Sophisticated Telegram Based Scam Designed to Fool Fragment Users 作者在Telegram的Fragment市场上出售用户名时遇到一名骗子，对方伪造Fragment界面试图诈骗。通过技术分析发现骗子网站与游戏项目关联，并怀疑运营者可能参与诈骗活动。... 2025-9-2 05:20:9 | 阅读: 16 | 收藏 | Over Security - Cybersecurity news aggregator - medium.com username ton fragment bid clearly

When CTF Meets Bug Bounty: A Critical UXSS in Opera Browser 作者在WACON CTF 2023中设计了一个浏览器挑战“operaaa”，参赛者jinu意外发现Opera浏览器中的一个严重跨站脚本（UXSS）漏洞。该漏洞通过GX.games中的重定向参数触发XSS攻击，并利用chrome.tabs接口泄露其他标签页的URL。结合OAuth流程，可接管用户账户。该漏洞影响 Opera PC、Mac 和 Linux 版本以及 Opera GX，并于2023年10月13日修复。... 2025-8-24 23:11:36 | 阅读: 9 | 收藏 | 0day Fans - medium.com opera tabs chrome gx victim

Tea App Hack: Disassembling The Ridiculous App Source Code By now, everyone has heard of the “Tea app” getting hacked: “Hackers leak 13,000 user photos and IDs... 2025-8-2 14:9:11 | 阅读: 16 | 收藏 | Over Security - Cybersecurity news aggregator - medium.com tea gossip disassemble teaforwomen dating

How I made $64k from deleted files — a bug bounty story Sharon Brizinov开发了一个自动化工具，扫描了数万个公开GitHub仓库，恢复了被删除的文件并搜索其中的泄露密钥和令牌。他发现了大量未撤销的API密钥和凭证，并通过报告漏洞获得了约6.4万美元的赏金。... 2025-7-11 14:27:57 | 阅读: 6 | 收藏 | Over Security - Cybersecurity news aggregator - medium.com github repository committed unreachable developers

HTML Injection to Stored XSS and Account Takeover 文章描述了一个复杂的漏洞链攻击过程：通过HTML注入结合jQuery的replaceWith方法，在目标网站上实现了存储型XSS，并最终导致账户接管。攻击者利用Cloudinary图片服务特性，在图片中嵌入恶意代码，窃取用户令牌并接管账户。... 2025-4-30 14:11:41 | 阅读: 9 | 收藏 | 0day Fans - medium.com pagination cloudinary remote payload jquery

VibeScamming — From Prompt to Phish: Benchmarking Popular AI Agents’ Resistance to the Dark Side 2025-4-9 13:16:7 | 阅读: 16 | 收藏 | Over Security - Cybersecurity news aggregator - medium.com

Stored XSS in My Flow To RCE in Opera Browser #2 2025-3-30 00:33:44 | 阅读: 18 | 收藏 | 0day Fans - medium.com

Reflected XSS In Main Search, WAF+Sanitizer Bypass Using 2 Reflections 2025-2-12 23:15:17 | 阅读: 7 | 收藏 | 0day Fans - medium.com

Client Side Path Traversal (CSPT) Bug Bounty Reports and Techniques 2025-1-24 21:2:56 | 阅读: 1 | 收藏 | 0day Fans - medium.com

“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of… 2024-12-16 14:16:44 | 阅读: 3 | 收藏 | Over Security - Cybersecurity news aggregator - medium.com

“CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack 2024-10-30 21:16:29 | 阅读: 1 | 收藏 | Over Security - Cybersecurity news aggregator - medium.com

Insider Secrets to Earning $100 to $250 in Bug Bounties 2024-9-3 03:44:26 | 阅读: 2 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - medium.com

“EchoSpoofing” — A Massive Phishing Campaign Exploiting Proofpoint’s Email Protection to Dispatch… 2024-7-29 21:2:29 | 阅读: 10 | 收藏 | Over Security - Cybersecurity news aggregator - medium.com

Web Application Firewall (WAF) Evasion Techniques 2024-6-6 23:0:41 | 阅读: 11 | 收藏 | Over Security - Cybersecurity news aggregator - medium.com

Detecting human users: Is there a way to block enumeration, fuzz or web scan? 2024-6-6 23:0:39 | 阅读: 8 | 收藏 | Over Security - Cybersecurity news aggregator - medium.com

Web Application Firewall (WAF) Evasion Techniques #2 2024-6-6 23:0:38 | 阅读: 12 | 收藏 | Over Security - Cybersecurity news aggregator - medium.com

PHP SSRF Techniques 2024-6-6 23:0:37 | 阅读: 10 | 收藏 | Over Security - Cybersecurity news aggregator - medium.com

Building A HackTheBox FluxCapacitor 2024-6-6 23:0:36 | 阅读: 8 | 收藏 | Over Security - Cybersecurity news aggregator - medium.com

Investigating Surfshark and NordVPN with JA4T 2024-5-18 21:9:29 | 阅读: 8 | 收藏 | Over Security - Cybersecurity news aggregator - medium.com

Capturing WPA2 handshakes on macOS Catalina with Bettercap 2024-4-7 06:45:31 | 阅读: 7 | 收藏 | Over Security - Cybersecurity news aggregator - medium.com