Seclog - #28

Infecting SSH Public Keys with backdoors

A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF

Stealing the Information of Millions of People

Bypassing The Internet Blackout

Introducing Scraping Kit

1749129 - Side-channel attack can deanonymize users (potential risk to journalists and activists)

The Case For Improving Crypto Wallet Security

Report #1923672 - Account takeover due to insufficient URL validation on RelayState parameter

Building a Tor Hidden Service From Scratch - Part 1

Report #1946534 - Open redirect due to scanning QR code via brave browser

acme.sh runs arbitrary commands from a remote server · Issue #4659 · acmesh-official/acme.sh

Analyzing Broken User Authentication Threats to JSON Web Tokens

BSidesSF 2023 - You don’t have to patch! (Pedro Fortuna, Jasvir Nagra)

MatrixTM/MHDDoS

yarrick/iodine

CVExploits

Suggestions & Feedback

Enjoyed this post? Subscribe to Seclog for more in-depth security analysis and updates.

For any suggestions or feedback, please contact us at: [email protected]

Enjoyed this post? Subscribe for more in-depth security analysis and updates direct to your inbox.

No spam. Only high-security insights. Unsubscribe at any time.

Share this Seclog: