Blog post: XSS via HTTP Headers - https://brutelogic.com.br/blog/xss-via-http-headers/
Reading: 2 min
Compromised rubygems account results in rest-client code injection.
What is CTI and what makes a good CTI analyst? by @ComradeCookie@twitter.com https://link.medium.com/Z0NVZ7mUfZ
Google Engineer Leaks Nearly 1,000 Internal Documents, Alleging Bias, Censorship https://www.theepochtimes.com/google-engineer-leaks-nearly-1000-internal-documents-alleging-bias-censorship_3042234.html di @EpochTimes@twitter.com
Building an AppSec Program with a Budget of $0: Beyond the OWASP Top 10 https://youtu.be/5RmHQKeXgk4
Threesome app 3fun exposed user locations and profile data https://tcrn.ch/2Yyw4Cq di @TechCrunch@twitter.com
MITRE ATT&CK: The Play at Home Edition
A malicious #WordPress plugin called WP Security has been encrypting individual blog posts (an unusual behavior) and rendering the content unreadable. @email@example.com
Here is a 0day in Steam. This bug has been publicly disclosed (https://amonitoring.ru/article/steamclient-0day/), so I'm opening up my PoC. No blog post since @PsiDragon@twitter.com covered it nicely.
Yesterday @Twitter@twitter.com disclosed that it may have shared your data with advertising partners without your consent for months.
The entire AdTech industry needs fixing, but @Twitter@twitter.com could do much more already.
On the Amazon panopticon https://tcrn.ch/2YqkM2Q di @TechCrunch@twitter.com
The Military-Style Surveillance Technology Being Tested in American Cities
Digital Integrity Fellowship manual https://manuals.digitaldefenders.org/#introduction
If you're new to OSINT research. Here's a list of helpful resources:
Whistleblower vindicated in Cisco cybersecurity case https://abcn.ws/2KidmF1 di @ABC@twitter.com
Apple Card will not allow purchase of cryptocurrencies https://reut.rs/2Zvfuzu
Ⓐ INTJ • Infosec analyst • Metaveillance practitioner • Crypto-anarchism enthusiast • Fellow at Cyber Saiyan
A Mastodon instance for info/cyber security-minded people.