Show more

"Don’t trust the locals: investigating the prevalence of persistent client-side cross-site scripting in the wild"

blog.acolyer.org/2019/04/10/do

Always sanitize the content fetched for local-storage before injecting it on any page.

"Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem"

snyk.io/blog/malicious-remote-

Project's dependencies are an important attack vector.

"Discovering a zero day and getting code execution on Mozilla's AWS Network"

blog.assetnote.io/bug-bounty/2

The issue was on the webpagetest project but it was a nice read nevertheless.

"Gearbest Hack: Hundreds of Thousands Affected Daily by Huge Data Breach"

vpnmentor.com/blog/gearbest-ha

Always knew that a large amount of these privacy policies we see on many websites are just boilerplate and complete BS.

Show more
Social feed

This is a personal and private instance.