OWASP Foundation<p>Master Modern Web App Security at OWASP Global AppSec EU 2025 in Barcelona!</p><p>2-Day Training | May 27-28, 2025 <br>Level: Intermediate | Trainer: Abraham Aranguren </p><p>Take a 100% hands-on deep dive into the OWASP Security Testing Guide and Application Security Verification Standard (ASVS) in this action-packed course. </p><p>Register now ⬇️ <br><a href="https://owasp.glueup.com/event/123983/register/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">owasp.glueup.com/event/123983/</span><span class="invisible">register/</span></a></p><p><a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OWASP</span></a> <a href="https://infosec.exchange/tags/AppSecEU2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSecEU2025</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/PenTesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PenTesting</span></a> <a href="https://infosec.exchange/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebSecurity</span></a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DevSecOps</span></a> <a href="https://infosec.exchange/tags/NodeJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NodeJS</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Barcelona" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Barcelona</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
c.im is one of the many independent Mastodon servers you can use to participate in the fediverse.
C.IM is a general, mainly English-speaking Mastodon instance.
Administered by:
Server stats:
2.8Kactive users
c.im: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.6
#pentesting
17 posts · 14 participants · 0 posts today
0x40k<p>Just had a client tell me, "Oh, we've patched everything!" Famous last words, eh? 😔</p><p>Turns out, CISA's put out a warning about RESURGE malware that's hitting Ivanti systems. And get this – it even includes SPAWNCHIMERA functions. What does that mean? Essentially, attackers are already deep inside. We're talking the whole nasty package: rootkit, dropper, backdoor... you name it!</p><p>This specifically impacts Ivanti Connect Secure, Policy Secure, and ZTA Gateways.</p><p>So, what's the urgent takeaway for *you*? Get patching immediately (that's CVE-2025-0282)! You'll also want to reset passwords and seriously review your access controls. Better safe than sorry, right?</p><p>How are you folks keeping your systems safe from this kind of stuff? Let's talk tactics.</p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/IvantiGate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IvantiGate</span></a></p>
0x40k<p>Whoa, looks like BlackLock got hacked. Seriously, it just hammers home how vital good security practices are – even if you're on the *other* side of the fence! Major OPSEC blunder right there, wouldn't you say? 😉</p><p>And hey, this really drives home another point: relying *only* on automated scans? That's just not cutting it for real-deal pentesting, people. You absolutely have to get hands-on and dig in manually. There's no substitute for it.</p><p>Honestly, that’s the kind of thorough work our clients appreciate – when we actually probe deeper than just the surface findings. It makes a difference.</p><p>So, what’s your take? Seems like OPSEC gets overlooked way too often, doesn't it? Curious to hear your thoughts!</p><p><a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/OPSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OPSEC</span></a></p>
0x40k<p>Man, npm and supply chain security... seriously a never-ending story. 🙄 Just caught an article about "ethers-provider2" and "ethers-providerz". Get this: these things are actually infecting packages you *already* have installed! 🤯</p><p>Speaking as a pentester, let me tell ya: you absolutely *have* to run regular checks. Your `package-lock.json`, `yarn.lock`... check 'em all! Trust me, SCA tools are worth their weight in gold in these situations. And listen up, people, MFA for your npm account? That's not some optional extra, it's a straight-up *MUST*!</p><p>I literally just had a client who thought, "Ah, npm's pretty safe, right?". Yeah, famous last words! 🤦♂️</p><p>So, what're your most insane supply chain attack stories? Lay 'em on me!</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/supplychain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>supplychain</span></a> <a href="https://infosec.exchange/tags/npmsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npmsecurity</span></a></p>
Bug Hunter Cat<p>Best source of infosec and cybersecurity news and information? (Social Media)<br>It is to evaluate which one I choose as my main one.<br><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a> <a href="https://infosec.exchange/tags/webappsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webappsecurity</span></a></p>
