Business Logic Error - Bypassing Payment with Test Cards ⌘ Read more
My BTL1 Review ⌘ Read more
Unbelievable Security Hole: JWT Secret in a Series-B Funded Company
It started as a routine penetration test. Little did I know I was about to uncover one of the most basic yet catastrophic security…
[Continue reading on … ⌘ Read more
The $500 Stored XSS Bug in SideFX’s Messaging System
Hacking the Inbox: How a $500 Stored XSS Bug Exposed SideFX’s Messaging Flaw
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-500-stored-xss-bug-in-sidefxs-messaging-sys … ⌘ Read more
A Beginner’s Guide to Finding Hidden API Endpoints in JavaScript Files
How to discover what others miss in plain sight
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/a-beginners-guide-to-finding-h … ⌘ Read more
When I see a coworker committed at 4 a.m. ⌘ Read more
How I Solved TryHackMe Madness CTF: Step-by-Step Beginner-Friendly Walkthrough for 2025
How I Solved “Madness”: An Easy TryHackMe CTF Walkthrough
[Continue reading on InfoSec W … ⌘ Read more
Learn what MITM attack is, and how to identify the footprints of this attack in the network traffic.
Imagery HTB WriteUp: Season 9 Machine 2 ⌘ Read more
How I found Multiple Bugs on CHESS.COM & they refused
I found JS crash, disallowing anyone to view your profile and HTML Injection. But they ignored everything.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-multiple-bug … ⌘ Read more
CORS Vulnerability with Trusted Insecure Protocols BurpSuite Walkthrough
CORS misconfig + HTTP subdomain XSS analysis showing API key exfiltration, exploit breakdown and remediation.
[Continue reading on InfoSec W … ⌘ Read more
Getting Hands-On with Kerbrute: Practical AD Enumeration & Attack Tactics ⌘ Read more
Putin’s Gasoline Crisis Spreads: Sales Now Restricted in 4 Regions ⌘ Read more
Client ID Metadata Document Adopted by the OAuth Working Group
The IETF OAuth Working Group has adopted the Client ID Metadata Document specification! ⌘ Read more
How to Repair Outlook PST File without ScanPST.exe? ⌘ Read more
**Hidden API Endpoints: The Hacker’s Secret Weapon **
I’m a cybersecurity enthusiast and the writer behind The Hacker’s Log — where I break down how real hackers think, find, and exploit…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ … ⌘ Read more
Adversary TTP Simulation Lab ⌘ Read more
How a Single Signup Flaw Exposed 162,481 User Records
My $8,500 Bug Bounty Story and the Critical Lesson in Authentication
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-a-single-signup-flaw-exposed-162-481-user-re … ⌘ Read more
IBM Granite 4.0 Models Now Available on Docker Hub
Developers can now discover and run IBM’s latest open-source Granite 4.0 language models from the Docker Hub model catalog, and start building in minutes with Docker Model Runner. Granite 4.0 pairs strong, enterprise-ready performance with a lightweight footprint, so you can prototype locally and scale confidently. The Granite 4.0 family is designed for speed, flexibility,… ⌘ Read more
Deals: AirTags 4-pack for $65, M3 iPad Air from $449, & More
AirTags are super useful personal trackers with many uses from tracking a bag, purse, dog, cat, luggage, backpack, car keys, package, bike, car, or just about anything else you can imagine wanting to keep an eye on through the Find My network. Amazon is currently offering the AirTag 4-pack for just $65 ($16 per AirTag), … [Read More](https://osxdaily.com/2025/10/06/deals-airtags-4-pack-for-65-m3-ipad-air-from-449-m … ⌘ Read more
Actuator Unleashed: A Guide to Finding and Exploiting Spring Boot Actuator Endpoints ⌘ Read more
Breaking Into HackTheBox: My Journey from Script Kiddie to Root
How I went from copying Pastebin scripts to actually understanding what I was doing — and how you can too.
[Continue reading on InfoSec Write-ups »](https://i … ⌘ Read more
SQHell: Manually hunting SQL injection with detailed explanation ⌘ Read more
Week 12— Async API Calls: fetch, Axios, and Promises ⌘ Read more
OSINT: Google Dorking Hacks: The X-Ray Vision for Google Search
You type in some keywords, scroll past 10 pages of useless results, and wonder why the internet’s hiding the good stuff. Sound familiar?
