files or exec() into something else.
I can’t wait for the day when we have something like this on Linux. There have been some attempts, but it’s not that easy. And it’s certainly not mainstream, yet.
I need to have a closer look at Linux’s Landlock soon (“soon”), but this is considerably more complicated than pledge()/unveil():
↳
In-reply-to
»
So I was using this function in Rust:
⤋ Read More
@lyse@lyse.isobeef.org Rust is so different and, at the same time, so complex – it’s not far fetched to assume that I simply don’t understand what’s going on here. The docs appear to be clear, but alas … is it a bugs in the docs? Is it a lack of experience on my part? Who knows.
By the way, looks like there was a bit of a discussion regarding that name:
Hmmm 🧐 Not what I thought was going on… No bug…
time="2025-06-14T15:24:25Z" level=info msg="updating feeds for 8 users"
time="2025-06-14T15:24:25Z" level=info msg="skipping 0 inactive users"
time="2025-06-14T15:24:25Z" level=info msg="skipping 0 subscribed feeds"
time="2025-06-14T15:24:25Z" level=info msg="updating 80 sources (stale feeds)"
Cracking JWTs: A Bug Bounty Hunting Guide [Part 6] ⌘ Read more