0x40k<p>Whoa, talk about déjà vu! Seems like Firefox is playing catch-up right after Chrome dropped a fix for a sandbox escape. 🤯 Keep an eye out for CVE-2025-2857.</p><p>So, what's the deal? In short, this nasty bug could let an attacker break right out of the browser's protective sandbox. And *that* means they could potentially gain full access to your system. Yeah, pretty scary stuff. 😱</p><p>If you're running Firefox on Windows, heads up! This affects versions 136.0.4, ESR 115.21.1, and ESR 128.8.1. This whole situation feels familiar because Chrome *just* patched CVE-2025-2783, a similar issue that attackers were already actively exploiting out in the wild!</p><p>Make no mistake, sandbox escapes are a huge deal. As a pentester, I can tell you: vulnerabilities like this get weaponized *fast*. Don't wait around.</p><p>Seriously, update your Firefox ASAP! Trust me, you don't want to deal with the fallout if someone exploits this. It could get costly, fast.</p><p>Ever seen a browser exploit do its thing live? Wild, right? Drop your stories below!</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/firefox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firefox</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/updateNOW" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>updateNOW</span></a></p>
0x40k<p>Whoa, just stumbled onto something pretty wild: "Atlantis AIO." Heard it called the Swiss Army knife for credential stuffing! 🔪</p><p>Not sure what that is? Okay, picture this: hackers grab massive batches of leaked passwords. Then, they just systematically try those logins *everywhere*. Atlantis AIO basically automates that whole nasty process, making it super efficient for them.</p><p>And yeah, that means your Netflix, your email, even your online banking could be in the crosshairs! 🎯</p><p>Now, speaking from my experience as a pentester, it's frighteningly common to see how effective credential stuffing is, *especially* when people aren't using MFA. Sure, complex password rules are a start, but honestly, they often just aren't enough on their own.</p><p>Multi-Factor Authentication (MFA)? *That's* the real gamechanger here. 🔑 Seriously, turning it on wherever you can makes a massive difference.</p><p>Anyway, curious to hear from you all – have any of you run into attacks like this before, or seen the fallout? What happened? Drop your stories below!</p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a></p>
0x40k<p>Seriously, Broadcom... what's the deal lately? 🤯</p><p>First up, we've got CVE-2025-22230 hitting VMware Tools for Windows. This nasty bug basically lets standard users inside a VM escalate their privileges to admin level. Yikes! 😬 With a CVSS score of 7.8, you'll want to jump on this fix ASAP. It impacts versions 11.x.x and 12.x.x, so upgrading to 12.5.1 needs to be right at the top of your list!</p><p>But wait, there's more. CrushFTP is also sounding the alarm about unauthenticated access vulnerabilities lurking on HTTP(S) ports in versions 10 and 11. It's definitely time to double-check those DMZ configurations. Rapid7 has confirmed that exploits are out there, allowing unauthorized access. Pretty intense, right?</p><p>Stuff like this is a stark reminder: while automated scans have their place, they just don't cut it alone. Real-deal penetration testing is absolutely essential. Those manual checks are what uncover the sneaky issues that automated tools often breeze right past.</p><p>What's your take on this recent wave? How are you keeping your own environments locked down tight? Let's talk 👇</p><p><a href="https://infosec.exchange/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITSecurity</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/VMware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VMware</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/VulnerabilityManagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VulnerabilityManagement</span></a></p>
Bill<p>NIST getting in on the AI security bandwagon. I'd be happier about that if I trusted anyone in the district anymore.</p><p><a href="https://www.infosecurity-magazine.com/news/nist-limitations-ai-ml-security/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">infosecurity-magazine.com/news</span><span class="invisible">/nist-limitations-ai-ml-security/</span></a></p><p>What we really need is some edits to the PTES or something with a GenAI test plan.</p><p><a href="https://infosec.exchange/tags/genai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>genai</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a></p>
IT News<p>Physical Key Copying Starts With a Flipper Zero - A moment’s inattention is all it takes to gather the information needed to make a ... - <a href="https://hackaday.com/2025/03/25/physical-key-copying-starts-with-a-flipper-zero/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackaday.com/2025/03/25/physic</span><span class="invisible">al-key-copying-starts-with-a-flipper-zero/</span></a> <a href="https://schleuss.online/tags/lockpickinghacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lockpickinghacks</span></a> <a href="https://schleuss.online/tags/duplicating" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>duplicating</span></a> <a href="https://schleuss.online/tags/flipperzero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>flipperzero</span></a> <a href="https://schleuss.online/tags/lockpicking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lockpicking</span></a> <a href="https://schleuss.online/tags/locksports" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>locksports</span></a> <a href="https://schleuss.online/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a></p>