[Continue reading on Inf … ⌘ Read more
New Data Exfiltration Technique Using Brave Sync ⌘ Read more
5. Memoriálny volejbalový turnaj Aleksandra Zavaroša – Saleho
V sobotu 4. októbra sa v Kulpíne uskutočnil piaty ročník Memoriálneho volejbalového turnaja Aleksandra Zavaroša – Saleho, venovaný pamiatke mladého volejbalistu, ktorý tragicky zahynul v roku 2020. Podujatie zorganizoval Volejbalový klub Kulpín na znak úcty a spomienky na svojho bývalého spoluhráča. Deň sa začal tichou spomienkou na cintoríne v Kulpíne, kde sa členovia klubu, priatelia a rodina po … ⌘ Read more
Excel 2025 CTF | Anonymous (Miscellaneous) challenge Writeup ⌘ Read more
Mastering Google Dorking: Discovering Website Vulnerabilities
Deep Recon Made Simple: Powering Bug Hunting with Dorking Strategies
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/mastering-google-dorking-d … ⌘ Read more
** Secrets Hackers Don’t Tell: Recon Techniques That Actually Pay**
You see it in the movies: a hacker slams the keyboard, green text scrolls by, and BAM! They’re in. The entire breach takes 90 seconds.
[Continue reading on InfoSe … ⌘ Read more
Hiding in Plain Sight: Steganography, C2, and SVG Files ⌘ Read more
The Price of Neglect. The Big Questions Behind Jaguar Land Rover’s Government £1.5 B Cyber Bailout. ⌘ Read more
My Recon Automation Found an Email Confirmation Bypass
How a simple parameter led to a complete authentication bypass
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/my-recon-automation-found-an-email-confirmation-byp … ⌘ Read more
Expressway — HackTheBox walkthough ⌘ Read more
Red Stone One Carat — TryHackMe Challenge Write-up ⌘ Read more
TryHackMe Infinity Shell Walkthrough: Web Shell Forensics & CTF Guide ⌘ Read more
KubeCon + CloudNativeCon North America 2025 Co-Located Event Deep Dive: Kubernetes on Edge Day
The inaugural Edge Day launched as a co-located event at KubeCon + CloudNativeCon EU in 2022, recognizing that data at the edge is here to stay. Once called the ‘Internet of Things’ and later ‘Industry 4.0,’… ⌘ Read more
Why some human GII.4 noroviruses are better than others at infecting cells
Human noroviruses, GII.4 strains in particular, are the chief drivers of acute viral gastroenteritis around the world, a condition for which there are no vaccines or antivirals. Understanding how these viruses enter cells in the gut, a first step toward developing an infection, can lead to effective therapeutics. ⌘ Read more
OpenAI’s H1 2025: $4.3B in income, $13.5B in loss
Article URL: https://www.techinasia.com/news/openais-revenue-rises-16-to-4-3b-in-h1-2025
Comments URL: https://news.ycombinator.com/item?id=45453586
Points: 552
# Comments: 688 ⌘ Read more
5.4.300: longterm
Version:5.4.300 (longterm)Released:2025-10-02Source:linux-5.4.300.tar.xzPGP Signature:linux-5.4.300.tar.signPatch:full ( incremental)ChangeLog:ChangeLog-5.4.300 ⌘ Read more
↳
In-reply-to
»
@lyse That looks like an older bug report. Which groff version is that (
⤋ Read More
groff --version)?
@movq@www.uninformativ.de It’s an ancient 1.22.4. :-)
Hey @itsericwoodward@itsericwoodward.com, I just wanna let you know that twtstrm/0.4.0 sends a broken User-Agent header. Instead of the URL, the nick is repeated.
↳
In-reply-to
»
@itsericwoodward any news about this? I am, at the very least, curious!
⤋ Read More
@bender@twtxt.net Thanks for asking!
So, I’ve been working on 2 main twtxt-related projects.
The first is small Node / express application that serves up a twtxt file while allowing its owner to add twts to it (or edit it outright), and I’ve been testing it on my site since the night I made that post. It’s still very much an MVP, and I’ve been intermittently adding features, improving security, and streamlining the code, with an eye to release it after I get an MVP done of project #2 (the reader).
But that’s where I’ve been struggling. The idea seems simple enough - another Node / express app (this one with a Vite-powered front-end) that reads a public twtxt file, parses the “follow” list, grabs (and parses) those twtxt files, and then creates a river of twts out of the result. The pieces work fine in seclusion (and with dummy data), but I keep running into weird issues when reading real-live twtxt files, so some twts come through, while others get lost in the ether. I’ll figure it out eventually, but for now, I’ve been spending far more time than I anticipated just trying to get it to work end-to-end.
On top of it, the 2 projects wound up turning into 4 (so far), as I’ve been spinning out little libraries to use across both apps (like https://jsr.io/@itsericwoodward/fluent-dom-esm, and a forthcoming twtxt helper library).
In the end, I’m hoping to have project 1 (the editor) into beta by the end of October, and project 2 (the reader) into beta sometime after that, but we’ll see.
I hope this has satisfied your curiosity, but if you’d like to know more, please reach out!
MCP Horror Stories: The Drive-By Localhost Breach
This is Part 4 of our MCP Horror Stories series, where we examine real-world security incidents that expose the devastating vulnerabilities in AI infrastructure and demonstrate how Docker MCP Gateway provides enterprise-grade protection against sophisticated attack vectors. The Model Context Protocol (MCP) has transformed how developers integrate AI agents with their development environments. Tools like… ⌘ Read more