How social engineering works | Unlocked 403 cybersecurity podcast (S2E6)
Think you could never fall for an online scam? Think again.
Vulnerability Disclosure
7 articles
Supporting Rowhammer research to protect the DRAM ecosystem
Posted by Daniel Moghimi Rowhammer is a complex class of vulnerabilities across the industry. It is a hardware vulnerability in DRAM where repeatedly accessi...
Inline Style Exfiltration: leaking data with chained CSS conditionals
I discovered how to use CSS to steal attribute data without selectors and stylesheet imports! This means you can now exploit CSS injection via style attributes!
Drag and Pwnd: Leverage ASCII characters to exploit VS Code
Control characters like SOH, STX, EOT and ETX were never meant to run your code - but in the world of modern terminal emulators, they sometimes do.
Behind the Scenes: Fixing an In-the-Wild Firefox Exploit
At Mozilla, browser security is a critical mission, and part of that mission involves responding swiftly to new threats. Tuesday, around 8 AM Eastern time, w...
onwebkitplaybacktargetavailabilitychanged?! New exotic events in the XSS cheat sheet
The power of our XSS cheat sheet is we get fantastic contributions from the web security community and this update is no exception.
Making desync attacks easy with TRACE
Have you ever found an HTTP desync vulnerability that seemed impossible to exploit due to its complicated constraints?