Florian<p>When I started the IC_Null channel the idea was to cover topics primarily about <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a>, <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a>, <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> etc. from a <a href="https://infosec.exchange/tags/blind" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blind</span></a> perspective. Blind as in <a href="https://infosec.exchange/tags/screenReader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>screenReader</span></a> user, that is. But an overarching topic is showing off what jobs are (up to a point) doable for this demographic and where the obstacles are. Today's stream leans that way: we'll be looking at the premier <a href="https://infosec.exchange/tags/translation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>translation</span></a> and <a href="https://infosec.exchange/tags/localization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>localization</span></a> tool, Trados Studio. Supposedly they have upped their <a href="https://infosec.exchange/tags/accessibility" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>accessibility</span></a> as of late. I'll be the judge of that 💀<br>I'll see you all on <a href="https://infosec.exchange/tags/youtube" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>youtube</span></a> and <a href="https://infosec.exchange/tags/twitch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>twitch</span></a> just under 1.5 hours from now. https://twitch.tvic_null <a href="https://youtube.com/@blindlyCoding" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtube.com/@blindlyCoding</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/selfPromo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfPromo</span></a> <a href="https://infosec.exchange/tags/stream" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>stream</span></a> <a href="https://infosec.exchange/tags/trados" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>trados</span></a></p>
0x40k<p>Whoa, 112 SaaS apps per company? Seriously?! 🤯 Most folks don't even realize what's going on...</p><p>SaaS security is a *huge* deal. I mean, who's actually patching Office 365 correctly? And are you really keeping an eye on permissions? Probably not.</p><p>We've got Shadow IT, misconfigurations, and third-party risks – the whole shebang! Every app's different. One wrong setting? It is Jackpot time for attackers!</p><p>As a pentester, I often see how much SaaS is underestimated. I had a client once tell me, "We've got a firewall!" Yeah, but that doesn't cover, well, *everything*.</p><p>Your SaaS security needs a holistic approach. AI can help, sure, but it's not a magic bullet. Data is crucial for AI, as we know! And AI likes to, shall we say, make stuff up sometimes!</p><p>So, go check your SaaS configs! Keep an eye out for Shadow IT and third-party vendors. AI tools are cool for monitoring. But, you know, keep it real! Don't forget about those penetration tests!</p><p>How are *you* securing your SaaS environment? What red flags have you spotted? Let's hear it!</p><p><a href="https://infosec.exchange/tags/SaaS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SaaS</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudSecurity</span></a></p>
0x40k<p>Wow, things are getting wild in the Kubernetes world! The name alone – "IngressNightmare" – gives me chills! 🤯 It's crucial to know this affects the Ingress NGINX Controller, *not* the NGINX Ingress Controller. That's a big difference!</p><p>Wiz really uncovered something huge. We're talking over 6,500 vulnerable clusters, with the potential for some serious Remote Code Execution (RCE). Ouch! They found that a scary 43% of cloud environments are impacted.</p><p>It appears, that these kinds of vulnerabilities often slip past standard scans. You really need manual penetration testing to catch them. And as a pentester myself, I can tell you, it's frequently like digging for buried treasure! 😅</p><p>Here are the CVEs to watch out for: CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974. These have a CVSS score of 9.8! So, you'll want to update to 1.12.1, 1.11.5, or 1.10.7 *immediately*. Another crucial step? See if your Admission Webhook Endpoint is exposed. Make sure you're limiting access. Don't need it? Then, turn it off!</p><p>So, what are your experiences with K8s security? I'm curious, what tools do you swear by? 🤔</p><p><a href="https://infosec.exchange/tags/kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kubernetes</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>devsecops</span></a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloudsecurity</span></a></p>
0x40k<p>Whoa, the IT security world was on FIRE this week! 🤯 Open source supply chain attacks, malware sneaking into the Play Store, ransomware bypassing EDR... and is AI just pouring gasoline on the phishing flames?! Seriously intense! 😳 Cloud security's getting a raw deal and let's be real, backups are only as good as their security.</p><p>It's wild how rapidly the threat landscape's evolving, isn't it? Gotta stay sharp, folks! Automated vulnerability scans? They're definitely nice, but manual penetration tests are still essential. And AI? Awesome tech, but also seriously risky. Disinformation and manipulation are spiraling out of control. We've gotta stay vigilant!</p><p>So, what are *your* biggest IT security pain points right now? Spill the beans!</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/offensiveSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>offensiveSecurity</span></a></p>
Chema Alonso :verified:<p>El lado del mal - Offensive Security: Máster Online en Seguridad Ofensiva del Campus Internacional de Seguridad 2025/2026 (última oportunidad) <a href="https://www.elladodelmal.com/2025/03/offensive-security-master-online-en.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">elladodelmal.com/2025/03/offen</span><span class="invisible">sive-security-master-online-en.html</span></a> <a href="https://ioc.exchange/tags/Ciberseguridad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ciberseguridad</span></a> <a href="https://ioc.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RedTeam</span></a> <a href="https://ioc.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentest</span></a> <a href="https://ioc.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://ioc.exchange/tags/Pentester" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentester</span></a> <a href="https://ioc.exchange/tags/Master" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Master</span></a> <a href="https://ioc.exchange/tags/Formaci%C3%B3n" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Formación</span></a> <a href="https://ioc.exchange/tags/OffensiveSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OffensiveSecurity</span></a></p>
Konstantin :C_H:<p>With <a href="https://infosec.exchange/tags/CVE_2025_29927" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2025_29927</span></a>, Next.js has now suffered its second major vulnerability in just three months, following <a href="https://infosec.exchange/tags/CVE_2024_51479" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2024_51479</span></a>.</p><p>I originally built CVE Crowd with <a href="https://infosec.exchange/tags/NextJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NextJS</span></a>.</p><p>However, as the application became more complex (especially with authentication), I decided to switch to a framework I was more familiar with.</p><p>Honestly, I’m feeling a bit relieved about that right now...</p><p><a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hacking</span></a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a> <a href="https://infosec.exchange/tags/CVECrowd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVECrowd</span></a></p>
nickbearded<p>🐧 Debian 12.10 "Bookworm" is out! 🚀</p><p>The latest update brings 66 bug fixes and 43 security patches. I'll be updating BashCore to the newest version soon, so stay tuned! 🔥</p><p><a href="https://bashcore.org" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">bashcore.org</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/Debian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Debian</span></a> <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.social/tags/BashCore" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BashCore</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://mastodon.social/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://mastodon.social/tags/FOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FOSS</span></a> <a href="https://mastodon.social/tags/SysAdmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SysAdmin</span></a> <a href="https://mastodon.social/tags/HackThePlanet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HackThePlanet</span></a> <a href="https://mastodon.social/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EthicalHacking</span></a> <a href="https://mastodon.social/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Privacy</span></a> <a href="https://mastodon.social/tags/Tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tech</span></a> <a href="https://mastodon.social/tags/Hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hacking</span></a> <a href="https://mastodon.social/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a></p>
Teri Radichel<p>Seeking signs of <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> posts on this platform. Or information on <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a> what’s causing <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>databreach</span></a> es and how to stop them.</p>
Marco Ciappelli🎙️✨:verified: :donor:<p>New On Location Coverage with Sean & Marco on ITSPmagazine</p><p>🚨 Cybersecurity in <a href="https://infosec.exchange/tags/Italy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Italy</span></a> 🇮🇹 : A Niche Topic No More... 🤔 </p><p>Not too long ago, if you mentioned <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> in Italy, you’d get a lot of blank stares. Today, it’s everywhere—boardrooms, government agencies, and, of course, <a href="https://infosec.exchange/tags/ITASEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITASEC</span></a>, Italy’s official cybersecurity conference.</p><p>This year, <a href="https://infosec.exchange/tags/ITASEC2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITASEC2025</span></a> took over Bologna, bringing together researchers, policymakers, and industry leaders to discuss what’s next for digital security. AI security, regulatory shifts, <a href="https://infosec.exchange/tags/cybereducation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybereducation</span></a> — yes, even the Digital Operational Resilience Act (<a href="https://infosec.exchange/tags/DORA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DORA</span></a>) that’s reshaping financial sector security—were all on the table.</p><p>Unfortunately I wasn’t in Italy at the time of the event, but that didn’t stop me from having a fascinating conversation with Professor Alessandro Armando, one of the key organizers and a leading voice in cybersecurity research. In this latest On Location episode. Of course, Sean Martin joined me and we spoke about:</p><p>🔹 How cybersecurity went from an afterthought to a national priority in Italy</p><p>🔹 Why companies are (finally) realizing that <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> is an <a href="https://infosec.exchange/tags/investment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>investment</span></a>, not just a cost</p><p>🔹 The rise of Cyber Challenge IT—Italy’s initiative to build the next generation of cybersecurity experts</p><p>🔹 And, of course, the big reveal… ITASEC 2026 is heading to Sardinia!</p><p>📺 Watch the Full Video: <a href="https://youtu.be/NsdkYAYZANc" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/NsdkYAYZANc</span><span class="invisible"></span></a></p><p>🎧 Listen to the Full Podcast: <a href="https://eventcoveragepodcast.com/episodes/cybersecurity-in-italy-itasec-2025-recap-future-outlook-with-professor-alessandro-armando-on-location-coverage-with-sean-martin-and-marco-ciappelli" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">eventcoveragepodcast.com/episo</span><span class="invisible">des/cybersecurity-in-italy-itasec-2025-recap-future-outlook-with-professor-alessandro-armando-on-location-coverage-with-sean-martin-and-marco-ciappelli</span></a></p><p>🔔 Subscribe to On Location Podcast: <a href="https://eventcoveragepodcast.com" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">eventcoveragepodcast.com</span><span class="invisible"></span></a></p><p>Cybersecurity isn’t just about stopping threats—it’s about shaping the future of how we live, work, and trust <a href="https://infosec.exchange/tags/technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>technology</span></a>.</p><p>What’s your take? Are we heading in the right direction, or are we still playing catch-up? </p><p><a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a>, <a href="https://infosec.exchange/tags/CyberRisk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberRisk</span></a>, <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AIsecurity</span></a>, <a href="https://infosec.exchange/tags/CyberThreats" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberThreats</span></a>, <a href="https://infosec.exchange/tags/CyberEducation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberEducation</span></a>, <a href="https://infosec.exchange/tags/CyberWorkforce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberWorkforce</span></a>, <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntel</span></a>, <a href="https://infosec.exchange/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EthicalHacking</span></a>, <a href="https://infosec.exchange/tags/PenTesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PenTesting</span></a>, <a href="https://infosec.exchange/tags/RiskManagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RiskManagement</span></a>, <a href="https://infosec.exchange/tags/CyberResilience" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberResilience</span></a>, <a href="https://infosec.exchange/tags/DataProtection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DataProtection</span></a>, <a href="https://infosec.exchange/tags/DigitalSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DigitalSecurity</span></a>, <a href="https://infosec.exchange/tags/CyberLaw" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberLaw</span></a>, <a href="https://infosec.exchange/tags/TechnologyNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechnologyNews</span></a>, <a href="https://infosec.exchange/tags/OnLocationPodcast" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OnLocationPodcast</span></a></p>
0x40k<p>Seriously, CSS for spam? Mind. Blown. 🤯 Ran into a situation today where CSS in emails caused total mayhem. It's crazy what people are doing with it!</p><p>Turns out, CSS, that styling language we all know, is getting abused. Think hidden text, user tracking – it's all happening! 😩 Who even considers that kind of stuff?</p><p>CSS isn't just about making things look pretty anymore. Spammers are using stuff like `text_indent` and `opacity` to hide content. Cisco Talos even exposed this. The danger? Phishing and tracking, mainly. The fix? Improved filters and privacy proxies are a good start.</p><p>It kinda reminds me of a pentest where we almost missed a CSS-based phishing page! Sometimes it's the small details that get you, right?</p><p>So, what's the craziest CSS trick you've ever seen used maliciously? I'm all ears! 🤔</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/emailsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>emailsecurity</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload